Forum Discussion
Best External Access configuration
I’m looking for guidance on the best Microsoft Teams configuration for the following goal:
Objective
Prevent random external domains from:
- Looking up users in Teams
- Sending 1:1 chats
- Making direct audio/video calls
At the same time:
External users invited to Teams meetings should not appear as Anonymous
2 Replies
adam deltinger is correct that using the External Access domain allow list is the main control if your goal is to prevent unknown domains from initiating chats, calls, or user lookups. By switching External Access to Allow only specific domains, you effectively block federation with all other organizations.
However, it's important to understand that External Access and meeting participation are separate mechanisms in Teams. Even if a domain is not on the federation allow list, users from that organization can still join a meeting as authenticated external participants, provided they sign in with their Microsoft 365 or Entra ID account.
So a common configuration for this scenario is:
External Access
Set to Allow only specific external domains and add only trusted partner organizations. This prevents random tenants from federating, searching users, or starting chats/calls.Meeting settings
Ensure meetings allow authenticated external users to join so invited participants do not appear as anonymous when they sign in with their work account.This approach keeps federation tightly controlled while still allowing normal collaboration through scheduled meetings.
You need to use the domain allow list (blocking all other) then add all domains you collaborate with. Try the experience out with external meetings with non allowed domains
best, Adam
