Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Tip
Did you know you can try the features in Microsoft Defender for Office 365 Plan 2 for free? Use the 90-day Defender for Office 365 trial at the Microsoft Defender portal trials hub. Learn about who can sign up and trial terms on Try Microsoft Defender for Office 365.
Note
The feature described in this article is currently in Preview, isn't available in all organizations, and is subject to change.
In all organizations with Microsoft Teams and cloud mailboxes, admins can create and manage block entries for domains in Microsoft Teams using the Tenant Allow/Block List. These blocked ___domain entries also appear on the Organization settings tab of the External access page in the Microsoft Teams admin center at https://admin.teams.microsoft.com/company-wide-settings/external-communications in the Teams and Skype for Business users in external organizations section:
For more information about the Tenant Allow/Block List, see Manage allows and blocks in the Tenant Allow/Block List.
This article describes how security admins can manage entries for blocked domains in Teams admin center using the Microsoft Defender portal.
What do you need to know before you begin?
You open the Microsoft Defender portal at https://security.microsoft.com. To go directly to the Tenant Allow/Block Lists page, use https://security.microsoft.com/tenantAllowBlockList. Then, go to the Teams domains tab.
After you add the block entry for the ___domain in Teams, all new Teams communication from that organization is blocked. Block communication includes new Teams meetings, chats, channels, and calls. Existing Teams meetings, chats, channels, and calls are deleted.
On the Organization settings tab of the External access page in the Microsoft Teams admin center at https://admin.teams.microsoft.com/company-wide-settings/external-communications, the following settings are required to create and manage block entries for domains in Teams using the Tenant Allow/Block List:
- Teams and Skype for Business users in external organizations must be one of the following values:
- Allow all external domains
- Block only specific external domains
- Allow my security team to manage blocked domains must be
On.
- Teams and Skype for Business users in external organizations must be one of the following values:
The maximum number of ___domain block entries for Microsoft Teams is 4,000.
Block entries for domains in Teams never expire.
An entry should be active within 5 minutes.
You need to be assigned permissions before you can do the procedures in this article. You have the following options:
Microsoft Entra permissions: Membership in the Global Administrator*, Security Administrator, Global Reader, or Security Reader roles gives users the required permissions and permissions for other features in Microsoft 365.
Important
* Microsoft recommends that you use roles with the fewest permissions. Using lower permissioned accounts helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
Create block entries for domains in Teams in the Tenant Allow/Block List
Tip
See the requirements in the What do you need to know before you begin? section to managed blocked domains in Teams in the Tenant Allow/Block list. You don't get a Teams domains tab on the Tenant Allow/Block Lists page if you don't meet the requirements.
In the Microsoft Defender portal at https://security.microsoft.com, go to Policies & rules > Threat Policies > Rules section > Tenant Allow/Block Lists. Or, to go directly to the Tenant Allow/Block Lists page, use https://security.microsoft.com/tenantAllowBlockList.
On the Tenant Allow/Block Lists page, select the Teams domains tab.
On the Teams domains tab, select
Block.In the Block external domains in Teams flyout that opens, enter up to 20 domains separated by commas or line breaks, and then select Add.
Back on the Teams domains tab, the ___domain block entries are listed. After a few minutes, the blocked domains also appear on the Organization settings tab of the External access page in the Microsoft Teams admin center at https://admin.teams.microsoft.com/company-wide-settings/external-communications.
View block entries for domains in Teams in the Tenant Allow/Block List
In the Microsoft Defender portal at https://security.microsoft.com, go to Policies & rules > Threat Policies > Tenant Allow/Block Lists in the Rules section. Or, to go directly to the Tenant Allow/Block Lists page, use https://security.microsoft.com/tenantAllowBlockList.
On the Teams domains tab, select the Teams domains.
On the Teams domains tab, you can sort the entries by clicking on an available column header. The following columns are available:
- Value: The ___domain or email address.
Use the 
Search box and a corresponding value to find specific entries.
Remove block entries for domains in Teams in the Tenant Allow/Block List
In the Microsoft Defender portal at https://security.microsoft.com, go to Policies & rules > Threat Policies > Rules section > Tenant Allow/Block Lists. Or, to go directly to the Tenant Allow/Block Lists page, use https://security.microsoft.com/tenantAllowBlockList.
On the Tenant Allow/Block Lists page, select the Teams domains tab.
On Teams domains tab, select the entry from the list by selecting the check box next to the first column, and then select the
Delete action that appears.Tip
- You can select multiple entries by selecting each check box, or select all entries by selecting the check box next to the Value column header.
In the warning dialog that opens, select Delete.
Back on the Teams domains tab, the entry is no longer listed. After a few minutes, the blocked ___domain disappears from the Organization settings tab of the External access page in the Microsoft Teams admin center at https://admin.teams.microsoft.com/company-wide-settings/external-communications.