MC1200058 – Microsoft Defender for Office 365: Admins can block external users in Microsoft Teams from Defender Portal

Product:

Defender, Defender for Office 365, Microsoft 365 admin center, Teams

Platform:

Online, Web, World tenant

Status:

In development

Change type:

New feature, Admin impact

Links:

542189

Details:

Summary:
Admins can now block external users in Microsoft Teams via the Tenant Allow/Block List in the Microsoft Defender portal, controlling access and communications. This feature, rolling out January 2026, supports up to 4,000 domains and 200 emails, with audit logging and no impact on existing Teams settings.

Details:
[Introduction]
We're introducing an integration between Microsoft Teams and Microsoft Defender for Office 365 that allows security admins to manage blocked external users in Teams through the Tenant Allow/Block List (TABL) in the Microsoft Defender portal. This centralized approach enhances security and compliance by enabling organizations to control external user access across Microsoft 365 services.
This message is associated with Roadmap ID 542189.
[When this will happen:]
General Availability (Worldwide): Rollout begins early January 2026 and is expected to complete by mid-January 2026.

Change Category:
XXXXXXX ... free basic plan only

Scope:
XXXXXXX ... free basic plan only

Release Phase:
General Availability

Created:
2025-12-19

updated:
2025-12-19

Task Type

XXXXXXX ... free basic plan only

Docu to Check

XXXXXXX ... free basic plan only

MS How does it affect me

XXXXXXX ... free basic plan only

MS Preperations

XXXXXXX ... free basic plan only

MS Urgency

XXXXXXX ... free basic plan only

MS workload name

XXXXXXX ... free basic plan only

linked item details

XXXXXXX ... free basic plan only

Pictures

XXXXXXX ... free basic plan only

summary for non-techies**

XXXXXXX ... free basic plan only

Direct effects for Operations**

Blocking External Users
If the change is implemented without preparation, security admins may inadvertently block legitimate external communications, leading to disruptions in collaboration and project timelines.
   - roles: Security Admin, Project Manager
   - references: https://learn.microsoft.com/microsoft-365/security/office-365-security/tenant-allow-block-list, https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=542189

Audit Logging and Compliance
Without proper preparation, the audit logs may not be correctly configured, leading to compliance issues and difficulties in tracking blocked communications.
   - roles: Compliance Officer, Security Admin
   - references: https://learn.microsoft.com/microsoft-365/security/office-365-security/tenant-allow-block-list, https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=542189

User Experience
Users may experience confusion and frustration if they suddenly cannot communicate with external partners, impacting productivity and morale.
   - roles: End User, Team Leader
   - references: https://learn.microsoft.com/microsoft-365/security/office-365-security/tenant-allow-block-list, https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=542189

Configutation Options**

XXXXXXX ... paid membership only

Opportunities**

Centralized User Management
The integration of Microsoft Teams with Microsoft Defender for Office 365 allows security admins to manage external user access from a single portal, streamlining user management and enhancing security compliance. This centralization can reduce administrative overhead and improve response times to security threats.
   - next-steps: Train security admins on using the Tenant Allow/Block List effectively and develop internal protocols for regular review of blocked users and domains.
   - roles: Security Admins, IT Managers, Compliance Officers
   - references: https://learn.microsoft.com/microsoft-365/security/office-365-security/tenant-allow-block-list, https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=542189

Enhanced Security Compliance
With the ability to block external users and maintain audit logs, organizations can ensure better compliance with security policies and regulations. This feature supports proactive measures against potential data breaches and unauthorized access.
   - next-steps: Conduct a compliance review to align the new features with existing policies and update documentation to reflect new processes.
   - roles: Compliance Officers, Security Admins, Legal Teams
   - references: https://learn.microsoft.com/microsoft-365/security/office-365-security/tenant-allow-block-list, https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=542189

Improved User Experience
By blocking unwanted external communications, organizations can enhance the overall user experience within Teams, reducing distractions and potential phishing attempts. This contributes to a more secure and focused work environment.
   - next-steps: Gather user feedback on communication experiences post-implementation and adjust policies as necessary to optimize user engagement.
   - roles: End Users, Team Leaders, IT Support
   - references: https://learn.microsoft.com/microsoft-365/security/office-365-security/tenant-allow-block-list, https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=542189

Potentional Risks**

XXXXXXX ... paid membership only

Data Protection**

XXXXXXX ... paid membership only

IT Security**

XXXXXXX ... paid membership only

Hypothetical Work Council Statement**

XXXXXXX ... paid membership only

DPIA Draft**

XXXXXXX ... paid membership only

explanation for non-techies**

Admins will soon have the ability to block external users in Microsoft Teams through the Microsoft Defender portal. Think of this feature like a bouncer at a club entrance. Just as a bouncer checks a list to decide who can enter the club, the Tenant Allow/Block List (TABL) acts as a digital gatekeeper, deciding which external users can communicate with your organization through Teams.

This new feature will be available starting January 2026 and will allow security admins to manage who can send messages, join meetings, or make calls with your team. It's like having a VIP list where only certain people are allowed in, ensuring that unwanted guests are kept out. The system supports blocking up to 4,000 domains and 200 email addresses, giving organizations plenty of flexibility to manage external interactions.

For example, if a company wants to prevent communications from a competitor, they can add that competitor's domain to the block list. This means any attempt by the competitor to communicate through Teams will be automatically blocked, much like how a bouncer would deny entry to someone not on the guest list.

The feature also includes audit logging, which is similar to having a security camera at the club entrance. It records who was blocked and when, providing a record for compliance and monitoring purposes. This ensures that organizations can keep track of all blocking actions for future reference.

Importantly, this change won't affect existing Teams settings, so organizations can continue to use their current configurations without disruption. It's like adding a new layer of security without changing the club's interior design.

Admins can enable this feature in the Teams admin center, allowing the security team to manage blocked domains and users effectively. This ensures that the right people have control over who can communicate with the organization, much like how a club manager might oversee the guest list.

In summary, this integration between Microsoft Teams and Microsoft Defender for Office 365 offers a centralized and efficient way to manage external communications, enhancing security and compliance for organizations.