(Updated) Teams Admin Center: Control External Access by Domain for Specific Users and Groups

Message Center ID: MC1150123
Microsoft Teams
Plan for Change
Major Change New feature Admin impact
September 2025 October 2025 November 2025 December 2025
Android Desktop iOS Mac Web

Summary

Microsoft Teams now allows admins to assign custom external access policies by user or group, enabling granular control over which external domains they can interact with. This feature, available via PowerShell during preview and later in the Teams admin center UI, supports five policy options for tailored external collaboration.

Details

Updated September 19, 2025: We have updated the content. Thank you for your patience.

Introduction

We are introducing a new capability in Microsoft Teams external collaboration that allows Teams administrators to specify which users or groups within the organization can interact with specific external domains. This enhancement provides more granular control over external collaboration, enabling scenarios such as piloting with select departments, restricting high-risk roles, or enabling broader federation where appropriate.

This message is associated with Roadmap ID 501275.

When this will happen

Targeted Release: Begins early September 2025 and completes by mid-September 2025.

General Availability (Worldwide): Begins late October 2025 and completes by mid-December 2025.

How this affects your organization

Previously, external access settings could only be configured at the tenant level, with policy-level settings limited to either inheriting tenant settings or blocking all external domains. With this update, you can assign custom external access policies to users or groups with five configuration options:

  • Use organization settings: Inherits the tenant’s default external access configuration
  • Allow all external domains: All external organizations are trusted
  • Allow only specific external domains: Only domains in the allow list are trusted
  • Block only specific external domains: Domains in the block list are restricted; all others are trusted
  • Block all: All external domains are blocked for users assigned to this policy

Users assigned a custom policy may interact with different external domains than those defined in the organization-wide settings.

What you can do to prepare

Administrators should begin identifying users and groups that require differentiated external access and plan pilot scenarios accordingly.

During the public preview, configuration must be done via PowerShell using the following cmdlets:

  • Set-CsExternalAccessPolicy
  • Set-CsTenantFederationConfiguration

Note: Changes made through these cmdlets will not be reflected in the Teams admin center UI during the Targeted Release.

Once the feature reaches general availability, the Teams admin center UI will support these configurations, allowing policy management via both PowerShell and the UI.

Learn more:

IT Admins - Manage external meetings and chat with people and organizations using Microsoft identities - Microsoft Teams | Microsoft Learn  

Compliance considerations

Compliance AreaExplanation
Admin control via Entra ID group membership Policies can be assigned to Entra ID groups for targeted external access control.
Compliance AreaExplanation Admin control via Entra ID group membership Policies can be assigned to Entra ID groups for targeted external access control.

Community Resources

MC1150123 - Commentary from 365MCS

MC1150123 - Commentary from 365MCS

Video

Related Roadmap Items

🗺️ Roadmap ID: 501275

Change History

Published: September 8, 2025
Last Updated: September 19, 2025
September 19, 2025 at 2:30 PM Updated
Summary
Previous
Microsoft Teams now lets admins assign custom external access policies by user or group, controlling which external domains they can interact with. This offers granular collaboration control beyond tenant-wide settings. Available via PowerShell in preview from September 2025, with full UI support by December 2025.
New
Microsoft Teams now allows admins to assign custom external access policies by user or group, enabling granular control over which external domains they can interact with. This feature, available via PowerShell during preview and later in the Teams admin center UI, supports five policy options for tailored external collaboration.
Last Updated Date
Previous
2025-09-18T21:19:41.787Z
New
2025-09-19T13:13:03.830Z
Body Content
Previous

Updated September 18, 2025: We have updated the content. Thank you for your patience.

Introduction

We are introducing a new capability in Microsoft Teams external collaboration that allows Teams administrators to specify which users or groups within the organization can interact with specific external domains. This enhancement provides more granular control over external collaboration, enabling scenarios such as piloting with select departments, restricting high-risk roles, or enabling broader federation where appropriate.

This message is associated with Roadmap ID 501275.

When this will happen

Targeted Release: Begins early September 2025 and completes by mid-September 2025.

General Availability (Worldwide): Begins late October 2025 and completes by mid-December 2025.

