check before: 2025-09-01
Product:
Entra, Microsoft 365 admin center, Microsoft 365 Apps, Microsoft 365 Groups, Skype for Business, Teams
Platform:
Android, iOS, Mac, Online, Web, Windows Desktop, World tenant
Status:
Launched
Change type:
Admin impact, New feature, Updated message
Links:
Details:
Summary:
Microsoft Teams now allows admins to assign custom external access policies by user or group, enabling granular control over which external domains they can interact with. This feature, available via PowerShell during preview and later in the Teams admin center UI, supports five policy options for tailored external collaboration.
Details:
Updated September 19, 2025: We have updated the content. Thank you for your patience.
Introduction
We are introducing a new capability in Microsoft Teams external collaboration that allows Teams administrators to specify which users or groups within the organization can interact with specific external domains. This enhancement provides more granular control over external collaboration, enabling scenarios such as piloting with select departments, restricting high-risk roles, or enabling broader federation where appropriate.
This message is associated with Roadmap ID 501275.
When this will happen
Targeted Release: Begins early September 2025 and completes by mid-September 2025.
General Availability (Worldwide): Begins late October 2025 and completes by mid-December 2025.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
General Availability, Targeted Release
Created:
2025-09-09
updated:
2025-09-20
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
linked item details
XXXXXXX ... free basic plan only
summary for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
Granular Control Over External Access
Without preparation, users may face confusion regarding which external domains they can interact with, leading to potential miscommunication and collaboration issues.
- roles: Teams Administrators, End Users
- references: https://learn.microsoft.com/microsoftteams/trusted-organizations-external-meetings-chat?tabs=user-policies#configure-granular-domains-in-external-access-policies, https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=501275
Policy Misconfiguration
If policies are not properly configured before rollout, users may be blocked from necessary external communications, impacting project timelines and collaboration.
- roles: Teams Administrators, Project Managers
- references: https://learn.microsoft.com/microsoftteams/trusted-organizations-external-meetings-chat?tabs=user-policies#configure-granular-domains-in-external-access-policies, https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=501275
User Experience Disruption
Users may experience unexpected restrictions or permissions, leading to frustration and decreased productivity as they navigate new external access policies.
- roles: End Users, Support Staff
- references: https://learn.microsoft.com/microsoftteams/trusted-organizations-external-meetings-chat?tabs=user-policies#configure-granular-domains-in-external-access-policies, https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=501275
Increased Support Requests
Unprepared changes may lead to a surge in support requests as users encounter issues with external access, straining IT resources.
- roles: Support Staff, IT Administrators
- references: https://learn.microsoft.com/microsoftteams/trusted-organizations-external-meetings-chat?tabs=user-policies#configure-granular-domains-in-external-access-policies, https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=501275
Compliance Risks
Changes made without proper planning may lead to non-compliance with data protection regulations if sensitive information is shared with unapproved external domains.
- roles: Compliance Officers, Data Protection Officers
- references: https://learn.microsoft.com/microsoftteams/trusted-organizations-external-meetings-chat?tabs=user-policies#configure-granular-domains-in-external-access-policies, https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=501275
Configutation Options**
XXXXXXX ... paid membership only
Opportunities**
Granular External Access Control
By implementing custom external access policies, organizations can enhance security by allowing only specific groups or users to communicate with certain external domains. This helps in protecting sensitive information and mitigating risks associated with external collaboration.
- next-steps: Identify high-risk roles and departments that require restricted external access. Develop a pilot program to test the new policies before full implementation. Use PowerShell to configure the policies during the preview phase.
- roles: IT Administrators, Compliance Officers, Security Managers
- references: https://learn.microsoft.com/microsoftteams/trusted-organizations-external-meetings-chat?tabs=user-policies#configure-granular-domains-in-external-access-policies, https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=501275
Enhanced User Experience for External Collaboration
With the ability to define which external domains users can interact with, organizations can improve user experience by streamlining communication with trusted partners while reducing the clutter from unnecessary external interactions.
- next-steps: Survey users to identify their external collaboration needs. Based on feedback, configure policies that enhance their collaboration experience while maintaining security protocols.
- roles: Department Heads, Project Managers, Team Leaders
- references: https://learn.microsoft.com/microsoftteams/trusted-organizations-external-meetings-chat?tabs=user-policies#configure-granular-domains-in-external-access-policies, https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=501275
Compliance and Risk Management
Custom external access policies enable organizations to better comply with regulatory requirements by controlling who can communicate with external entities. This is crucial for industries with strict compliance standards.
- next-steps: Review compliance requirements relevant to your industry. Develop policies that align with these requirements and implement them through the Teams admin center once available.
