Microsoft Teams Admins Can Now Block External Users via Defender
▼ Summary
– Microsoft Teams will soon allow security admins to block external users from sending messages, calls, or meeting invites to their organization.
– This feature integrates Teams with Defender for Office 365 and will be managed via the Tenant Allow/Block List in the Defender portal.
– Admins must first enable two specific settings in the Teams admin center, which are disabled by default, to use the new capability.
– The rollout is scheduled for early January 2026 and is available to organizations with a Defender for Office 365 Plan 1 or Plan 2 subscription.
– The feature is designed to block social engineering attacks and will also automatically strengthen messaging security against malicious content.
Microsoft Teams administrators are gaining a powerful new security tool that allows them to block external users from contacting their organization. This integration with Microsoft Defender for Office 365 provides a centralized method to prevent unwanted messages, calls, or meeting invitations from reaching employees. The feature is scheduled to begin rolling out in early January 2026, offering a streamlined way to enhance organizational security directly from the Defender portal.
To utilize this new capability, organizations must first activate two specific settings within the Teams admin center. These settings, which are turned off by default, are “Block specific users from communicating with people in my organization” and “Allow my security team to manage blocked domains and blocked users.” Once enabled, security administrators with the appropriate Teams permissions can directly manage a list of blocked external contacts. This management includes adding, deleting, and viewing up to 4,000 blocked domains and 200 specific email addresses through the Tenant Allow/Block List in the Microsoft Defender portal.
The update is designed to work seamlessly across all Teams clients and the Defender XDR web portal. Importantly, it will not alter any existing domain blocks or federation configurations already set up in the Teams admin center, ensuring continuity for current security policies. Microsoft states this centralized control is intended to bolster security and compliance by giving organizations greater command over external user access across their Microsoft 365 services.
A primary motivation for this feature is to combat cybercrime. It is specifically engineered to help block threats from actors like ransomware groups, who have been known to abuse communication platforms for social engineering attacks. By preventing these external malicious users from initiating contact, companies can add a critical layer of defense against phishing and other manipulative schemes targeting employees.
Concurrent with this rollout, Teams will introduce additional security enhancements. The platform will begin warning administrators about suspicious traffic originating from external domains. Furthermore, starting in January, Teams will automatically strengthen its default messaging security protocols. These improvements will include enabling malicious URL detection, protection against weaponizable file types, and a system for reporting any false positives that may occur.
Available to all organizations with a Microsoft Defender for Office 365 Plan 1 or Plan 2 subscription, this update reflects Microsoft’s ongoing commitment to securing one of its most widely used platforms. Teams boasts a massive user base, with over 320 million people actively using the service each month, making robust security features essential for enterprises worldwide.
(Source: Bleeping Computer)
