💡 Our Technical Review in summary
Summary
- Overview: Microsoft is integrating Microsoft Teams external user management into the Microsoft Defender portal via the Tenant Allow/Block List (TABL). This allows security administrators to centrally manage and block specific external domains and users from communicating with the organization via Teams.
- Roadmap ID: 542189
- Timeline: The rollout is scheduled to begin in mid-February 2026 and is expected to be complete by the end of February 2026.
- Requirement: Organizations must have Microsoft Defender for Office 365 (Plan 1 or Plan 2) and Microsoft Teams.
Impact
- Centralized Security Management: Security admins can now view, add, and delete external blocks for Teams directly from the Microsoft Defender XDR portal, rather than switching between multiple admin centers.
- Communication Blocking: Once a user or domain is blocked, all incoming Teams communications—including chats, channel messages, meeting invites, and calls—will be prevented.
- Automatic Remediation: Any existing communication history from a newly blocked external user will be automatically deleted from the environment.
- Scale and Limits: The system supports configurations for up to 4,000 blocked domains and 200 specific email addresses for Teams.
- Audit Transparency: All blocking and unblocking actions are recorded in audit logs to ensure compliance and tracking of administrative changes.
- Coexistence: This feature does not overwrite existing federation configurations or domain blocks previously set in the Teams Admin Center (TAC); it acts as an additional layer of security.
Action Required
- Enable Admin Settings: Navigate to the Teams Admin Center and manually enable two specific toggles (both are “Off” by default):
- “Block specific users from communicating with people in my organization.”
- “Allow my security team to manage blocked domains and blocked users.”
- Verify Permissions: Ensure that security administrators who will manage these lists have the necessary Teams admin permissions assigned to them.
- Update Internal Documentation: Inform your IT helpdesk and security operations center (SOC) about this new workflow, as external communication issues may now be rooted in the Defender TABL settings.
- Review Tenant Allow/Block List: Familiarize yourself with the current TABL documentation in the Microsoft Defender portal to prepare for the addition of Teams-specific entries.
Microsoft Official Update
Service: N/A
Category: stayInformed
Severity: normal
Updated January 23, 2026: We have updated the timeline. Thank you for your patience.
[Introduction]
We’re introducing an integration between Microsoft Teams and Microsoft Defender for Office 365 that allows security admins to manage blocked external users in Teams through the Tenant Allow/Block List (TABL) in the Microsoft Defender portal. This centralized approach enhances security and compliance by enabling organizations to control external user access across Microsoft 365 services.
This message is associated with Roadmap ID 542189.
[When this will happen:]
General Availability (Worldwide): Rollout begins mid-February 2026 (previously early January) and is expected to complete by end of February 2026 (previously mid-January).
[How this affects your organization:]
Who is affected: Organizations using Microsoft Teams and Microsoft Defender for Office 365 Plan 1 or Plan 2.
What will happen:
- Security admins (with Teams admin permission) can add, delete, and view blocked external users and domains for Teams in the Microsoft Defender portal.
- Incoming communications (chats, channels, meetings, and calls) from blocked users will be prevented.
- Existing communications from blocked users will be automatically deleted.
- Audit logs will track actions taken to block users for compliance monitoring.
- Entry limits: Up to 4,000 blocked domains and 200 email addresses can be configured for Teams.
- This applies to all Teams clients and the Defender XDR web portal.
- Existing federation configurations and domain blocks in the Teams admin center remain unaffected.
Screenshot 1: Image showcasing the teams block sender and block domain list in Microsoft Teams
[What you can do to prepare:]
- Enable the setting “Block specific users from communicating with people in my organization” in the Teams admin center (default: Off).
- Enable the setting “Allow my security team to manage blocked domains and blocked users” in the Teams admin center (default: Off).
- Grant security team access to manage blocked domains and users in the Teams admin center.
- Review internal documentation and inform helpdesk staff about this change.
- Learn more: Tenant Allow/Block List documentation.
Screenshot 2: Image showing the teams toggle for blocking sender email addresses in Microsoft Teams
[Compliance considerations:]
No compliance considerations identified, review as appropriate for your organization.
