Microsoft Teams is introducing a new admin control to block external access with Teams trial-only tenants to protect against malicious activities. The default setting will block such access 30 days after rollout, requiring admin action to allow federation with trial tenants. General availability is now, with blocking enforced from July 29, 2024. Admins should review settings and use PowerShell to configure the desired access level.
MC805200 – Coming soon to Microsoft Teams: We are introducing a new admin control to enable you to block external access (federation) with Teams trial-only tenants. Some malicious actors have used free Teams trials to launch phishing or abuse attacks against Teams users. With this setting you can add another layer of protection for users against some of these attacks.
By default, this new setting will block external access with trial-only tenants 30 days after the rollout is complete and will require explicit action from you if you wish to continue to federate with trial tenants.
When this will happen:
General Availability (Worldwide): Available now.
Blocking external access with trial-only tenants based on this setting will occur on July 29, 2024. If you take no action, the default value (Blocked) will be applied.
How this will affect your organization:
Teams PowerShell will support a new Tenant Federation setting -ExternalAccessWithTrialTenants
with the values Allowed
or Blocked
. When set to Blocked
, all external access with users from Teams subscriptions that contain only trial licenses will be blocked. This means users from these trial-only tenants will not be able to search or reach your users via chats, Teams calls, and meetings (using the users’ authenticated identity) and your users will not be able to reach users in these trial-only tenants. If this setting is set to Blocked
, users from the trial-only tenant will also be removed from any existing chats. The default setting will be to block external access with trial-only tenants.
Important Notes
-ExternalAccessWithTrialTenants
is set to Blocked
, trial-only tenants in the Allow list will be blocked. If this setting is set to Allowed
, all domains in the Allow list will be allowed.-ExternalAccessWithTrialTenants
setting has no impact.-ExternalAccessWithTrialTenants
setting is set to Blocked
, trial-only tenants not in the Block list will also be blocked. If set to Allowed
, this setting has no impact.What you need to do to prepare:
Review your settings for external access to determine if you need to change the default value for this new setting. To change this setting, install the latest PowerShell package (6.4.0) and use the Set-CsTenantFederationConfiguration
command to set the desired value when the setting is available:
Set-CsTenantFederationConfiguration -ExternalAccessWithTrialTenants "Allowed"
Set-CsTenantFederationConfiguration -ExternalAccessWithTrialTenants "Blocked"
Learn more
You may want to notify your admins about this change and update any relevant documentation as appropriate.
Previous Microsoft Teams Changelog Messages
Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.