Microsoft Teams: Control External Access by Domain for Specific Users and Groups

🚨 The Signal: Microsoft Teams now allows granular control over external access by domain, assignable to specific users or groups. This enhances security by enabling precise federation policies, moving beyond tenant-wide settings to reduce broad external communication risks.

The Impact

Security teams and Teams administrators are affected, gaining better control over external communication risks.

• Security Teams: Reduced risk of unauthorised data exfiltration via external Teams chats.
• Teams Administrators: Increased complexity in managing external access policies.
• High-Risk Roles: Enhanced protection against targeted external communication threats.
• Compliance Officers: Improved ability to demonstrate adherence to communication policies.

The Action

1. Review existing tenant-wide external access policies in Teams Admin Center.
2. Identify user groups or roles requiring specific external domain restrictions.
3. Create new custom external access policies with allow/deny lists for domains.
4. Assign custom policies to relevant users or groups via Teams Admin Center > Users > External Access Policies.
5. Monitor policy effectiveness and user feedback.

Domain: Teams · Impact: high · Workload: Teams