๐ก๏ธ๐งโ๐ผ๐๐Group - Multi tenant Teams Allowed users
What this group is for ๐ฏโ
This is the exception group linked to:
- โ๏ธ๐ช๐งโ๐ผCP - Teams - Block other tenant signin
- โ๏ธ๐ช๐งโ๐ผ๐CP - Teams - Allow other tenant signin
Members of this group are explicitly allowed to sign into Microsoft Teams with accounts from other tenants.
When to use it (and when not to) ๐งโ
Legitimate use cases include:
- Mergers & acquisitions โ joint Teams collaboration before a full migration
- Cross-tenant migrations โ staged moves where users need temporary access to both tenants
- Partner or supplier projects โ close collaboration in a shared environment
๐ซ Not a use case:
- โI just want to check my old work accountโ
- โI have a friend in another company and itโs easier this wayโ
- Anything that sounds like โjust for nowโ without a documented plan
Governance Notes ๐โ
This group should:
- Have written customer approval for each member
- Be reviewed regularly to remove stale access
- Be empty by default in most tenants
Think of it like a secure keycard โ if youโre not actively walking through that door, you shouldnโt be holding one.
๐ก SuperVision Tipโ
SuperVision can:
- Keep this groupโs name consistent across all tenants
- Let you manage membership centrally without editing the Intune policy
- Automatically remove users when a project or migration ends
Final Thoughts ๐โ
Exception groups are like sharp tools โ theyโre great in the right hands, but dangerous if left lying around.
Use them:
- With purpose
- With documentation
- And with a healthy dose of skepticism