Microsoft Teams to Block Federated Communications with Trial-Only Tenants

Teams hero approved 2

Key Takeaways:

  • Microsoft Teams will soon feature a new setting to block federated communications with trial-only tenants by default.
  • The new setting will prevent users from trial-only tenants from initiating chats, calls, or meetings with other Microsoft Teams users.
  • IT administrators can override this default setting and allow communication with trial-only tenants using a PowerShell command.

Microsoft Teams is getting a new setting that will allow IT admins to block federated communications with trial-only Microsoft 365 tenants. This enhanced control aims to help organizations safeguard their users from phishing and abuse attacks by malicious actors.

A trial-only tenant is a tenant with a Teams service plan that exclusively uses trial subscriptions and has no purchased licenses. These temporary tenants can be exploited for malicious activities due to their lack of oversight. Threat actors can create trial tenants to send spam emails or phishing messages and even gain unauthorized access to sensitive organizational data.

To address this issue, Microsoft will block external access for trial-only tenants starting on July 29. This new setting, called ExternalAccessWithTrialTenants, will be set to “Blocked” by default. It will prevent users from these trial-only tenants from searching for or connecting with other users through Microsoft Teams chats, calls, or meetings.

Additionally, Microsoft Teams users from trial-only tenants will be removed from any existing chats. This new setting will not affect shared channels, guest access, or Anonymous Meeting joins in Teams.

“This new setting only controls external communication with trial-only tenants within the same Microsoft 365 cloud environment. When enforcement starts, users from trial-only tenants will be blocked by default from external communication with users in other Microsoft 365 cloud environments and with Microsoft Skype for Business server users,” Microsoft explained.

How to manage external communication with Trial-Only Tenants

Microsoft notes that this new setting will be set to “Blocked” by default. However, IT admins can allow external communication with trial-only tenants by running the command: Set-CsTenantFederationConfiguration -ExternalAccessWithTrialTenants “Allowed”.

Microsoft advises administrators to install the latest PowerShell package (version 6.4.0) to modify this setting. The company emphasizes that this capability will help administrators prevent abuse of trial accounts in enterprise environments.