Microsoft Teams to let admins block external users via Defender portal
by Sergiu Gatlan · BleepingComputerMicrosoft announced that security administrators will soon be able to block external users from sending messages, calls, or meeting invitations to members of their organization via Teams.
The new feature will start rolling out in early January, integrating Microsoft Teams with Defender for Office 365, and enabling admins to manage blocked external contacts through the Tenant Allow/Block List in the Microsoft Defender portal.
It will work across the Defender XDR web portal, and all Teams clients, and the update will not change existing domain blocks or federation configurations in the Teams admin center.
Before using the feature, organizations must enable two settings in the Teams admin center, which are disabled by default: "Block specific users from communicating with people in my organization" and "Allow my security team to manage blocked domains and blocked users."
Once enabled, it will allow security admins with Teams permissions to add, delete, and view blocked external users and domains directly from the Defender portal. The system supports up to 4,000 blocked domains and 200 email addresses.
The capability will be available to all organizations using Teams with Microsoft Defender for Office 365 Plan 1 or Plan 2 subscriptions.
"This centralized approach enhances security and compliance by enabling organizations to control external user access across Microsoft 365 services," Microsoft said in a Microsoft 365 message center update. "Rollout begins early January 2026 and is expected to complete by mid-January 2026."
This feature was designed to block cybercrime gangs (including ransomware groups) from abusing Teams in social engineering attacks targeting victims' employees.
Teams will also warn admins about suspicious traffic from external domains and will automatically strengthen messaging security by default in January against malicious content by enabling malicious URL detection, weaponizable file type protection, and a system for reporting false positives.
Over 320 million people use Teams each month, as Microsoft revealed during its 2024 Enterprise Connect conference.
Break down IAM silos like Bitpanda, KnowBe4, and PathAI
Broken IAM isn't just an IT problem - the impact ripples across your whole business.
This practical guide covers why traditional IAM practices fail to keep up with modern demands, examples of what "good" IAM looks like, and a simple checklist for building a scalable strategy.