Joining Microsoft Teams Meetings: GCC High vs. Commercial

7 min readOct 27, 2020

Are you holding or processing controlled unclassified information (CUI) as a DoD contractor? If so, you should already be intimately familiar with DFARS 7012, NIST 800–171, and CMMC.

Assuming you are, and you are using (or considering) Microsoft 365 Government service descriptions to help meet DoD requirements, you’re also probably familiar with the fact that your GCC High tenant just doesn’t work quite the same as the Commercial tenant you may be used to.

Microsoft calls these “feature nuances”; my clients call them frustrations.

It is surprisingly hard to figure out exactly what those “feature nuances” are. Microsoft’s documentation has lists in various places, and they publish a roadmap that can be used to deduce others, but when it comes down to it, it’s often just trial and error.

This week’s conundrum is whether a company using GCC High can hold meetings with non-GCC High users or not, and if so, what are the limitations?Another of Microsoft’s lists describe what features are available within each of the different service descriptions, but not much on what happens between them.

Hosting and joining Microsoft Teams meetings across Tenant Types

If you’re considering using GCC High Teams for your video and audio conferencing needs, what can you expect? Chances are you have customers, suppliers, or partners that are not in GCC High. Will you be able to meet with them, and if so, with what limitations? This week, I tested out the mechanics of hosting and joining meetings across tenant types. (I’m not comparing functionality once you’re in a meeting; that’s a topic for another day.)

Long story short: if your meeting crosses between GCC High and Commercial tenants, the lowest common denominator is to tell guests outside your company to join from a desktop or laptop (or dial in for an audio-only experience).

What else works?

Now for the long story: It is possible to join meetings that cross tenant types from any device that supports Teams, but with varying levels of ‘tech-savvy’ required. The columns below represent which tenant type initiated the meeting. The rows represent where and how attendees join.

Spreadsheet comparing user experience when joining Microsoft Teams meetings from various types of devices. — Comparison of Join Meeting experience for GCC High and Commercial tenant users on different devices.

I didn’t add specific comparisons for invitees without a Teams account, because unauthenticated users joining a meeting are considered “Guests”, regardless of who hosts the meeting. Joining as a Guest is a pretty low-friction experience. Simply enter your name when prompted and click to join the meeting. Guests join to the lobby by default, and show up in the attendee list with “(Guest)” appended to their name so it’s clear there are non-authenticated users joining.

(Did you catch what I said there? Guests are not authenticated. Guests can enter any name they want. It is up to the person/people admitting attendees from the lobby to check that the reported name is even invited to the meeting, and/or to remove people who turn out not to be who they said they were. Be sure your users are aware of this, and include this in your user awareness and anti-social engineering training.)

Join a meeting hosted by your own tenant type (from any device) — Easiest

As you might expect, if you stay in the top-left or bottom-right quadrant (e.g. you’re joining a meeting hosted by a user in the same type of tenant your user is in) joining the meeting “just works” for all the devices I tested.

If you didn’t know about “feature nuances”, this is probably what you would “expect” to happen for anyone using Teams joining any other Teams meeting.

But, we know better. Joining meetings across service descriptions is just like joining as a Guest, but harder: different versions (Desktop vs Mobile, Android vs. iOS) of Teams behave differently, and even the same app behaves differently depending on what tenant you are signed in to.

Joining across tenant types on a desktop/laptop — Mostly Easy

If you join a Teams meeting on a desktop operating system (Windows 10 or Mac OS X), the Teams app will prompt you to copy the meeting link and join from a browser:

Screenshot of Microsoft Teams’ “Join as a guest” prompt, with a button to copy meeting link to clipboard. — Teams’ prompt to join in a browser

Clicking the ‘Copy link’ button does exactly what you’d expect, and you can switch to Chrome or Edge and paste in the link. The trick is that when you do, the browser wants you to open the link in the Microsoft Teams:

Web browser prompt to open a link in another application — Browser prompt to open the link in Teams

The trick is to click ‘Cancel’ so you can choose ‘Continue on this browser’. This launches you into the join as Guest flow and you can join the meeting in the browser.

Webpage that prompts, “How do you want to join this meeting”. — Browser page that loads behind the prompt to open in Teams.

