One-line summary
Similar updates
More like thisDetails
Body (from Message Center)
Updated September 19, 2025: We have updated the content. Thank you for your patience.
Introduction
We are introducing a new capability in Microsoft Teams external collaboration that allows Teams administrators to specify which users or groups within the organization can interact with specific external domains. This enhancement provides more granular control over external collaboration, enabling scenarios such as piloting with select departments, restricting high-risk roles, or enabling broader federation where appropriate.
This message is associated with Roadmap ID 501275.
When this will happen
Targeted Release: Begins early September 2025 and completes by mid-September 2025.
General Availability (Worldwide): Begins late October 2025 and completes by mid-December 2025.
How this affects your organization
Previously, external access settings could only be configured at the tenant level, with policy-level settings limited to either inheriting tenant settings or blocking all external domains. With this update, you can assign custom external access policies to users or groups with five configuration options:
- Use organization settings: Inherits the tenant’s default external access configuration
- Allow all external domains: All external organizations are trusted
- Allow only specific external domains: Only domains in the allow list are trusted
- Block only specific external domains: Domains in the block list are restricted; all others are trusted
- Block all: All external domains are blocked for users assigned to this policy
Users assigned a custom policy may interact with different external domains than those defined in the organization-wide settings.
What you can do to prepare
Administrators should begin identifying users and groups that require differentiated external access and plan pilot scenarios accordingly.
During the public preview, configuration must be done via PowerShell using the following cmdlets:
Set-CsExternalAccessPolicySet-CsTenantFederationConfiguration
Note: Changes made through these cmdlets will not be reflected in the Teams admin center UI during the Targeted Release.
Once the feature reaches general availability, the Teams admin center UI will support these configurations, allowing policy management via both PowerShell and the UI.
Learn more:
Compliance considerations
| Compliance Area | Explanation |
|---|---|
| Admin control via Entra ID group membership | Policies can be assigned to Entra ID groups for targeted external access control. |
Raw JSON (for debugging)
Show/hide raw
{
"snapshot_item": {
"action_required_by": null,
"ai_action_required_by": null,
"ai_actions": [
"Identify users/groups needing differentiated external access",
"Plan pilot scenarios",
"Prepare to use PowerShell for configuration during preview"
],
"ai_master_tags": [],
"ai_model": "gpt-4.1",
"ai_summary": "Teams admins can now assign custom external access policies to users/groups, enabling granular control over which external domains they can interact with; GA rollout starts late October 2025.",
"ai_topics": [
"Teams",
"Entra"
],
"category": "planForChange",
"details_map": {
"Platforms": "Android, Desktop, iOS, Mac, Web",
"RoadmapIds": "501275",
"Summary": "Microsoft Teams now allows admins to assign custom external access policies by user or group, enabling granular control over which external domains they can interact with. This feature, available via PowerShell during preview and later in the Teams admin center UI, supports five policy options for tailored external collaboration."
},
"id": "MC1150123",
"importance": 5,
"is_major_change": true,
"last_modified": "2025-09-19T13:13:03Z",
"ms_products": [
"Teams"
],
"platforms": "Android, Desktop, iOS, Mac, Web",
"roadmap_ids": [
"501275"
],
"services": [
"Microsoft Teams"
],
"severity": "normal",
"tags": [
"Updated message",
"New feature",
"Admin impact"
],
"title": "(Updated) Teams Admin Center: Control External Access by Domain for Specific Users and Groups"
}
}