SOLVED
Home

Blocked domain in Teams

%3CLINGO-SUB%20id%3D%22lingo-sub-846611%22%20slang%3D%22en-US%22%3EBlocked%20domain%20in%20Teams%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-846611%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20are%20currently%20testing%20restricting%20access%20to%20Teams%20to%20specific%20domains%20and%20if%20I%20add%20a%20domain(for%20example%20domain.com)%20to%20be%20on%20the%20blocked%20list%20in%20the%20Teams%20admin%20settings%2C%20I%20can%20as%20a%20team%20owner%20still%20invite%20a%20user%20from%20that%20domain.%20I%20was%20expecting%20the%20behaviour%20to%20say%20the%20domain%20is%20blocked%20as%20part%20of%20your%20organisation%20setting.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-846611%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAdministrator%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EGuest%20Access%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMicrosoft%20Teams%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-846643%22%20slang%3D%22en-US%22%3ERe%3A%20Blocked%20domain%20in%20Teams%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-846643%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20think%20that%20you%20added%20the%20blocked%20domain%20in%20the%20External%20Access%20section.%20That%20will%20block%20your%20users%20to%20federate%20with%20users%20in%20that%20domain%2C%20chat%20and%20call%20directly%20to%2Ffrom%20them.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFor%20Guest%20access%20(invite%20external%20users%20to%20your%20Team)%20you%20can't%20block%20per%20domain%20(what%20I%20know%20of)%20but%20there%20is%20an%20uservoice%20requesting%20this.%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fmicrosoftteams.uservoice.com%2Fforums%2F555103-public%2Fsuggestions%2F34883527-restrict-guest-access-in-a-certain-team-to-a-domai%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fmicrosoftteams.uservoice.com%2Fforums%2F555103-public%2Fsuggestions%2F34883527-restrict-guest-access-in-a-certain-team-to-a-domai%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-846680%22%20slang%3D%22en-US%22%3ERe%3A%20Blocked%20domain%20in%20Teams%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-846680%22%20slang%3D%22en-US%22%3E%3CP%3EHello%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F3651%22%20target%3D%22_blank%22%3E%40Dhiran%20Gajjar%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20was%20open%20ticket%20in%20Office%20365%20Support%2C%20about%20problem%20control%20public%20domain%20access%20to%20Teams.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAnswer%3A%26nbsp%3B%3CBR%20%2F%3ECan%20we%20control%20access%20to%20Teams%20chat%20by%20external%20domain%20list%20access%3F%3C%2FP%3E%3CP%3ECan%20we%20control%20access%20to%20Teams%20channel%20by%20external%20domain%20list%20access%3F%3C%2FP%3E%3CP%3EFor%20both%20of%20the%20above%20scenarios%2C%20the%20federation%20settings%20would%20apply.%20You%20can%20restrict%20access%20to%20a%20specific%20domain%2C%20but%20that%20will%20be%20restricted%20for%20all%20users%2C%20and%20not%20based%20on%20Teams%20or%20Channels.%3C%2FP%3E%3CP%3EIf%20we%20add%20domain%20to%20block%20list%2C%20can%20guest%20with%20this%20UPN%20name%20connect%20to%20Teams%20channel%3F%3C%2FP%3E%3CP%3EWho%20we%20can%20block%20access%20to%20Teams%20channel%20from%20free%20public%20domain%3F%20yahoo%2C%20gmail%2C%20etc.%3F%3C%2FP%3E%3CP%3EFor%20this%2C%20we%20don%E2%80%99t%20have%20the%20option%20in%20Teams.%20However%2C%20we%20might%20be%20able%20to%20achieve%20it%20via%20Azure%2FO365%20groups.%3C%2FP%3E%3CP%3EYou%20can%20create%20a%20new%20Allow%20or%20Block%20list%20policy.%3C%2FP%3E%3CP%3EYou%20can%20refer%20to%20this%20article%20for%20the%20same%3A%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Frecipients-in-exchange-online%2Fmanage-group-access-to-office-365-groups%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Frecipients-in-exchange-online%2Fmanage-group-access-to-office-365-groups%3C%2FA%3E%3C%2FP%3E%3CP%3EImportant%20information%20about%20how%20block%20lists%20work%3A%3C%2FP%3E%3CP%3EThis%20feature%20is%20currently%20only%20in%20Preview%20and%20as%20part%20of%20an%20Office%20365%20license.%3CBR%20%2F%3EYou%20can%20create%20either%20an%20Allow%20list%20or%20Block%20list.%20But%20you%20can't%20set%20up%20both%20types%20of%20lists.%20By%20default%2C%20whatever%20domains%20are%20not%20in%20an%20Allow%20list%20are%20on%20a%20Block%20list%2C%20and%20vice%20versa.%3CBR%20%2F%3EYou%20can%20create%20only%20one%20policy%20per%20organization.%20You%20can%20update%20that%20policy%20with%20more%20domains%2C%20or%20you%20can%20delete%20that%20policy%20to%20create%20a%20new%20one.%3CBR%20%2F%3EThis%20list%20works%20independently%20from%20SPO%20allow%2Fblock%20list.%20You%20would%20need%20to%20set-up%20Allow%2FBlock%20list%20for%20SPO%20if%20you%20want%20to%20restrict%20individual%20file%20sharing%20of%20Group%20connected%20site.%3CBR%20%2F%3EThis%20list%20doesn't%20apply%20to%20already%20added%20guest%20members%2C%20this%20will%20be%20enforced%20for%20all%20the%20guests%20added%20after%20the%20list%20is%20set-up.%20However%2C%20you%20can%20remove%20them%20through%20the%20script.%3CBR%20%2F%3EHope%20this%20helps.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'm%20not%20testing%20this%20policy%20on%20production%20now.%20I%20hope%20use%20this%20steps%20in%20next%20Phase%20in%20Office%20365%20project.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-848870%22%20slang%3D%22en-US%22%3ERe%3A%20Blocked%20domain%20in%20Teams%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-848870%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F33916%22%20target%3D%22_blank%22%3E%40Oleg%20Kovalenko%3C%2FA%3E%26nbsp%3B-%20thank%20your%20for%20the%20reply.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20managed%20to%20get%20the%20approved%20domain%20listed%20loaded%20in%20Azure%20and%20enabled%20external%20sharing%20for%20Teams.%20This%20now%20allows%20us%20to%20stop%20users%20from%20inviting%20users%20from%20non-approved%20domains%20which%20was%20our%20goal.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20link%20you%20provided%20was%20useful%20for%20the%20PowerShell%20scripts%2C%20so%20thanks%20again.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Frequent Contributor

