The Side-effects of Using Address Book Policies to Limit Teams Search

Exchange Online Address Book Policies

Exchange Address Book Policies (ABPs) lets organizations sub-divide the directory into multiple segments (represented by an ABP), each of which has a Global Address List (GAL), Offline Address Book (OAB), and other address lists. An ABP might be used to define users within a subsidiary company, or those who work in a certain country, or to divide students and teachers, and so on. Once an ABP is assigned to their mailbox, the user can only “see” other users who come within the scope of the ABP.

ABPs don’t create a watertight block against communication. A user limited by an ABP sees the other users defined by the ABP when they view the GAL or OAB, but they can always send email to people outside the ABP by addressing messages using SMTP addresses.

Using ABPs with Teams

Teams is an application built on top of many other parts of Office 365. As such, it shouldn’t come as a huge surprise that Teams uses Exchange ABPs to limit the ability of users to communicate with others within the same organization. There’s a lot of sense in this approach because if you have gone to the bother of defining ABPs for Exchange, you can reuse the same ABPs with Teams.

To enable ABPs for use with Teams, go to the org-wide settings section of the Teams Admin Center, select Teams settings, and scroll to the bottom of the list to move the Search by name slider to On (Figure 1). Then Save the updated settings. It will take some time for clients to become aware of the update and adjust their behavior.

Enabling the Search by name Teams org-wide setting to use ABPs
Figure 1: Enabling the Search by name Teams org-wide setting to use ABPs

When an ABP is in place, users won’t be able to use chat to communicate with users outside the scope of their assigned ABP. Also, users won’t be able to add people outside their assigned ABP as members of a team.

Discovery is Affected

What’s not known as well is that users cannot search or discover teams when ABPs are in use within a tenant. Normally, when you select the Join or create a team option, Teams displays a set of public and private teams that you might want to join. The list of suggestions is calculated by the Microsoft Graph based on signals from your activity (to know what you do) and the people you communicate with. For instance, if you chat regularly with five or six other people who are all members of a certain team, it’s likely that you might find that team interesting and so Teams will add it to its suggestions (Figure 2).

Teams suggests some teams for a user to join
Figure 2: Teams suggests some teams for me to join

However, when ABPs are in effect, Teams can’t come up with suggestions because it cannot filter the set of teams returned by the Graph using the scope applied to the user. At least, that’s my understanding of the issue. Because Teams can’t apply the scope, it simply ignores the suggestions and doesn’t suggest anything, meaning that the user nothing except the offer to join a team through a code (Figure 3).

 Teams can't suggest any teams for the user to join
Figure 3: Teams can’t suggest any teams for the user to join

Because Teams has no suggestions to make, it also removes the /Join command (to show a list of suggested teams to join) from the set you can type into the command box.

ABPs are designed for email and not for Teams, so it’s inevitable that applying ABPs to Teams would have some unusual consequences like this. You learn something new every day.


Need more information about how Teams works? Well, the best place we know of is Chapter 13 of the Office 365 for IT Pros eBook. The number of changes in Teams means that Chapter 13 is one of the chapters we update most frequently.

Advertisements

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.