Microsoft Teams: Microsoft PowerShell cmdlet to allow federation with specific trial tenant domains

Coming soon: We will introduce a new Microsoft Teams PowerShell setting in Tenant Federation Configuration to enable you to customize your federation posture. Tenant administrators will be able to define a list of external trial tenants to be whitelisted for federation, while maintaining the default block on overall federation with trial-only tenants.

When this will happen:

General Availability (Worldwide): The new setting is available now in Teams PowerShell. If populated, the allowed trial tenant domains list will start to take effect in mid-February 2025.

Note: This feature requires no immediate admin action, and there will be no impact if the list is not populated.

How this will affect your organization:

Microsoft Teams introduced a new PowerShell setting (-ExternalAccessWithTrialTenants) to the Set-CsTenantFederationConfiguration cmdlet in August 2024 that enabled blocking all external access with trial-only tenants.

Now, we’re introducing a new Tenant federation setting -AllowedTrialTenantDomains to enable more granularity in defining the federation posture for your organization. This setting will allow you to keep federation with trial-only tenants blocked, while explicitly allowing federation with trial tenant domains you trust and collaborate with for valid business needs.

Important notes

  • A “trial-only” tenant is defined as a tenant with a Teams service plan that has only Trial subscriptions (0 purchased licenses).
  • Cross-cloud experience: Currently, all cross-cloud communication involving trial-only tenants in public clouds is blocked by default. The AllowedTrialTenantDomains setting will not be supported for cross-cloud communication.
  • This setting is only supported in PowerShell.

What you need to do to prepare:

This rollout will happen automatically by the specified date with no admin action required before the rollout. You may want to notify your users about this change and update any relevant documentation.

  • Review your settings for external access to determine if you have a valid business need to allow federation with trial-only tenants and then prepare the whitelist.
  • Download or upgrade to the latest PowerShell package (6.7 or higher): https://www.powershellgallery.com/packages/MicrosoftTeams/
  • To block external communication with trial-only tenants, use: Set-CsTenantFederationConfiguration -ExternalAccessWithTrialTenants "Blocked"
  • To allow external communication with specific trial-only tenants, while blocking it by default for most trial-only tenants, use:

$list = New-Object Collections.Generic.ListString

$list.add("contoso.com")

$list.add("fabrikam.com")

Set-CsTenantFederationConfiguration -AllowedTrialTenantDomains $list

  • To remove tenants from the AllowedTrialTenantDomains list, use:

$list = New-Object Collections.Generic.ListString

$list.add("contoso.com")

Set-CsTenantFederationConfiguration -AllowedTrialTenantDomains @{Remove=$list}

  • To allow external communication with all trial-only tenants, use:

Set-CsTenantFederationConfiguration -ExternalAccessWithTrialTenants "Allowed"

Learn more

Message ID: MC994289


Comments are closed.


I've been working with Microsoft Technologies over the last ten years, mainly focused on creating collaboration and productivity solutions that drive the adoption of Microsoft Modern Workplace.