During a recent Microsoft 365 tenant to tenant migration project we ran into the following issue when troubleshooting external access (federation).
- External access (federation) not working after migrating to new Microsoft 365 tenant
- External Teams user tries to add contact or chat with a user in new tenant - user appears as Skype for Business user
Microsoft Teams admin center shows Org-wide settings | Teams upgrade | Coexistence mode as ‘Islands’
Attempt to assign in PowerShell yields more info about why you cannot change:
The important part of the screenshot:
“This organization cannot be upgraded to TeamsOnly at the tenant level because there is an on-premise deployment of Skype for Business detected in 1 or more of it sip domains”
Ah! While this tenant DID NOT have an on-premises deployment it did have several vanity (accepted) domains. Upon further review, some of the domains did not have the existing external DNS records - specifically 'lyncdiscover' as noted here:
In this note:
Specifically, "you cannot assign TeamsOnly mode as the tenant-wide default if you have any Skype for Business on-premises deployment (which is detected by presence of a lyncdiscover DNS record that points to a location other than Office 365.”
In reality, if the lyncdiscover record does not exist you cannot assign TeamsOnly mode as the tenant-wide default. Remember, in this case there were several vanity domains, and some did not have the corresponding lyncdiscover DNS record in external DNS.
Adding the lyncdiscover DNS record where it was missing resolved this issue.
This may not be exactly true since this tenant was created in September 2020 and initially only had the default tenant.onmicrosoft.com domain. The vanity domains were previously associated with a different tenant. During the migration cutover event the vanity domains were moved to the new tenant.
Did the Teams coexistence mode change then? I cannot say since I did not check until after the vanity domains were added.