Updated April 9, 2025: This feature has been fully rolled out.
Coming soon: We will introduce a new Microsoft Teams PowerShell setting in Tenant Federation Configuration to enable you to customize your federation posture. Tenant administrators will be able to define a list of external trial tenants to be whitelisted for federation, while maintaining the default block on overall federation with trial-only tenants.
When this will happen:
General Availability (Worldwide): The new setting is available now in Teams PowerShell. If populated, the allowed trial tenant domains list will start to take effect in early April 2025 (previously late April).
Note: This feature requires no immediate admin action, and there will be no impact if the list is not populated.
How this will affect your organization:
Microsoft Teams introduced a new PowerShell setting (-ExternalAccessWithTrialTenants) to the Set-CsTenantFederationConfiguration cmdlet in August 2024 that enabled blocking all external access with trial-only tenants.
Now, we’re introducing a new Tenant federation setting -AllowedTrialTenantDomains to enable more granularity in defining the federation posture for your organization. This setting will allow you to keep federation with trial-only tenants blocked, while explicitly allowing federation with trial tenant domains you trust and collaborate with for valid business needs.
Important notes
- A “trial-only” tenant is defined as a tenant with a Teams service plan that has only Trial subscriptions (0 purchased licenses).
- Cross-cloud experience: Currently, all cross-cloud communication involving trial-only tenants in public clouds is blocked by default. The
AllowedTrialTenantDomainssetting will not be supported for cross-cloud communication. - This setting is only supported in PowerShell.
What you need to do to prepare:
This rollout will happen automatically by the specified date with no admin action required before the rollout. You may want to notify your users about this change and update any relevant documentation.
- Review your settings for external access to determine if you have a valid business need to allow federation with trial-only tenants and then prepare the whitelist.
- Download or upgrade to the latest PowerShell package (6.7 or higher): https://www.powershellgallery.com/packages/MicrosoftTeams/
- To block external communication with trial-only tenants, use:
Set-CsTenantFederationConfiguration -ExternalAccessWithTrialTenants "Blocked" - To allow external communication with specific trial-only tenants, while blocking it by default for most trial-only tenants, use:
$list = New-Object Collections.Generic.List
String
$list.add("contoso.com")
$list.add("fabrikam.com")
Set-CsTenantFederationConfiguration -AllowedTrialTenantDomains $list
- To remove tenants from the
AllowedTrialTenantDomainslist, use:
$list = New-Object Collections.Generic.List
String
$list.add("contoso.com")
Set-CsTenantFederationConfiguration -AllowedTrialTenantDomains @{Remove=$list}
- To allow external communication with all trial-only tenants, use:
Set-CsTenantFederationConfiguration -ExternalAccessWithTrialTenants "Allowed"
Learn more
- PowerShell cmdlet configuration: Set-CsTenantFederationConfiguration | Microsoft Learn
- Manage external communication: IT Admins – Manage external meetings and chat with people and organizations using Microsoft identities – Microsoft Teams | Microsoft Learn