question

komatat avatar image
0 Votes"
komatat asked ·

Should user roles be synchronised between Azure AD group and team in MS Teams?

There are several use cases when user roles are not synchronised between Azure AD and MS Teams, here are two examples with my expectations. Please let me know if they are correct or not, and if not - could I get the link to documentation with description of groups roles in Azure AD and MS Teams? Thanks.

Case 1

  1. As User1 create new Team1 via MS Teams

  2. In MS Teams: add User2 to Team1 and make them Owner

  3. In Azure portal: go to Azure AD -> Groups -> Team1, check Owners and Members tabs << both users are listed in both lists as expected

  4. In Azure portal: remove User1 from Owners list only

Actual result: User1 is removed from Owners and remains in Members in Azure as expected, but the team disappeared for the user in MS Teams

Expected result: I would expect for User1 to have access to the team as a Member

Case 2

  1. As User1 create new Team1 via MS Teams

  2. In Azure portal: go to Azure AD -> Grpups -> Team1, check Members and Owners tabs << User1 is listed under both of them and this looks to be correct

  3. In Azure portal: add User2 to Owners list only << User2 is added to Owners list as expected, the user is also displayed as Owner in MS Teams

  4. In MS Teams: change User2 role from Owner to Member

Actual result: User2 role has changed to Member in MS Teams, User2 is removed from Owners list in Azure and this looks expected. But User2 is not shown in Members in Azure as well.

Expected result: User2 should be added to Members in Azure portal

Regards,
Tanya

azure-active-directoryoffice-teams-windows-itpro
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

4 Answers

ManuPhilip avatar image
0 Votes"
ManuPhilip answered ·

Hello @komatat,
I did a complete analysis of the test cases you mentioned and looks like it's a Bug as of now in Teams app. Why I am sating it as a bug is, the team disappears from the app is presented in Teams Admin, Azure Admin and in PowerShell search.

So, I did some testing and found a way to resolve the issue. You can also adopt the approach until it is fixed by MS. There are many user complaints on the same topic already and hopefully, it will come as a fix asap as I guess

  1. Create a dummy user contact in the Office 365 portal

  2. When you see the issues in both cases, add the dummy user as a member to the teams from Teams admin portal. Make the dummy user as admin of the Teams. Change the dummy back to member. Quit Teams (Not close, make sure you quit) and re-open and you will see the team created back to the application. You can remove the dummy user from the team if needed.


Please mark as "Accept the answer" if the above steps helps you. Others with similar issues can also follow the solution as per your suggestion

Regards,

Manu


· 1 · Share
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

komatat avatar image komatat ·

Thank you, this would work as a workaround

1 Vote 1 ·
michev avatar image
0 Votes"
michev answered ·

It might take some time before changes applied in one endpoint (say the Teams client) appear in other endpoints (Azure AD or Teams admin center). Your expectations are certainly right, just not immediately.

· Share
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SharonZhao-MSFT avatar image
0 Votes"
SharonZhao-MSFT answered ·

Hi komatat,

Agree with michev, I tested in my environment, it just needs time to take effect.

· Share
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

komatat avatar image
0 Votes"
komatat answered ·

Hi michev, SharonZhao-9394,

Thanks for your replies but it still doesn't work for me, I don't see any changes after 1.5 hrs (retested with case 1) and this already looks like a huge delay.

And btw I've checked the team in MS Teams by User2 (who was not touched and has access to the team): as soon as User1 was removed from Owners list in Azure portal, message appeared in General channel in MS Teams saying that admin user has removed User1 from the team.

So it looks like some events (which look incorrect or at least incomplete) are coming to MS Teams immediately.

Therefore could I ask you to recheck once again?

If the behaviour is still deemed correct could you please confirm how much time it usually takes to synchronise?

Regards,
Tanya

· 1 · Share
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ManuPhilip avatar image ManuPhilip ·

Hello @komatat,

I did a complete analysis of the test cases you mentioned and looks like it's a Bug as of now in Teams app. Why I am sating it as a bug is, the team disappears from the app is presented in Teams Admin, Azure Admin and in PowerShell search.

So, I did some testing and found a way to resolve the issue. You can also adopt the approach until it is fixed by MS. There are many user complaints on the same topic already and hopefully, it will come as a fix asap as I guess

  1. Create a dummy user contact in the Office 365 portal

  2. When you see the issues in both cases, add the dummy user as a member to the teams from Teams admin portal. Make the dummy user as admin of the Teams. Change the dummy back to member. Quit Teams (Not close, make sure you quit) and re-open and you will see the team created back to the application. You can remove the dummy user from the team if needed.

Hope, the workaround helps !

Thanks,
Manu

1 Vote 1 ·