Hi, 

 

We are currently testing restricting access to Teams to specific domains and if I add a domain(for example domain.com) to be on the blocked list in the Teams admin settings, I can as a team owner still invite a user from that domain. I was expecting the behaviour to say the domain is blocked as part of your organisation setting. 

3 Replies
Highlighted

Hi,

 

I think that you added the blocked domain in the External Access section. That will block your users to federate with users in that domain, chat and call directly to/from them.

 

For Guest access (invite external users to your Team) you can't block per domain (what I know of) but there is an uservoice requesting this.

https://microsoftteams.uservoice.com/forums/555103-public/suggestions/34883527-restrict-guest-access...

Highlighted
Solution

Hello @Dhiran Gajjar 

 

I was open ticket in Office 365 Support, about problem control public domain access to Teams.

 

Answer: 
Can we control access to Teams chat by external domain list access?

Can we control access to Teams channel by external domain list access?

For both of the above scenarios, the federation settings would apply. You can restrict access to a specific domain, but that will be restricted for all users, and not based on Teams or Channels.

If we add domain to block list, can guest with this UPN name connect to Teams channel?

Who we can block access to Teams channel from free public domain? yahoo, gmail, etc.?

For this, we don’t have the option in Teams. However, we might be able to achieve it via Azure/O365 groups.

You can create a new Allow or Block list policy.

You can refer to this article for the same:
https://docs.microsoft.com/en-us/exchange/recipients-in-exchange-online/manage-group-access-to-offic...

Important information about how block lists work:

This feature is currently only in Preview and as part of an Office 365 license.
You can create either an Allow list or Block list. But you can't set up both types of lists. By default, whatever domains are not in an Allow list are on a Block list, and vice versa.
You can create only one policy per organization. You can update that policy with more domains, or you can delete that policy to create a new one.
This list works independently from SPO allow/block list. You would need to set-up Allow/Block list for SPO if you want to restrict individual file sharing of Group connected site.
This list doesn't apply to already added guest members, this will be enforced for all the guests added after the list is set-up. However, you can remove them through the script.
Hope this helps.

 

I'm not testing this policy on production now. I hope use this steps in next Phase in Office 365 project. 

Highlighted

@Oleg Kovalenko - thank your for the reply. 

 

We managed to get the approved domain listed loaded in Azure and enabled external sharing for Teams. This now allows us to stop users from inviting users from non-approved domains which was our goal. 

 

The link you provided was useful for the PowerShell scripts, so thanks again. 

Related Conversations
Interop Teams to Skpe for Business Online
CarlosMoralesMX in Microsoft Teams on
3 Replies
Making shifts not visible to all team members
rfloo in Microsoft Teams on
3 Replies
Alternate to confluence
seetharaman_k in Microsoft Teams on
0 Replies
Group calendars appeared automatically
BobaFett in Outlook on
3 Replies
Status Unknown
AlexT88 in Microsoft Teams on
1 Replies