You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In this example, we create an ExternalAccessPolicy named "GranularFederationExample" that allows communication with specific external domains, namely `example1.com` and `example2.com`. The federation policy is set to restrict communication to only these allowed domains. After that, we still have to enable the `CustomizeFederation` setting in the TenantFederationConfiguration to allow the federation settings as defined in the ExternalAccessPolicy to work.
136
+
In this example, we create an ExternalAccessPolicy named "GranularFederationExample" that allows communication with specific external domains, namely `example1.com` and `example2.com`. The federation policy is set to restrict communication to only these allowed domains.
Indicates the domains that are allowed to communicate with the users of this policy. This is referenced only when `CommunicationWithExternalOrgs` is set to be `AllowSpecificExternalDomains`.
166
+
> [!NOTE]
167
+
> Please note that this parameter is in Private Preview.
168
+
169
+
Specifies the external domains allowed to communicate with users assigned to this policy. This setting is applicable only when `CommunicationWithExternalOrgs` is configured to `AllowSpecificExternalDomains`. This setting can be modified only in custom policy. In Global (default) policy `CommunicationWithExternalOrgs` can only be set to `OrganizationDefault` and cannot be changed.
Indicates the domains that are blocked from communicating with the users of this policy. This is referenced only when `CommunicationWithExternalOrgs` is set to be `BlockSpecificExternalDomains`.
184
+
> [!NOTE]
185
+
> Please note that this parameter is in Private Preview.
186
+
187
+
Specifies the external domains blocked from communicating with users assigned to this policy. This setting is applicable only when `CommunicationWithExternalOrgs` is configured to `BlockSpecificExternalDomains`. This setting can be modified only in custom policy. In Global (default) policy `CommunicationWithExternalOrgs` can only be set to `OrganizationDefault` and cannot be changed.
Indicates how the users get assigned by this policy can communicate with the external orgs. There are 5 options:
202
+
> [!NOTE]
203
+
> Please note that this parameter is in Private Preview.
204
+
205
+
Indicates how users assigned to the policy can communicate with external organizations (domains). This setting has 5 possible values:
197
206
198
-
- OrganizationDefault: the users of this policy will follow the federation settings defined in TenantFederationConfiguration
199
-
- AllowAllExternalDomains: the users are open to communicate with all domains
200
-
- AllowSpecificExternalDomains: the users can only communicate with the users of the domains defined in `AllowedExternalDomains`
201
-
- BlockSpecificExternalDomains: only users from the domains defined in `BlockedExternalDomains` are blocked from communicating with the users of this policy
202
-
- BlockAllExternalDomains: the users are not able to communicate with any external domains
207
+
- OrganizationDefault: users follow the federation settings specified in `TenantFederationConfiguration`. This is the default value.
208
+
- AllowAllExternalDomains: users are allowed to communicate with all domains.
209
+
- AllowSpecificExternalDomains: users can communicate with external domains listed in `AllowedExternalDomains`.
210
+
- BlockSpecificExternalDomains: users are blocked from communicating with domains listed in `BlockedExternalDomains`.
211
+
- BlockAllExternalDomains: users cannot communicate with any external domains.
203
212
213
+
The setting is only applicable when `EnableFederationAccess` is set to true. This setting can only be modified in custom policies. In the Global (default) policy, it is fixed to `OrganizationDefault` and cannot be changed.
In this example, we create an ExternalAccessPolicy named "GranularFederationExample" that allows communication with specific external domains, namely `example1.com` and `example2.com`. The federation policy is set to restrict communication to only these allowed domains. After that, we still have to enable the `CustomizeFederation` setting in the TenantFederationConfiguration to allow the federation settings as defined in the ExternalAccessPolicy to work.
145
+
In this example, we create an ExternalAccessPolicy named "GranularFederationExample" that allows communication with specific external domains, namely `example1.com` and `example2.com`. The federation policy is set to restrict communication to only these allowed domains.
Indicates the domains that are allowed to communicate with the users of this policy. This is referenced only when `CommunicationWithExternalOrgs` is set to be `AllowSpecificExternalDomains`
189
+
> [!NOTE]
190
+
> Please note that this parameter is in Private Preview.
191
+
192
+
Specifies the external domains allowed to communicate with users assigned to this policy. This setting is applicable only when `CommunicationWithExternalOrgs` is configured to `AllowSpecificExternalDomains`. This setting can be modified only in custom policy. In Global (default) policy `CommunicationWithExternalOrgs` can only be set to `OrganizationDefault` and cannot be changed.
Indicates the domains that are blocked from communicating with the users of this policy. This is referenced only when `CommunicationWithExternalOrgs` is set to be `BlockSpecificExternalDomains`
207
+
> [!NOTE]
208
+
> Please note that this parameter is in Private Preview.
209
+
210
+
Specifies the external domains blocked from communicating with users assigned to this policy. This setting is applicable only when `CommunicationWithExternalOrgs` is configured to `BlockSpecificExternalDomains`. This setting can be modified only in custom policy. In Global (default) policy `CommunicationWithExternalOrgs` can only be set to `OrganizationDefault` and cannot be changed.
> Please note that this parameter is in Private Preview.
227
+
220
228
Indicates how the users get assigned by this policy can communicate with the external orgs. There are 5 options:
221
229
222
-
- OrganizationDefault: the users of this policy will follow the federation settings defined in TenantFederationConfiguration.
223
-
- AllowAllExternalDomains: the users are open to communicate with all domains.
224
-
- AllowSpecificExternalDomains: the users can only communicate with the users of the domains defined in `AllowedExternalDomains`.
225
-
- BlockSpecificExternalDomains: only users from the domains defined in `BlockedExternalDomains` are blocked from communicating with the users of this policy.
226
-
- BlockAllExternalDomains: the users are not able to communicate with any external domains.
230
+
- OrganizationDefault: users follow the federation settings specified in `TenantFederationConfiguration`. This is the default value.
231
+
- AllowAllExternalDomains: users are allowed to communicate with all domains.
232
+
- AllowSpecificExternalDomains: users can communicate with external domains listed in `AllowedExternalDomains`.
233
+
- BlockSpecificExternalDomains: users are blocked from communicating with domains listed in `BlockedExternalDomains`.
234
+
- BlockAllExternalDomains: users cannot communicate with any external domains.
227
235
236
+
The setting is only applicable when `EnableFederationAccess` is set to true. This setting can only be modified in custom policies. In the Global (default) policy, it is fixed to `OrganizationDefault` and cannot be changed.
0 commit comments