![(Updated) Teams Admin Center: Control External Access by Domain for Specific Users and Groups [MC1150123]](https://mwpro.co.uk/wp-content/uploads/2024/08/pexels-asadphoto-1430675-1024x683.webp "(Updated) Teams Admin Center: Control External Access by Domain for Specific Users and Groups [MC1150123] 1")
Updated September 18, 2025: We have updated the content. Thank you for your patience.
Introduction
We are introducing a new capability in Microsoft Teams external collaboration that allows Teams administrators to specify which users or groups within the organization can interact with specific external domains. This enhancement provides more granular control over external collaboration, enabling scenarios such as piloting with select departments, restricting high-risk roles, or enabling broader federation where appropriate.
This message is associated with Roadmap ID 501275.
When this will happen
Targeted Release: Begins early September 2025 and completes by mid-September 2025.
General Availability (Worldwide): Begins late October 2025 and completes by mid-December 2025.
How this affects your organization
Previously, external access settings could only be configured at the tenant level, with policy-level settings limited to either inheriting tenant settings or blocking all external domains. With this update, you can assign custom external access policies to users or groups with five configuration options:
- Use organization settings: Inherits the tenant’s default external access configuration
- Allow all external domains: All external organizations are trusted
- Allow only specific external domains: Only domains in the allow list are trusted
- Block only specific external domains: Domains in the block list are restricted; all others are trusted
- Block all: All external domains are blocked for users assigned to this policy
Users assigned a custom policy may interact with different external domains than those defined in the organization-wide settings.
What you can do to prepare
Administrators should begin identifying users and groups that require differentiated external access and plan pilot scenarios accordingly.
During the public preview, configuration must be done via PowerShell using the following cmdlets:
Set-CsExternalAccessPolicySet-CsTenantFederationConfiguration
Note: Changes made through these cmdlets will not be reflected in the Teams admin center UI during the Targeted Release.
Once the feature reaches general availability, the Teams admin center UI will support these configurations, allowing policy management via both PowerShell and the UI.
Learn more:
Compliance considerations
| Compliance Area | Explanation |
|---|---|
| Admin control via Entra ID group membership | Policies can be assigned to Entra ID groups for targeted external access control. |
Source: Microsoft
<<< [MC1150123] Archive
Tooltip: View earlier revisions of this post
Latest Posts
- (Updated) Teams Admin Center: Control External Access by Domain for Specific Users and Groups [MC1150123]
- (Updated) Microsoft Teams | Know Your Customer (KYC) onboarding required for new phone number requests [MC1117815]
- (Updated) Microsoft Teams: Rule-based enablement of Microsoft 365 third-party apps in the Teams admin center [MC1085133]
- Second-generation AWS Outposts racks now supported in the AWS Canada (Central) and US West (N. California) Regions
