Teams – Allow communication with specified trial tenant

As introduced few month ago, Microsoft has deployed a settings to block (default) communication with trial Teams tenants (which include Visual Studio ones) (see Teams – You can now block federation with trial tenants).

It was first only configurable using PowerShell and now is also available from the Teams administration portal (Users\External access blade)

image

Well, while this feature is attempted to increase security by blocking bad actors to use trial tenants to try fool your end-users, it had a major downside.

In scenario where your organization is using a trial tenant type (such as Visual Studio) for development, testing or any other legitimate reason, Teams administrator has only 2 choices:

  • keep the default setting value to block trial tenant, which obviously block communication with these legitimate trial tenants
  • or turn it off which in return could lead bad trial tenants to be communicate with the organization

Well, good news as you can now keep the block trial tenant in block mode while allowing specific trial tenants to be allowed.

You can configure the list of allowed trial tenants right now for being effective in mid February.

To do so, you need to use Teams PowerShell module (PowerShell Gallery | MicrosoftTeams – version 6.8.0 at the time of writing) to configure the list of allowed trial tenant

$list = New-Object Collections.Generic.ListString
$list.add(“<domain of trial tenant 1>”)
$list.add(“<domain of trial tenant 2>”)
Set-CsTenantFederationConfiguration -AllowedTrialTenantDomains $list

If you need to remove an allowed trial tenant, you will need to use the below

$list = New-Object Collections.Generic.ListString
$list.add(“<domain of the trial tenant to be removed”)
Set-CsTenantFederationConfiguration -AllowedTrialTenantDomains @{Remove=$list}

Leave a Comment

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.