![[Reminder] Microsoft Team: Review and update Tenant Federation setting to block external access with trial-only tenants [MC870997]](https://mwpro.co.uk/wp-content/uploads/2024/08/pexels-goumbik-296287-1024x683.webp)
As communicated in MC805200 Microsoft Teams: Tenant Federation setting to control external access with trial-only tenants (June 2024), we introduced a new admin control to enable you to block external access (federation) with Teams trial-only tenants. Some malicious actors have used free Teams trials to launch phishing or abuse attacks against Teams users. With this setting you can add another layer of protection for users against some of these attacks.
Between June 2024 and August 2024, we provided a 45-day window to allow you to review and update the setting before enforcement began. Now, by default, this new setting will block external access with trial-only tenants and requires explicit action from you to continue to federate with trial tenants.
[When this will happen:]
General Availability (Worldwide): Available now. Blocking or allowing external access with trial-only tenants with this setting was enabled August 15, 2024. If you missed MC805200, you can still manage the setting for your organization at any time.
[How this will affect your organization:]
Teams PowerShell now supports the new Tenant Federation setting -ExternalAccessWithTrialTenants with the values Allowed or Blocked. When set to Blocked, all external access with users from Teams subscriptions that contain only trial licenses will be blocked. This means users from these trial-only tenants will not be able to search or reach your users via chats, Teams calls, and meetings (using the users’ authenticated identity) and your users will not be able to reach users in these trial-only tenants. If this setting is set to Blocked, users from the trial-only tenant will also be removed from any existing chats. The default setting will be to block external access with trial-only tenants.
Important Notes
- A “trial-only” tenant is defined as a tenant with a Teams service plan that has only Trial subscriptions (0 purchased licenses).
- Shared Channels, Guest access and Anonymous Meeting joins will not be affected by this setting.
- This new setting only controls external communication with trial-only tenants within the same Microsoft 365 cloud environment. When enforcement starts, users from trial-only tenants
in public cloudswill be blocked by default from external communication with users in other Microsoft 365 cloud environments and with Microsoft Skype for Business server users. No admin control will exist to allow cross-cloud external communication with trial tenants. - If your tenant has enabled Allow only specific domains and specified domains in the Allow list, and if
-ExternalAccessWithTrialTenantsis set toBlocked, trial-only tenants in the Allow list will be blocked. If this setting is set toAllowed, all domains in the Allow list will be allowed. - If your tenant has enabled Block all external domains, the
-ExternalAccessWithTrialTenantssetting has no impact. - If your tenant has enabled Block specific domains and specified domains in the Block list, and if the
-ExternalAccessWithTrialTenantssetting is set toBlocked, trial-only tenants not in the Block list will also be blocked. If set toAllowed, this setting has no impact. - For two trial-only tenants to be able to federate, both of them need to have the
-ExternalAccessWithTrialTenantsset toAllowed.
[What you need to do to prepare:]
Review your settings for external access to determine if you need to change the default value for this new setting. To change this setting, install the latest PowerShell package (6.4.0) and use the Set-CsTenantFederationConfiguration command to set the desired value when the setting is available:
- Download or upgrade to the latest PowerShell package: https://www.powershellgallery.com/packages/MicrosoftTeams/
- To allow external communication with trial-only tenants, use this command:
Set-CsTenantFederationConfiguration -ExternalAccessWithTrialTenants "Allowed" - To block external communication with trial-only tenants, use this command:
Set-CsTenantFederationConfiguration -ExternalAccessWithTrialTenants "Blocked"
Learn more
- PowerShell cmdlet configuration: Set-CsTenantFederationConfiguration | Microsoft Learn
- Manage external communication: IT Admins – Manage external meetings and chat with people and organizations using Microsoft identities
You may want to notify your admins about this change and update any relevant documentation as appropriate.
Source: Microsoft
![Microsoft Outlook: Copy meeting attendee responses to clipboard [MC869929]](https://mwpro.co.uk/wp-content/uploads/2024/08/pexels-agk42-2599244.bak_-150x150.webp)
![Microsoft Outlook for the web: Third-party cookie block causes users to sign in again on Chrome and Edge [MC871011]](https://mwpro.co.uk/wp-content/uploads/2024/08/pexels-jplenio-1103970-150x150.webp)