Enhanced Security in Microsoft Teams: New Controls to Block External Access in Trial-Only Tenants

Overview

Microsoft Teams continues to evolve with enhanced security measures to safeguard communications. A significant update is on the horizon that introduces a new admin control aimed at strengthening defenses against malicious activities through Teams trial-only tenants. Starting from July 29, 2024, Microsoft will enforce a default setting that blocks external access with Teams trial-only tenants, emphasizing a proactive approach to security.

What’s Changing?

The new admin control allows organizations to block external access (federation) with Teams trial-only tenants. This update is particularly relevant due to the misuse of free Teams trials by malicious actors to launch phishing or abuse attacks against Teams users. With this setting, you can add another layer of protection for your organization against such attacks.

Key Details of the Rollout

• General Availability: The feature is available now.
• Enforcement Date: Blocking external access based on this setting will commence on July 29, 2024. Post this date, the default value (Blocked) will automatically be applied unless altered by the admin.
• Affected Services: This setting specifically targets external access involving users from Teams trial-only tenants, impacting capabilities like searching, chatting, Teams calls, and meetings using authenticated identities.
• Exclusions: The setting does not affect Shared Channels, Guest access, and Anonymous Meeting joins.

Technical Implications and Configuration

• PowerShell Support: Teams PowerShell introduces a new parameter -ExternalAccessWithTrialTenants with values Allowed or Blocked. By default, this setting blocks all external communication with users from trial-only tenants, which can significantly impact collaboration if not configured according to your organizational needs.
• Impact on Existing Chats: If set to Blocked, users from trial-only tenants will also be removed from any existing chats.
• Cross-Cloud Communication: There is no admin control to enable cross-cloud external communication with trial tenants.

How This Affects Your Organization

Domain Specific Settings:

• • If your tenant uses an allowlist or blocklist for specific domains, the new setting will respect these configurations in conjunction with the trial-only tenant settings. For instance, trial-only tenants in the allowlist will be blocked if -ExternalAccessWithTrialTenants is set to Blocked.
  • If all external domains are blocked by default, the new setting for trial-only tenants will have no impact.

Preparatory Actions

1. Review and Configure: Examine your current settings for external access and decide if the default ‘Blocked’ setting aligns with your security needs or if adjustments are necessary.
2. Update PowerShell: Ensure that you have the latest PowerShell package installed (version 6.4.0) to use the new configuration commands.
   • To permit external communication with trial-only tenants, execute:

Set-CsTenantFederationConfiguration -ExternalAccessWithTrialTenants “Allowed”

• • To block external communication with trial-only tenants, use:

Set-CsTenantFederationConfiguration -ExternalAccessWithTrialTenants “Blocked”

Learn More

• For more details on configuring the new settings via PowerShell, visit the Microsoft Learn page for Set-CsTenantFederationConfiguration.
• Comprehensive guidelines on managing external communications can be found on the IT Admins – Manage external meetings and chat page.

Final Thoughts

This update is a testament to Microsoft’s commitment to enhancing security protocols within Teams. By enabling more granular control over trial-only tenant interactions, organizations can better shield themselves against potential external threats. It’s crucial for admins to review these changes, update configurations as necessary, and inform their teams to ensure a smooth transition and continued protection of organizational data.

Sharing is caring!