How this affects your organization

Previously, external access settings could only be configured at the tenant level, with policy-level settings limited to either inheriting tenant settings or blocking all external domains. With this update, you can assign custom external access policies to users or groups with five configuration options:

  • Use organization settings: Inherits the tenant’s default external access configuration
  • Allow all external domains: All external organizations are trusted
  • Allow only specific external domains: Only domains in the allow list are trusted
  • Block only specific external domains: Domains in the block list are restricted; all others are trusted
  • Block all: All external domains are blocked for users assigned to this policy

Users assigned a custom policy may interact with different external domains than those defined in the organization-wide settings.

What you can do to prepare

Administrators should begin identifying users and groups that require differentiated external access and plan pilot scenarios accordingly.

During the public preview, configuration must be done via PowerShell using the following cmdlets:

  • Set-CsExternalAccessPolicy
  • Set-CsTenantFederationConfiguration

Note: Changes made through these cmdlets will not be reflected in the Teams admin center UI during the Targeted Release.

Once the feature reaches general availability, the Teams admin center UI will support these configurations, allowing policy management via both PowerShell and the UI.

Learn more:

IT Admins - Manage external meetings and chat with people and organizations using Microsoft identities - Microsoft Teams | Microsoft Learn  

Compliance considerations

Compliance AreaExplanation
Admin control via Entra ID group membership Policies can be assigned to Entra ID groups for targeted external access control.
New

Updated September 19, 2025: We have updated the content. Thank you for your patience.

Introduction

We are introducing a new capability in Microsoft Teams external collaboration that allows Teams administrators to specify which users or groups within the organization can interact with specific external domains. This enhancement provides more granular control over external collaboration, enabling scenarios such as piloting with select departments, restricting high-risk roles, or enabling broader federation where appropriate.

This message is associated with Roadmap ID 501275.

When this will happen

Targeted Release: Begins early September 2025 and completes by mid-September 2025.

General Availability (Worldwide): Begins late October 2025 and completes by mid-December 2025.

How this affects your organization

Previously, external access settings could only be configured at the tenant level, with policy-level settings limited to either inheriting tenant settings or blocking all external domains. With this update, you can assign custom external access policies to users or groups with five configuration options:

  • Use organization settings: Inherits the tenant’s default external access configuration
  • Allow all external domains: All external organizations are trusted
  • Allow only specific external domains: Only domains in the allow list are trusted
  • Block only specific external domains: Domains in the block list are restricted; all others are trusted
  • Block all: All external domains are blocked for users assigned to this policy

Users assigned a custom policy may interact with different external domains than those defined in the organization-wide settings.

What you can do to prepare

Administrators should begin identifying users and groups that require differentiated external access and plan pilot scenarios accordingly.

During the public preview, configuration must be done via PowerShell using the following cmdlets:

  • Set-CsExternalAccessPolicy
  • Set-CsTenantFederationConfiguration

Note: Changes made through these cmdlets will not be reflected in the Teams admin center UI during the Targeted Release.

Once the feature reaches general availability, the Teams admin center UI will support these configurations, allowing policy management via both PowerShell and the UI.

Learn more:

IT Admins - Manage external meetings and chat with people and organizations using Microsoft identities - Microsoft Teams | Microsoft Learn  

Compliance considerations

Compliance AreaExplanation
Admin control via Entra ID group membership Policies can be assigned to Entra ID groups for targeted external access control.
Compliance AreaExplanation Admin control via Entra ID group membership Policies can be assigned to Entra ID groups for targeted external access control.
September 18, 2025 at 10:30 PM Updated
Title
Previous
Teams Admin Center: Control External Access by Domain for Specific Users and Groups
New
(Updated) Teams Admin Center: Control External Access by Domain for Specific Users and Groups
Summary
Previous
Microsoft Teams will enable admins to assign custom external access policies by user or group, allowing specific control over which external domains they can interact with. This feature, available from September 2025, supports five policy options and will be manageable via PowerShell initially, then through the Teams admin center UI.
New
Microsoft Teams now lets admins assign custom external access policies by user or group, controlling which external domains they can interact with. This offers granular collaboration control beyond tenant-wide settings. Available via PowerShell in preview from September 2025, with full UI support by December 2025.
Last Updated Date
Previous
2025-09-08T23:31:37.080Z
New
2025-09-18T21:19:41.787Z
Tags
Previous
New feature,Admin impact
New
Updated message,New feature,Admin impact
Body Content
Previous

Introduction

We are introducing a new capability in Microsoft Teams external collaboration that allows Teams administrators to specify which users or groups within the organization can interact with specific external domains. This enhancement provides more granular control over external collaboration, enabling scenarios such as piloting with select departments, restricting high-risk roles, or enabling broader federation where appropriate.

