Forum Discussion

Sylvester-'s avatar
Sylvester-
Copper Contributor
Jan 27, 2021
Solved

External Access - What can external users do?

Dear community,   I just got external access working with both test tenants that my organization has. However, I want to clarify some things about what external access opens up for other users from...
external access
security
  • Forrest_H's avatar
    Forrest_H
    Jan 28, 2021

    Sylvester- I think it really depends on HOW the other Federated domains have their configuration set.

    The first link doesn't exactly mention IF the External participants can see your e-mail.  However, If they already have it then they would be able to send a Chat request or add you as a Contact. I suppose a malicious user in a Federated Domain could spray your users if they had a list of e-mails but that is very low chance if the Federated domain is trustworthy.

    I did find another article at the very bottom of the first doc that tries to explain External versus Guest.

  • Sylvester-'s avatar
    Sylvester-
    Copper Contributor
    Jan 28, 2021

    Hi Forrest_H ,

     

    Thanks for the quick response! In your references I see a lot of information on Guest Access. However, guest access is something different compared to External Access. Guest access allows collaboration and also much more control in terms of security. 

     

    My questions are purely about external access with open federation. However I cannot find answers to my specific questions as stated before when going through the Microsoft documentation. Any more ideas?

     

    Thanks,

     

    Sylvester

    • Forrest_H's avatar
      Forrest_H
      Steel Contributor
      Jan 28, 2021

      Sylvester- I think it really depends on HOW the other Federated domains have their configuration set.

      The first link doesn't exactly mention IF the External participants can see your e-mail.  However, If they already have it then they would be able to send a Chat request or add you as a Contact. I suppose a malicious user in a Federated Domain could spray your users if they had a list of e-mails but that is very low chance if the Federated domain is trustworthy.

      I did find another article at the very bottom of the first doc that tries to explain External versus Guest.

      • Sylvester-'s avatar
        Sylvester-
        Copper Contributor
        Feb 01, 2021

        Hi Forrest_H,

         

        Thanks! So I think I understand correctly now. The way I understand it: If you allow external access with open federation (no black or whitelisting) then users from other orgs that have the same settings could, if they have your email address, send you chat mesages or give you a call without any way to you having to "accept" that incoming call or chat message first. However, as you say, it might be better to whitelist domains of organizations that you find trustworthy in order to make sure that only those organizations can contact users our organization. That is correct right?

         

        Thanks for your help 🙂

         

        Sylvester

         

         

        I guess if you really

Resources