- roles: Compliance Officers, Legal Advisors, Risk Management Teams
- references: https://learn.microsoft.com/microsoftteams/trusted-organizations-external-meetings-chat?tabs=user-policies#configure-granular-domains-in-external-access-policies, https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=501275
Potentional Risks**
XXXXXXX ... paid membership only
Data Protection**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
Hypothetical Work Council Statement**
XXXXXXX ... paid membership only
DPIA Draft**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
change history
| Date | Property | old | new |
| 2025-09-20 | MC Messages | Updated September 18, 2025: We have updated the content. Thank you for your patience.
Introduction We are introducing a new capability in Microsoft Teams external collaboration that allows Teams administrators to specify which users or groups within the organization can interact with specific external domains. This enhancement provides more granular control over external collaboration, enabling scenarios such as piloting with select departments, restricting high-risk roles, or enabling broader federation where appropriate. This message is associated with Roadmap ID 501275. When this will happen Targeted Release: Begins early September 2025 and completes by mid-September 2025. General Availability (Worldwide): Begins late October 2025 and completes by mid-December 2025. | Updated September 19, 2025: We have updated the content. Thank you for your patience.
Introduction We are introducing a new capability in Microsoft Teams external collaboration that allows Teams administrators to specify which users or groups within the organization can interact with specific external domains. This enhancement provides more granular control over external collaboration, enabling scenarios such as piloting with select departments, restricting high-risk roles, or enabling broader federation where appropriate. This message is associated with Roadmap ID 501275. When this will happen Targeted Release: Begins early September 2025 and completes by mid-September 2025. General Availability (Worldwide): Begins late October 2025 and completes by mid-December 2025. |
| 2025-09-20 | MC How Affect | Previously, external access settings could only be configured at the tenant level, with policy-level settings limited to either inheriting tenant settings or blocking all external domains. With this update, you can assign custom external access policies to users or groups with five configuration options:
Use organization settings: Inherits the tenant's default external access configuration Allow all external domains: All external organizations are trusted Allow only specific external domains: Only domains in the allow list are trusted Block only specific external domains: Domains in the block list are restricted; all others are trusted Block all: All external domains are blocked for users assigned to this policy Users assigned a custom policy may interact with different external domains than those defined in the organization-wide settings. What you can do to prepare Administrators should begin identifying users and groups that require differentiated external access and plan pilot scenarios accordingly. During the public preview, configuration must be done via PowerShell using the following cmdlets: Set-CsExternalAccessPolicy Set-CsTenantFederationConfiguration Note: Changes made through these cmdlets will not be reflected in the Teams admin center UI during the Targeted Release. Once the feature reaches general availability, the Teams admin center UI will support these configurations, allowing policy management via both PowerShell and the UI. Learn more: IT Admins - Manage external meetings and chat with people and organizations using Microsoft identities - Microsoft Teams | Microsoft Learn Compliance considerations Compliance AreaExplanation Admin control via Entra ID group membershipPolicies can be assigned to Entra ID groups for targeted external access control. | Previously, external access settings could only be configured at the tenant level, with policy-level settings limited to either inheriting tenant settings or blocking all external domains. With this update, you can assign custom external access policies to users or groups with five configuration options:
Use organization settings: Inherits the tenant's default external access configuration Allow all external domains: All external organizations are trusted Allow only specific external domains: Only domains in the allow list are trusted Block only specific external domains: Domains in the block list are restricted; all others are trusted Block all: All external domains are blocked for users assigned to this policy Users assigned a custom policy may interact with different external domains than those defined in the organization-wide settings. What you can do to prepare Administrators should begin identifying users and groups that require differentiated external access and plan pilot scenarios accordingly. During the public preview, configuration must be done via PowerShell using the following cmdlets: Set-CsExternalAccessPolicy Set-CsTenantFederationConfiguration Note: Changes made through these cmdlets will not be reflected in the Teams admin center UI during the Targeted Release. Once the feature reaches general availability, the Teams admin center UI will support these configurations, allowing policy management via both PowerShell and the UI. Learn more: IT Admins - Manage external meetings and chat with people and organizations using Microsoft identities - Microsoft Teams | Microsoft Learn Compliance considerations Compliance AreaExplanation Admin control via Entra ID group membershipPolicies can be assigned to Entra ID groups for targeted external access control. Compliance AreaExplanation Admin control via Entra ID group membership Policies can be assigned to Entra ID groups for targeted external access control. |
| 2025-09-20 | MC Last Updated | 09/18/2025 23:19:41 | 2025-09-19T15:13:03Z |
| 2025-09-20 | MC Summary | Microsoft Teams now lets admins assign custom external access policies by user or group, controlling which external domains they can interact with. This offers granular collaboration control beyond tenant-wide settings. Available via PowerShell in preview from September 2025, with full UI support by December 2025. | Microsoft Teams now allows admins to assign custom external access policies by user or group, enabling granular control over which external domains they can interact with. This feature, available via PowerShell during preview and later in the Teams admin center UI, supports five policy options for tailored external collaboration. |
