We came across a client that was unable to communicate out to people outside of the organization. A check of the Teams admin settings in the GUI showed that everything was configured properly but it didn’t work. Still we had to solve the problem. If you have a similar situation, here are the troubleshooting steps to take.
Verify that Teams is not in Islands mode
First using the Teams Admin center, verify that the Teams is not in Island Mode but has been upgraded to Teams Only. This upgrade can take 24 hours to happen.
https://admin.teams.microsoft.com/dashboard
Look in Org Side settings, then click on External access then later Teams upgrade.
Under external access both items should be set to ON as shown below. There will normally be no domains listed in the Add a domain box. This means that all domains are allowed to communicate with them. If there are any domains in the box then those are the only domains that they will be able to communicate with.
If there are domains in the list then there is your solution. Either remove them or add the new domain that they wish to not communicate with.
Check the Teams upgrade status
Make sure that it is set to Teams Only. Other modes exist to make your transition from Skype for Business phone system go smoother through various stages. If that isn’t you, then you should be in Teams only.
Check for domains in AllowedDomains
If oc-existance mode is set to Teams only and it is still not working. Next we want to verify using Powershell that the AllowDomains setting is equal to AllowAllKnownDomains as shown below. While you’re at it verify that all of the items match as shown below.
To run this powershell command you need to download the Skype powershell module. It is available here: https://www.microsoft.com/download/details.aspx?id=39366
Once you have that installed, open Windows Powershell remembering to run Windows Powershell as Administrator.
Import the module into powershell as show below and connect to the client’s tenant.
When successful you’ll get this:
Now check the federation status using the get command. Get-CsTenantFederationConfiguration If there is a list of domains in the AllowedDomains field, then proceed to remove them and replace with AllowAllKnownDomains. This is done in a single step.
Run these commands:
$x = New-CsEdgeAllowAllKnownDomains
Set – CsTenantFederationConfiguration -AllowedDomain $x
Then verify that it now looks correct as the screenshot above by running Get-CsTenantFederationConfiguration
Here is the documentation for the commandlet https://docs.microsoft.com/en-us/powershell/module/skype/new-csedgeallowallknowndomains?view=skype-ps
The External access should work. When I did this during the remote work flood of 2020 it took over night to take effect. If you are reading this during a time of normalcy rather than pandemic if should be faster.
Verify that you can invite people to remote meetings and they can join the remote meeting by opening Teams online. Go to Calendar, create new Meeting. Send an invitation to a public IP address like @gmail.com @yahoo.com address. Try to join the meeting from that address. Note: that you do not need to wait until the meeting time to attempt to join.
All we do is support IT professionals. Help for IT Pros, Super Secret News, Women in IT Scholarship program, Security community, Kits, papers and more. https://www.thirdtier.net
10 thoughts on “Microsoft Teams does not allow remote users to connect”
After February 15, this is not possible due to retirement for Skype for business Online PowerShell – how can I change the set-cstenantfederationconfiguration in Microsoft Teams PowerShell (the command does not exist)?
I just found out myself, last night, that you can’t get the Skype for Business powershell anymore. Unfortunately as you’ve found the Teams powershell is not a one for one replacement. So you’ll be stuck doing some things manually.
The old Skype for Business Online PowerShell module is no longer available for download by Microsoft. It’s now part of the #MicrosoftTeams PowerShell module. Just run “Update-Module MicrosoftTeams” if you have an older version already installed to get New-CsOnlineSession cmdlet
Hi Amy,
Not sure if you’ll see this, but I just wanted to thank you for this article. It still works with the Microsoft Teams powershell module, and I was able to use your guide as a reference to resolve an issue I’ve been trying to solve for at least three hours. I had unintentionally changed Teams External Access mode to ‘Allow Specific Domains’, and it’s seemingly impossible to change back to ‘Open Federation’ in any way aside from how you’ve explained it.
Some quick notes I had for anyone else who stumbles upon this.
– You’ll need to use the Microsoft Teams powershell module rather than skype for business
– The command is as written below (unfortunately there’s a syntax error in the article).
$x = New-CsEdgeAllowAllKnownDomains
Set-CsTenantFederationConfiguration -AllowedDomains $x
Thank you again Amy!
Thanks for the update on this. I’m glad that it worked for you.
Still helpful in November 2022 using Yusef’s comment and Amy’s spot on article. Huge thanks!
I’m glad that it helped Robert!
I tried these 2 commands and right after applying them I was able to find the EXTERNAL user.
30 seconds later it wasn’t working again. now it’s now working even if I redo the commands.
everything looks good configuration wise though…