Skip to Content

How can admins block external Microsoft Teams users using Microsoft Defender for Office 365 in January 2026?

By: Author Alex Lim

Posted on

Categories Microsoft

Home » Microsoft » How can admins block external Microsoft Teams users using Microsoft Defender for Office 365 in January 2026?

What changes in MC1200058 for blocking external Teams users in the Defender portal (rollout January 2026)?

Microsoft is adding a new control for Microsoft Teams. Administrators will be able to block external Teams users and external domains from the Microsoft Defender for Office 365 portal. Microsoft announced this change in the Microsoft 365 Message Center on December 19, 2025, under MC1200058.

The feature rolls out in early January 2026. Microsoft expects completion by mid-January 2026. The control lives in the Tenant Allow/Block List (TABL) inside the Microsoft Defender portal.

What the new control does

This integration lets security teams manage external access in one place. It targets incoming interactions from external users in Teams.

Once an external user is blocked:

  • Teams blocks new inbound communication from that user. This includes chats, channels, meetings, and calls.
  • Teams removes existing content from that blocked user automatically (as described in the notice).
  • Audit logs record the block actions for review and compliance tracking.

Who can manage it

Security administrators can manage these entries in the Microsoft Defender portal. Microsoft notes a permission dependency: the security admin needs Teams administrator rights to perform the Teams-related block management.

Admins can:

  • Add blocked external users (by email address).
  • Add blocked external domains.
  • View and remove existing entries.

Input limits and scope

Microsoft sets fixed caps for this Teams integration:

  • Up to 4,000 blocked domains.
  • Up to 200 blocked email addresses.

Microsoft states the policy applies across Teams clients and the Defender XDR web experience. Existing federation settings and domain blocks configured in the Teams admin center remain unchanged by this rollout.

What this changes operationally

This update centralizes external blocking in the Defender portal. That helps when you already use TABL to manage allow/block decisions across Microsoft 365 security surfaces. It also simplifies audits, because block activity appears in audit logs tied to Defender-based actions.

It also raises a process need: blocking now has direct user-impact in Teams. A block can stop future contact and remove prior content, so change control and documentation matter for internal reviews.

What to do before rollout

  1. Confirm licensing: Microsoft states this applies to organizations using Teams plus Microsoft Defender for Office 365 Plan 1 or Plan 2.
  2. Confirm roles: ensure the admins who will manage this have Teams admin rights.
  3. Define criteria: decide what triggers a block (domains, specific users, incident types).
  4. Prepare communications: align Helpdesk, Security, and Compliance on expected user experience.
  5. Plan governance: decide who can add entries, who can approve them, and how long blocks stay active.

Where to verify details

Use the Microsoft 365 Admin Center Message Center entry MC1200058 for Microsoft-provided screenshots and the final UI paths during rollout. Microsoft also references Microsoft 365 Roadmap ID 542189 for tracking.