| 2025-09-19 | MC prepare | https://learn.microsoft.com/microsoftteams/manage-external-access
https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=501275 | https://learn.microsoft.com/microsoftteams/trusted-organizations-external-meetings-chat?tabs=user-policies#configure-granular-domains-in-external-access-policies
https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=501275 |
| 2025-09-19 | MC MessageTagNames | New feature, Admin impact | Updated message, New feature, Admin impact |
| 2025-09-19 | MC Summary | Microsoft Teams will enable admins to assign custom external access policies by user or group, allowing specific control over which external domains they can interact with. This feature, available from September 2025, supports five policy options and will be manageable via PowerShell initially, then through the Teams admin center UI. | Microsoft Teams now lets admins assign custom external access policies by user or group, controlling which external domains they can interact with. This offers granular collaboration control beyond tenant-wide settings. Available via PowerShell in preview from September 2025, with full UI support by December 2025. |
| 2025-09-19 | MC Last Updated | 09/09/2025 01:31:37 | 2025-09-18T23:19:41Z |
| 2025-09-19 | MC Messages | Introduction
We are introducing a new capability in Microsoft Teams external collaboration that allows Teams administrators to specify which users or groups within the organization can interact with specific external domains. This enhancement provides more granular control over external collaboration, enabling scenarios such as piloting with select departments, restricting high-risk roles, or enabling broader federation where appropriate. This message is associated with Roadmap ID 501275. When this will happen Targeted Release: Begins early September 2025 and completes by mid-September 2025. General Availability (Worldwide): Begins late October 2025 and completes by mid-December 2025. | Updated September 18, 2025: We have updated the content. Thank you for your patience.
Introduction We are introducing a new capability in Microsoft Teams external collaboration that allows Teams administrators to specify which users or groups within the organization can interact with specific external domains. This enhancement provides more granular control over external collaboration, enabling scenarios such as piloting with select departments, restricting high-risk roles, or enabling broader federation where appropriate. This message is associated with Roadmap ID 501275. When this will happen Targeted Release: Begins early September 2025 and completes by mid-September 2025. General Availability (Worldwide): Begins late October 2025 and completes by mid-December 2025. |
| 2025-09-19 | MC Title | Teams Admin Center: Control External Access by Domain for Specific Users and Groups | (Updated) Teams Admin Center: Control External Access by Domain for Specific Users and Groups |
| 2025-09-19 | MC How Affect | Previously, external access settings could only be configured at the tenant level, with policy-level settings limited to either inheriting tenant settings or blocking all external domains. With this update, you can assign custom external access policies to users or groups with five configuration options:
Use organization settings: Inherits the tenant's default external access configuration Allow all external domains: All external organizations are trusted Allow only specific external domains: Only domains in the allow list are trusted Block only specific external domains: Domains in the block list are restricted; all others are trusted Block all: All external domains are blocked for users assigned to this policy Users assigned a custom policy may interact with different external domains than those defined in the organization-wide settings. What you can do to prepare Administrators should begin identifying users and groups that require differentiated external access and plan pilot scenarios accordingly. During the public preview, configuration must be done via PowerShell using the following cmdlets: Set-CsExternalAccessPolicy Set-CsTenantFederationConfiguration Note: Changes made through these cmdlets will not be reflected in the Teams admin center UI during the Targeted Release. Once the feature reaches general availability, the Teams admin center UI will support these configurations, allowing policy management via both PowerShell and the UI. Learn more: Manage external meetings and chat with people and organizations using Microsoft identities. Compliance considerations Compliance AreaExplanation Admin control via Entra ID group membershipPolicies can be assigned to Entra ID groups for targeted external access control. | Previously, external access settings could only be configured at the tenant level, with policy-level settings limited to either inheriting tenant settings or blocking all external domains. With this update, you can assign custom external access policies to users or groups with five configuration options:
Use organization settings: Inherits the tenant's default external access configuration Allow all external domains: All external organizations are trusted Allow only specific external domains: Only domains in the allow list are trusted Block only specific external domains: Domains in the block list are restricted; all others are trusted Block all: All external domains are blocked for users assigned to this policy Users assigned a custom policy may interact with different external domains than those defined in the organization-wide settings. What you can do to prepare Administrators should begin identifying users and groups that require differentiated external access and plan pilot scenarios accordingly. During the public preview, configuration must be done via PowerShell using the following cmdlets: Set-CsExternalAccessPolicy Set-CsTenantFederationConfiguration Note: Changes made through these cmdlets will not be reflected in the Teams admin center UI during the Targeted Release. Once the feature reaches general availability, the Teams admin center UI will support these configurations, allowing policy management via both PowerShell and the UI. Learn more: IT Admins - Manage external meetings and chat with people and organizations using Microsoft identities - Microsoft Teams | Microsoft Learn Compliance considerations Compliance AreaExplanation Admin control via Entra ID group membershipPolicies can be assigned to Entra ID groups for targeted external access control. |
Last updated 1 week ago ago
