Forum Discussion
External Access - What can external users do?
Sylvester- I think it really depends on HOW the other Federated domains have their configuration set.
The first link doesn't exactly mention IF the External participants can see your e-mail. However, If they already have it then they would be able to send a Chat request or add you as a Contact. I suppose a malicious user in a Federated Domain could spray your users if they had a list of e-mails but that is very low chance if the Federated domain is trustworthy.
I did find another article at the very bottom of the first doc that tries to explain External versus Guest.
Hi Forrest_H ,
Thanks for the quick response! In your references I see a lot of information on Guest Access. However, guest access is something different compared to External Access. Guest access allows collaboration and also much more control in terms of security.
My questions are purely about external access with open federation. However I cannot find answers to my specific questions as stated before when going through the Microsoft documentation. Any more ideas?
Thanks,
Sylvester
Sylvester- I think it really depends on HOW the other Federated domains have their configuration set.
The first link doesn't exactly mention IF the External participants can see your e-mail. However, If they already have it then they would be able to send a Chat request or add you as a Contact. I suppose a malicious user in a Federated Domain could spray your users if they had a list of e-mails but that is very low chance if the Federated domain is trustworthy.
I did find another article at the very bottom of the first doc that tries to explain External versus Guest.
Hi Forrest_H,
Thanks! So I think I understand correctly now. The way I understand it: If you allow external access with open federation (no black or whitelisting) then users from other orgs that have the same settings could, if they have your email address, send you chat mesages or give you a call without any way to you having to "accept" that incoming call or chat message first. However, as you say, it might be better to whitelist domains of organizations that you find trustworthy in order to make sure that only those organizations can contact users our organization. That is correct right?
Thanks for your help 🙂
Sylvester
I guess if you really
Sylvester- I am not sure how the granular interaction works with the Federations. There may even be more configuration options available through PowerShell or other API. To Be Honest. We are not using Federations or Trusted Domains , Yet! One of the other problems is the speed at which changes are being made with the Teams platform / service. Just about the time I think I have a grasp of what is happening , they make more changes.
Having said that, it seems that all parties involved in setting up Federation have responsibility for adjusting configuration options in their own Domains for things to work (or not). If you do start setting up Federations & Trusted Domains, I would make sure I have Global Admin contacts for all parties involved. Sometimes the smallest change in the settings will have a large impact.
Another thing to be careful of is HOW LONG some changes take to become effective. If you read many of the posts on Teams configuration problems you will learn that sometimes it takes several hours for the change you make to actually become effective.