Best External Access configuration

adam deltinger​  is correct that using the External Access domain allow list is the main control if your goal is to prevent unknown domains from initiating chats, calls, or user lookups. By switching External Access to Allow only specific domains, you effectively block federation with all other organizations.

However, it's important to understand that External Access and meeting participation are separate mechanisms in Teams. Even if a domain is not on the federation allow list, users from that organization can still join a meeting as authenticated external participants, provided they sign in with their Microsoft 365 or Entra ID account.

So a common configuration for this scenario is:

External Access
Set to Allow only specific external domains and add only trusted partner organizations. This prevents random tenants from federating, searching users, or starting chats/calls.

Meeting settings
Ensure meetings allow authenticated external users to join so invited participants do not appear as anonymous when they sign in with their work account.

This approach keeps federation tightly controlled while still allowing normal collaboration through scheduled meetings.