← Back
(Updated) Teams Admin Center: Control External Access by Domain for Specific Users and Groups
MC1150123 · build prod-20251231-200323
Category
planForChange
Severity
normal
Major change
True
Last modified
2025-09-19 13:13:03
Summary source
Azure OpenAI (gpt-4.1)
Action by (Graph)
Action by (AI)
Services
Microsoft Teams
Tags
Updated message, New feature, Admin impact
Master tags
User, Admin, Security
Roadmap IDs
501275

One-line summary

Teams admins can now assign custom external access policies to users/groups, enabling granular control over which external domains they can interact with; GA rollout starts late October 2025.

Similar updates

More like this
MC1133508 (Updated) Microsoft Teams Integration with Microsoft Defender for Office Tenant Allow/Block List for blocking domains
(Updated) Microsoft Teams Integration with Microsoft Defender for Office Tenant Allow/Block List for blocking domains Security admins can now manage blocked external domains in Teams via Defender portal using Tenant Allow/Block List; Teams admi... Introduction We're introducing a new integration between Microsoft Teams and Microsoft Defender for.
MC1183006 (Updated) Introducing simplified admin controls to manage external collaboration in Teams admin center
(Updated) Introducing simplified admin controls to manage external collaboration in Teams admin center Teams admin center adds a streamlined experience for managing external collaboration with Open, Controlled, and Custom modes, rolling out worldwide February 2026. Updated February 17, 2026: We have updated t... [Introduction:] We’re introducing.
MC1181772 (Updated) Microsoft Teams: Secure file and Loop sharing in external 1:1, group and meeting chats
(Updated) Microsoft Teams: Secure file and Loop sharing in external 1:1, group and meeting chats Teams now enables automatic file and Loop sharing with external chat users. ...unication method between tenants Enables file sharing in external chats, expanding cross-tenant collaboration Admin control available Admins can disable the feature via.
MC1200058 Microsoft Defender for Office 365: Admins can block external users in Microsoft Teams from Defender Portal
(Updated) Microsoft Defender for Office 365: Admins can block external users in Microsoft Teams from Defender Portal Security admins can manage blocked external users and domains in Teams via the Defender portal Tenant Allow/Block List starting mid-February 2026, enhancing centralized access control. ...crosoft Teams and Microsoft Defender for.
MC1102784 Microsoft Teams on the web: New Private Preview for Sign in with Apple and Google for consumers may affect enterprise
Microsoft Teams on the web: New Private Preview for Sign in with Apple and Google for consumers may affect enterprise Teams web sign-in will add Apple and Google login options for consumer Microsoft accounts; change is on hold with no set release date. Updated November 24, 2025: This change is currently on hold. We will communicate via Message.
MC1187679 Microsoft Teams: Protection against tenant-owned domain impersonation in Teams chat
Microsoft Teams: Protection against tenant-owned domain impersonation in Teams chat Teams will soon alert users of external chat attempts impersonating tenant-owned domains, enhancing security for organizations with external access enabled. Feature is on by default an... [Introduction:] Coming soon to Microsoft Teams : A new security feature to.

Details

RoadmapIds
501275
Summary
Microsoft Teams now allows admins to assign custom external access policies by user or group, enabling granular control over which external domains they can interact with. This feature, available via PowerShell during preview and later in the Teams admin center UI, supports five policy options for tailored external collaboration.
Platforms
Android, Desktop, iOS, Mac, Web

Body (from Message Center)

Updated September 19, 2025: We have updated the content. Thank you for your patience.

Introduction

We are introducing a new capability in Microsoft Teams external collaboration that allows Teams administrators to specify which users or groups within the organization can interact with specific external domains. This enhancement provides more granular control over external collaboration, enabling scenarios such as piloting with select departments, restricting high-risk roles, or enabling broader federation where appropriate.

This message is associated with Roadmap ID 501275.

When this will happen

Targeted Release: Begins early September 2025 and completes by mid-September 2025.

General Availability (Worldwide): Begins late October 2025 and completes by mid-December 2025.

How this affects your organization

Previously, external access settings could only be configured at the tenant level, with policy-level settings limited to either inheriting tenant settings or blocking all external domains. With this update, you can assign custom external access policies to users or groups with five configuration options:

  • Use organization settings: Inherits the tenant’s default external access configuration
  • Allow all external domains: All external organizations are trusted
  • Allow only specific external domains: Only domains in the allow list are trusted
  • Block only specific external domains: Domains in the block list are restricted; all others are trusted
  • Block all: All external domains are blocked for users assigned to this policy

Users assigned a custom policy may interact with different external domains than those defined in the organization-wide settings.

What you can do to prepare

Administrators should begin identifying users and groups that require differentiated external access and plan pilot scenarios accordingly.

During the public preview, configuration must be done via PowerShell using the following cmdlets:

  • Set-CsExternalAccessPolicy
  • Set-CsTenantFederationConfiguration

Note: Changes made through these cmdlets will not be reflected in the Teams admin center UI during the Targeted Release.

Once the feature reaches general availability, the Teams admin center UI will support these configurations, allowing policy management via both PowerShell and the UI.

Learn more:

IT Admins - Manage external meetings and chat with people and organizations using Microsoft identities - Microsoft Teams | Microsoft Learn  

Compliance considerations

Compliance AreaExplanation
Admin control via Entra ID group membership Policies can be assigned to Entra ID groups for targeted external access control.
Compliance AreaExplanation Admin control via Entra ID group membership Policies can be assigned to Entra ID groups for targeted external access control.

Raw JSON (for debugging)

Expand/collapse the full payload below.
Show/hide raw 
{
  "snapshot_item": {
    "action_required_by": null,
    "ai_action_required_by": null,
    "ai_actions": [
      "Identify users/groups needing differentiated external access",
      "Plan pilot scenarios",
      "Prepare to use PowerShell for configuration during preview"
    ],
    "ai_master_tags": [
      "User",
      "Admin",
      "Security"
    ],
    "ai_model": "gpt-4.1",
    "ai_summary": "Teams admins can now assign custom external access policies to users/groups, enabling granular control over which external domains they can interact with; GA rollout starts late October 2025.",
    "ai_topics": [
      "Teams",
      "Entra"
    ],
    "category": "planForChange",
    "details_map": {
      "Platforms": "Android, Desktop, iOS, Mac, Web",
      "RoadmapIds": "501275",
      "Summary": "Microsoft Teams now allows admins to assign custom external access policies by user or group, enabling granular control over which external domains they can interact with. This feature, available via PowerShell during preview and later in the Teams admin center UI, supports five policy options for tailored external collaboration."
    },
    "id": "MC1150123",
    "importance": 5,
    "is_major_change": true,
    "last_modified": "2025-09-19T13:13:03Z",
    "ms_products": [
      "Teams"
    ],
    "platforms": "Android, Desktop, iOS, Mac, Web",
    "roadmap_ids": [
      "501275"
    ],
    "services": [
      "Microsoft Teams"
    ],
    "severity": "normal",
    "tags": [
      "Updated message",
      "New feature",
      "Admin impact"
    ],
    "title": "(Updated) Teams Admin Center: Control External Access by Domain for Specific Users and Groups"
  }
}