Another “gotcha” is that if you’ve previously checked off ‘Always allow teams.microsoft.com to open links in the associated app’, the browser will automatically switch you back to Teams, which will (again) prompt you to join as a guest by copying the link into the browser. If you don’t realize this redirect loop is happening, you might not think to switch back to the browser and look for the ‘Continue on this browser’ button. All in all, not too hard, but a little user training might be in order.

Joining a GCC High meeting as a Commercial user on mobile — Mostly Easy

The Teams mobile apps are where things get a little harder. If you’re signed in to a Commercial Tenant and joining a GCC High meeting, you’ll get an extra prompt or two, but joining and participating in a meeting is really easy.

On Android, you get a prompt like this:

Screenshot of “External Meeting” prompt with “Join meeting” button. — Commercial user joining GCC High Meeting on Android

On an Apple device, you’ll get one like this:

Screenshot of “Sign out to join” prompt with “Sign out and join” button. — Commercial user joining GCC High Meeting on iOS

On either device, tapping the appropriate button will bring you to the Guest join flow — enter your name and tap to join. As you leave the meeting you’ll have some extra prompts warning that you’ll lose access to the chat history after you’re gone.

The catch (or not) is what happens after you’ve fully left the meeting:

Android users go right back to Teams as before, automatically signed back into your commercial tenant account.
Apple users are actually fully signed out of their commercial account before joining the meeting, so to get back to their Teams, they’ll have to sign back in again.

Joining a Commercial meeting as a GCC High user on mobile — Difficult

Things get weird when you’re signed into a GCC High account on a mobile device and try to join a Commercial Teams meeting. When joining the meeting, you’ll get the same prompts as above, but you can’t actually join — The meeting connects, but then immediately disconnects. You can try to rejoin, but the same thing happens, or your app might crash.

The only way to work around this is to exit the meeting and sign out of Teams (Settings > Sign Out) before clicking ‘Join’ on the meeting invite in Outlook.

Joining a GCC High meeting while signed in to more than one account on iOS/iPadOS — Difficult

Another oddity happens if you’re on an Apple mobile device and signed into more than one Commercial tenant account. Instead of being prompted to ‘Sign Out and Join’, you get the following:

Since your only option is ‘OK’, you’re stuck unless you know to switch to each account one by one and choose ‘Settings > Sign Out’.

(Or, you can sign out of all but one account, force quit the app, relaunch it, and then join the meeting using the “Sign out and Join” prompt as above. But you’re going to get signed out of that last account anyway, so you may as well just sign out of them all in the first place.)

Again, after attending your GCC High meeting, you need to remember to sign back in to all those accounts.

Wrap Up

While I’m trying to be a little lighthearted in this article, I’m not trying to take a jab at Microsoft here. They’re delivering an incredibly complex, powerful ecosystem of services to a highly regulated customer base, and it’s just the nature of the beast that there are going to be tradeoffs. The GCC High environment just tends to have some feature lag behind commercial offerings, and it’s sometimes hard to keep things straight.

Hopefully I’ve helped clear up some questions you might have had about Teams and GCC High. Knowing what you know now, would you:

Accept the limitations of GCC High Teams meetings and use it for all your meetings? Teams is already well-integrated with the rest of your GCC High environment, and chances are you’re already paying for it.
Find a different conference/video call platform altogether? Remember that if you’re going to be sharing/discussing CUI, DFARS 7012 requirements apply.
Adopt a hybrid approach, using Teams for internal meetings and/or meetings involving CUI, and use something else for other meetings?
Something else??

What do you think? I’d love to hear your feedback and comments. Leave a response on Medium, or follow me on LinkedIn or Twitter.

Testing Notes:

Android testing was done on Android 11 with Teams version 1416/1.0.0.2020100901
Apple mobile devices were running 14.0.1 (18A393) with Teams Version 2.0.24 Build 1.077.2020101604
Mac OS was version 10.15.6 (19G2021) with Teams 1.3.00.24758.
Windows version was Windows 10 Enterprise LTSC 2019 (Version 1809 Build 17763.1518) with Teams 1.3.00.24755 (64-bit).