Forum Discussion
Blocked domain in Teams
Hello Dhiran Gajjar
I was open ticket in Office 365 Support, about problem control public domain access to Teams.
Answer:
Can we control access to Teams chat by external domain list access?Can we control access to Teams channel by external domain list access?
For both of the above scenarios, the federation settings would apply. You can restrict access to a specific domain, but that will be restricted for all users, and not based on Teams or Channels.
If we add domain to block list, can guest with this UPN name connect to Teams channel?
Who we can block access to Teams channel from free public domain? yahoo, gmail, etc.?
For this, we don’t have the option in Teams. However, we might be able to achieve it via Azure/O365 groups.
You can create a new Allow or Block list policy.
You can refer to this article for the same:
https://docs.microsoft.com/en-us/exchange/recipients-in-exchange-online/manage-group-access-to-office-365-groupsImportant information about how block lists work:
This feature is currently only in Preview and as part of an Office 365 license.
You can create either an Allow list or Block list. But you can't set up both types of lists. By default, whatever domains are not in an Allow list are on a Block list, and vice versa.
You can create only one policy per organization. You can update that policy with more domains, or you can delete that policy to create a new one.
This list works independently from SPO allow/block list. You would need to set-up Allow/Block list for SPO if you want to restrict individual file sharing of Group connected site.
This list doesn't apply to already added guest members, this will be enforced for all the guests added after the list is set-up. However, you can remove them through the script.
Hope this helps.I'm not testing this policy on production now. I hope use this steps in next Phase in Office 365 project.
Hello Dhiran Gajjar
I was open ticket in Office 365 Support, about problem control public domain access to Teams.
Answer:
Can we control access to Teams chat by external domain list access?
Can we control access to Teams channel by external domain list access?
For both of the above scenarios, the federation settings would apply. You can restrict access to a specific domain, but that will be restricted for all users, and not based on Teams or Channels.
If we add domain to block list, can guest with this UPN name connect to Teams channel?
Who we can block access to Teams channel from free public domain? yahoo, gmail, etc.?
For this, we don’t have the option in Teams. However, we might be able to achieve it via Azure/O365 groups.
You can create a new Allow or Block list policy.
You can refer to this article for the same:
https://docs.microsoft.com/en-us/exchange/recipients-in-exchange-online/manage-group-access-to-office-365-groups
Important information about how block lists work:
This feature is currently only in Preview and as part of an Office 365 license.
You can create either an Allow list or Block list. But you can't set up both types of lists. By default, whatever domains are not in an Allow list are on a Block list, and vice versa.
You can create only one policy per organization. You can update that policy with more domains, or you can delete that policy to create a new one.
This list works independently from SPO allow/block list. You would need to set-up Allow/Block list for SPO if you want to restrict individual file sharing of Group connected site.
This list doesn't apply to already added guest members, this will be enforced for all the guests added after the list is set-up. However, you can remove them through the script.
Hope this helps.
I'm not testing this policy on production now. I hope use this steps in next Phase in Office 365 project.
Oleg_Kovalenko - thank your for the reply.
We managed to get the approved domain listed loaded in Azure and enabled external sharing for Teams. This now allows us to stop users from inviting users from non-approved domains which was our goal.
The link you provided was useful for the PowerShell scripts, so thanks again.
- Hello Dhiran Gajjar,
I've tried following the link Oleg has provided but it looks like it has expired now.
Could you share how you were able to accomplish this?
Thanks,Montreal_IT_Don - trying to remember something that I have downloaded 4 years ago but this is closest script aroud that timeframe that I have. I hope this helps?
Connect-SPOService -Url https://<yourhost>-admin.SharePoint.com $allsites = import-csv C:\temp\ExternalUsers.csv | Select-Object -Property "Site URL" -Unique foreach ($site in $allsites) { Write-Host "Enabling External Access to $($site.'Site URL')" # Set the Sharing facility only authenticated users Set-SPOSite -Identity $site.'Site URL' -SharingCapability ExternalUserSharingOnly # This will set only site owners can invite the external users Set-SPOSite -Identity $site.'Site URL' -DisableSharingForNonOwners } # To disable external Sharing # Set-SPOSite -Identity $siteCollectionURL -SharingCapability Disabled.
