Should user roles be synchronised between Azure AD group and team in MS Teams?

Question

question

komatat asked May 20, '20 komatat commented May 27, '20

Should user roles be synchronised between Azure AD group and team in MS Teams?

There are several use cases when user roles are not synchronised between Azure AD and MS Teams, here are two examples with my expectations. Please let me know if they are correct or not, and if not - could I get the link to documentation with description of groups roles in Azure AD and MS Teams? Thanks.

Case 1

As User1 create new Team1 via MS Teams
In MS Teams: add User2 to Team1 and make them Owner
In Azure portal: go to Azure AD -> Groups -> Team1, check Owners and Members tabs << both users are listed in both lists as expected
In Azure portal: remove User1 from Owners list only

Actual result: User1 is removed from Owners and remains in Members in Azure as expected, but the team disappeared for the user in MS Teams

Expected result: I would expect for User1 to have access to the team as a Member

Case 2

As User1 create new Team1 via MS Teams
In Azure portal: go to Azure AD -> Grpups -> Team1, check Members and Owners tabs << User1 is listed under both of them and this looks to be correct
In Azure portal: add User2 to Owners list only << User2 is added to Owners list as expected, the user is also displayed as Owner in MS Teams
In MS Teams: change User2 role from Owner to Member

Actual result: User2 role has changed to Member in MS Teams, User2 is removed from Owners list in Azure and this looks expected. But User2 is not shown in Members in Azure as well.

Expected result: User2 should be added to Members in Azure portal

Regards,
Tanya

office-teams-windows-itpro azure-active-directory

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Answer 1 · 2020-05-25T16:12:07.113Z

ManuPhilip answered May 25, '20 komatat commented May 27, '20

Hello @komatat,
I did a complete analysis of the test cases you mentioned and looks like it's a Bug as of now in Teams app. Why I am sating it as a bug is, the team disappears from the app is presented in Teams Admin, Azure Admin and in PowerShell search.

So, I did some testing and found a way to resolve the issue. You can also adopt the approach until it is fixed by MS. There are many user complaints on the same topic already and hopefully, it will come as a fix asap as I guess

Create a dummy user contact in the Office 365 portal
When you see the issues in both cases, add the dummy user as a member to the teams from Teams admin portal. Make the dummy user as admin of the Teams. Change the dummy back to member. Quit Teams (Not close, make sure you quit) and re-open and you will see the team created back to the application. You can remove the dummy user from the team if needed.

Please mark as "Accept the answer" if the above steps helps you. Others with similar issues can also follow the solution as per your suggestion

Regards,

Manu

· 1

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

komatat · May 27, 2020 at 10:17 AM

Thank you, this would work as a workaround

1 ·

Answer 2 · 2020-05-20T16:47:11.41Z

michev answered May 20, '20

It might take some time before changes applied in one endpoint (say the Teams client) appear in other endpoints (Azure AD or Teams admin center). Your expectations are certainly right, just not immediately.

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Answer 3 · 2020-05-21T06:16:21.93Z

SharonZhao-MSFT answered May 21, '20

Hi komatat,

Agree with michev, I tested in my environment, it just needs time to take effect.

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Answer 4 · 2020-05-25T12:21:20.23Z

komatat answered May 25, '20 ManuPhilip commented May 25, '20

Hi michev, SharonZhao-9394,

Thanks for your replies but it still doesn't work for me, I don't see any changes after 1.5 hrs (retested with case 1) and this already looks like a huge delay.

And btw I've checked the team in MS Teams by User2 (who was not touched and has access to the team): as soon as User1 was removed from Owners list in Azure portal, message appeared in General channel in MS Teams saying that admin user has removed User1 from the team.

So it looks like some events (which look incorrect or at least incomplete) are coming to MS Teams immediately.

Therefore could I ask you to recheck once again?

If the behaviour is still deemed correct could you please confirm how much time it usually takes to synchronise?

Regards,
Tanya

· 1

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ManuPhilip · May 25, 2020 at 03:56 PM

Hello @komatat,

I did a complete analysis of the test cases you mentioned and looks like it's a Bug as of now in Teams app. Why I am sating it as a bug is, the team disappears from the app is presented in Teams Admin, Azure Admin and in PowerShell search.

So, I did some testing and found a way to resolve the issue. You can also adopt the approach until it is fixed by MS. There are many user complaints on the same topic already and hopefully, it will come as a fix asap as I guess

Create a dummy user contact in the Office 365 portal
When you see the issues in both cases, add the dummy user as a member to the teams from Teams admin portal. Make the dummy user as admin of the Teams. Change the dummy back to member. Quit Teams (Not close, make sure you quit) and re-open and you will see the team created back to the application. You can remove the dummy user from the team if needed.

Hope, the workaround helps !

Thanks,
Manu

1 ·

question