This message is associated with Roadmap ID 501275.

When this will happen

Targeted Release: Begins early September 2025 and completes by mid-September 2025.

General Availability (Worldwide): Begins late October 2025 and completes by mid-December 2025.

How this affects your organization

Previously, external access settings could only be configured at the tenant level, with policy-level settings limited to either inheriting tenant settings or blocking all external domains. With this update, you can assign custom external access policies to users or groups with five configuration options:

  • Use organization settings: Inherits the tenant’s default external access configuration
  • Allow all external domains: All external organizations are trusted
  • Allow only specific external domains: Only domains in the allow list are trusted
  • Block only specific external domains: Domains in the block list are restricted; all others are trusted
  • Block all: All external domains are blocked for users assigned to this policy

Users assigned a custom policy may interact with different external domains than those defined in the organization-wide settings.

What you can do to prepare

Administrators should begin identifying users and groups that require differentiated external access and plan pilot scenarios accordingly.

During the public preview, configuration must be done via PowerShell using the following cmdlets:

  • Set-CsExternalAccessPolicy
  • Set-CsTenantFederationConfiguration

Note: Changes made through these cmdlets will not be reflected in the Teams admin center UI during the Targeted Release.

Once the feature reaches general availability, the Teams admin center UI will support these configurations, allowing policy management via both PowerShell and the UI.

Learn more: Manage external meetings and chat with people and organizations using Microsoft identities.

Compliance considerations

Compliance AreaExplanation
Admin control via Entra ID group membership Policies can be assigned to Entra ID groups for targeted external access control.
New

Updated September 18, 2025: We have updated the content. Thank you for your patience.

Introduction

We are introducing a new capability in Microsoft Teams external collaboration that allows Teams administrators to specify which users or groups within the organization can interact with specific external domains. This enhancement provides more granular control over external collaboration, enabling scenarios such as piloting with select departments, restricting high-risk roles, or enabling broader federation where appropriate.

This message is associated with Roadmap ID 501275.

When this will happen

Targeted Release: Begins early September 2025 and completes by mid-September 2025.

General Availability (Worldwide): Begins late October 2025 and completes by mid-December 2025.

How this affects your organization

Previously, external access settings could only be configured at the tenant level, with policy-level settings limited to either inheriting tenant settings or blocking all external domains. With this update, you can assign custom external access policies to users or groups with five configuration options:

  • Use organization settings: Inherits the tenant’s default external access configuration
  • Allow all external domains: All external organizations are trusted
  • Allow only specific external domains: Only domains in the allow list are trusted
  • Block only specific external domains: Domains in the block list are restricted; all others are trusted
  • Block all: All external domains are blocked for users assigned to this policy

Users assigned a custom policy may interact with different external domains than those defined in the organization-wide settings.

What you can do to prepare

Administrators should begin identifying users and groups that require differentiated external access and plan pilot scenarios accordingly.

During the public preview, configuration must be done via PowerShell using the following cmdlets:

  • Set-CsExternalAccessPolicy
  • Set-CsTenantFederationConfiguration

Note: Changes made through these cmdlets will not be reflected in the Teams admin center UI during the Targeted Release.

Once the feature reaches general availability, the Teams admin center UI will support these configurations, allowing policy management via both PowerShell and the UI.

Learn more:

IT Admins - Manage external meetings and chat with people and organizations using Microsoft identities - Microsoft Teams | Microsoft Learn  

Compliance considerations

Compliance AreaExplanation
Admin control via Entra ID group membership Policies can be assigned to Entra ID groups for targeted external access control.

Never Miss a Microsoft 365 Update

Join thousands of IT professionals who rely on DeltaPulse for real-time Microsoft 365 change intelligence, automated notifications, and community insights.

View Full Details Sign Up Free