In a recent migration project, we encountered a technical roadblock that appeared to defy the laws of Microsoft 365 configuration. The requirement was simple: enable external federation and chat between our client’s new tenant and their external partners.
On paper, this is a standard configuration. In reality, it became a deep-dive into the “hidden” logic of Microsoft’s backend.
The client was receiving the dreaded error: “We can’t set up the conversation because your organizations are not set up to talk to each other.” Despite having External Access set to “Allow all domains” in the Teams Admin Center and External Collaboration Settings in Microsoft Entra (Azure AD) wide open, the tenants remained silent.
The Troubleshooting Rabbit Hole
After exhausting the documentation and community blogs, we looked at the one variable that isn’t found in a configuration menu: The License Lifecycle.
The tenant was currently on a Microsoft 365 Trial Subscription.
And there was the main culprit.
While Microsoft documentation suggests that trials offer full functionality, there is a “reputation-based” restriction on new trial tenants. To prevent spam and malicious spoofing, Microsoft often restricts external federation for trial tenants.
The fix wasn’t a setting; it was a conversion.
- The Action: We converted the trial to a paid production subscription.
- The Result: Within 24 hours of the billing change, the federation “unlocked” on the backend. No further configuration changes were required.
The “Unknown User”: A Final Troubleshooting Note
During this project, we also encountered a secondary visual glitch: several active users were appearing as “Unknown User” within Teams chats and channels.
If you are seeing this, it’s usually not a configuration failure, but a byproduct of account lifecycle changes. According to Microsoft’s technical documentation, this happens by design when:
- An account has been recently deleted.
- An account was disabled and then re-enabled (common during migration testing).
The Fix: While Microsoft states this can take up to two weeks to resolve automatically, you can force this to the surface faster.
- Have the affected user sign out of Teams completely.
- Sign back in.
- The display name should update within 72 hours instead of 14 days.
Seems like an obvious issue now once it has been solved, but due to the technical layers of complexity one tends to jump straight into configuration troubleshooting without checking the basics like the subscription status. So if you are experiencing federation issues that bypass DNS and Admin Center logic, don’t forget to first check your subscription status.
