Forum Discussion

AhBAy2335's avatar
AhBAy2335
Copper Contributor
Mar 01, 2026

Allow only specific external domains

When External Access is set to “Allow only specific external domains”

 

Scenario 1

If Microsoft Teams External Access is set to “Allow only specific external domains”, and a user from a domain not on the allowed list joins a meeting while signed into their work Teams account,

Will they still appear with their actual name and organization, rather than as Anonymous?

Is this correct?

 

Scenario 2

If a user from a non-allowed domain joins the meeting link through a browser and selects “Join as guest”,

Will they appear under the name they manually enter, instead of showing as Anonymous?

Is this correct?

 

Scenario 3

If a user joins without authenticating and meeting policy allows anonymous access,

Will they appear as Anonymous only in that situation, and not because of the External Access restriction?

Is this correct?

 

 

Administrator
microsoft teams

3 Replies

  • Lucaraheller's avatar
    Lucaraheller
    MCT
    Mar 03, 2026

    Hi,

    External Access and Anonymous meeting access are two different configurations in Microsoft Teams, and they affect different scenarios. External Access controls federation (1:1 chat, calls, presence) between organizations. It does not control how users appear inside a meeting. Meeting join behavior is governed by meeting policies and lobby/anonymous settings.

    Here is how your scenarios work in practice.

    Scenario 1
    If External Access is set to “Allow only specific external domains” and a user from a domain that is not on the allowed list joins a meeting while signed in with their work account, they can still join the meeting (assuming meeting settings allow external authenticated users).

    They will appear with their actual display name, and typically their organization label (External). They will not appear as Anonymous simply because their domain is not in the External Access allowed list.

    This is because joining a meeting as an authenticated Azure AD / Entra ID user is different from federation. External Access restrictions block chat and calling federation, not meeting participation.

    Scenario 2
    If a user from a non-allowed domain joins through the browser and selects “Join as guest” without signing in, they are treated as an unauthenticated participant.

    They will appear with whatever name they manually enter. They will not automatically show as “Anonymous.” In the participant list they are shown as an anonymous user, but with the display name they typed.

    Again, this behavior is not driven by the External Access setting, but by whether the user is authenticated.

    Scenario 3
    If a user joins without authenticating and the meeting policy allows anonymous access, then yes — they will be treated as an anonymous participant. In this case, their identity is not verified, and their presence in the meeting is governed by anonymous access settings and lobby configuration.

    This is unrelated to the External Access restriction. External Access only controls cross-tenant federation (chat, calls, presence), not anonymous meeting joins.

    Summary

    – External Access “Allow only specific domains” impacts federation, not meeting identity display.
    – Authenticated users (even from non-allowed domains) appear with their real name and organization when joining meetings.
    – Browser “Join as guest” users appear with the name they type.
    – Anonymous appearance is controlled by meeting policies, not External Access settings.

    So yes, your understanding in all three scenarios is essentially correct, with the key clarification that meeting behavior is independent from the External Access federation restriction.

  • AhBAy2335's avatar
    AhBAy2335
    Copper Contributor
    Mar 02, 2026

    What I want to know is With “Allow only specific external domains”, if a person from a non-allowed domain will typically join as Anonymous (if anonymous join is enabled) or will he join as Username because we plan to disable anonymous.

    • Lucaraheller's avatar
      Lucaraheller
      MCT
      Mar 03, 2026

      Here is the clear answer to your question.

      The setting “Allow only specific external domains” does NOT control how a participant appears inside a meeting. It only controls federation (chat, calling, and presence) between organizations.

      Now, regarding your scenario:

      If you configure:

      – External Access = “Allow only specific external domains”
      – Anonymous join = Disabled

      Then a user from a non-allowed domain will NOT automatically join as Anonymous.

      What happens depends entirely on authentication:

      If the user joins while signed in with their work account, they will join as an authenticated external user (showing their real name and organization), as long as the meeting settings allow external authenticated users. The External Access restriction does not convert them to Anonymous.

      If the user tries to join via browser without signing in, and Anonymous join is disabled, they will simply not be allowed to enter the meeting. They will not be converted to Anonymous — access will be blocked.

      So to summarize:

      – External Access restrictions do not affect meeting identity.
      – Anonymous status depends only on whether the user is authenticated and whether anonymous join is enabled.
      – If you disable anonymous join, unauthenticated users cannot enter.
      – Authenticated external users can still join with their real identity, even if their domain is not on the External Access allowed list.

      If your goal is to prevent Anonymous participants, disabling anonymous join is the correct control.