Skip to main content

βš™οΈπŸͺŸπŸ§‘β€πŸ’ΌπŸ”“CP - Teams - Allow other tenant sign-in

What this policy is for πŸͺ„​

The counterpart to
βš™οΈπŸͺŸπŸ§‘β€πŸ’ΌCP - Teams - Block other tenant sign-in.

While the block policy slams the door shut, this one hands out a key… but only to members of
πŸ›‘οΈπŸ§‘β€πŸ’ΌπŸ‘ˆπŸ”“Group - Multi tenant Teams Allowed users.

Why? πŸ€”β€‹

Sometimes you do need to log into another tenant:

  • You’re in the middle of a merger or acquisition and working in a shared Teams environment
  • There’s an ongoing cross-tenant migration with channels and files being moved
  • You’re on a temporary project inside a partner tenant

Without this policy, you’d be forced into messy workarounds (and we all know how that story ends…).

πŸ› οΈ Configuration​

Type: Settings Catalog

SettingStateDetails
Microsoft Teams β†’ Restrict sign in to Teams to accounts in specific tenants (User)DisabledRemoves the restriction so Teams can sign into any tenant

This opens Teams login for all tenants β€” but only for users who are explicitly assigned this policy.

πŸ’‘ SuperVision Tip​

Manage exceptions centrally via the
πŸ›‘οΈπŸ§‘β€πŸ’ΌπŸ‘ˆπŸ”“Group - Multi tenant Teams Allowed users.

With SuperVision:

  • Keep group names consistent across tenants
  • Add/remove members without touching Intune configs
  • Make your blueprint β€œexception-proof” without creating chaos

πŸ‘₯ Group Assignments​

βœ… Included:​

❌ Excluded:​

  • (none explicitly) β€” if they’re not in the group, they stay blocked.

πŸ“ Governance Check​

This is not a candy machine.
Only hand out access if:

  • There’s a documented business reason (merger, migration, project)
  • The customer has signed off in writing
  • You review membership regularly and close the door when it’s no longer needed

πŸ§žβ€β™‚οΈ Pro tip: Don’t give this key to everyone β€œjust in case.” That’s how you end up with a house party you didn’t plan.