Teams Admin Center: Control External Access by Domain for Specific Users and Groups

Originally posted by Microsoft Sep 9, 2025 Uncategorized 0 Comments

Microsoft Teams will enable admins to assign custom external access policies by user or group, allowing specific control over which external domains they can interact with. This feature, available from September 2025, supports five policy options and will be manageable via PowerShell initially, then through the Teams admin center UI.

Introduction

We are introducing a new capability in Microsoft Teams external collaboration that allows Teams administrators to specify which users or groups within the organization can interact with specific external domains. This enhancement provides more granular control over external collaboration, enabling scenarios such as piloting with select departments, restricting high-risk roles, or enabling broader federation where appropriate.

This message is associated with Roadmap ID 501275.

When this will happen

Targeted Release: Begins early September 2025 and completes by mid-September 2025.

General Availability (Worldwide): Begins late October 2025 and completes by mid-December 2025.

How this affects your organization

Previously, external access settings could only be configured at the tenant level, with policy-level settings limited to either inheriting tenant settings or blocking all external domains. With this update, you can assign custom external access policies to users or groups with five configuration options:

  • Use organization settings: Inherits the tenant’s default external access configuration
  • Allow all external domains: All external organizations are trusted
  • Allow only specific external domains: Only domains in the allow list are trusted
  • Block only specific external domains: Domains in the block list are restricted; all others are trusted
  • Block all: All external domains are blocked for users assigned to this policy

Users assigned a custom policy may interact with different external domains than those defined in the organization-wide settings.

What you can do to prepare

Administrators should begin identifying users and groups that require differentiated external access and plan pilot scenarios accordingly.

During the public preview, configuration must be done via PowerShell using the following cmdlets:

  • Set-CsExternalAccessPolicy
  • Set-CsTenantFederationConfiguration

Note: Changes made through these cmdlets will not be reflected in the Teams admin center UI during the Targeted Release.

Once the feature reaches general availability, the Teams admin center UI will support these configurations, allowing policy management via both PowerShell and the UI.

Learn more: Manage external meetings and chat with people and organizations using Microsoft identities.

Compliance considerations

Compliance Area Explanation
Admin control via Entra ID group membership Policies can be assigned to Entra ID groups for targeted external access control.

Message ID: MC1150123

Comments are closed.

Joao Ferreira

I've been working with Microsoft Technologies over the last ten years, mainly focused on creating collaboration and productivity solutions that drive the adoption of Microsoft Modern Workplace.

%d bloggers like this: