You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In this example, we create an ExternalAccessPolicy named "GranularFederationExample" that allows communication with specific external domains, namely `example1.com` and `example2.com`. The federation policy is set to restrict communication to only these allowed domains. After that, we still have to enable the `CustomizeFederation` setting in the TenantFederationConfiguration to allow the federation settings as defined in the ExternalAccessPolicy to work.
139
+
In this example, we create an ExternalAccessPolicy named "GranularFederationExample" that allows communication with specific external domains, namely `example1.com` and `example2.com`. The federation policy is set to restrict communication to only these allowed domains.
Indicates the domains that are allowed to communicate with the users of this policy. This is referenced only when `CommunicationWithExternalOrgs` is set to be `AllowSpecificExternalDomains`.
169
+
> [!NOTE]
170
+
> Please note that this parameter is in Private Preview.
171
+
172
+
Indicates the domains that are allowed to communicate with the users of this policy. This is referenced only when `CommunicationWithExternalOrgs` is set to be `AllowSpecificExternalDomains`. Only custom policies can change this setting. In Global (default) policy this setting should be default value always and is not allowed to be changed.
Indicates the domains that are blocked from communicating with the users of this policy. This is referenced only when `CommunicationWithExternalOrgs` is set to be `BlockSpecificExternalDomains`.
187
+
> [!NOTE]
188
+
> Please note that this parameter is in Private Preview.
189
+
190
+
Indicates the domains that are blocked from communicating with the users of this policy. This is referenced only when `CommunicationWithExternalOrgs` is set to be `BlockSpecificExternalDomains`. Only custom policies can change this setting. In Global (default) policy this setting should be default value always and is not allowed to be changed.
> Please note that this parameter is in Private Preview.
207
+
199
208
Indicates how the users get assigned by this policy can communicate with the external orgs. There are 5 options:
200
209
201
-
- OrganizationDefault: the users of this policy will follow the federation settings defined in TenantFederationConfiguration
202
-
- AllowAllExternalDomains: the users are open to communicate with all domains
203
-
- AllowSpecificExternalDomains: the users can only communicate with the users of the domains defined in `AllowedExternalDomains`
204
-
- BlockSpecificExternalDomains: only users from the domains defined in `BlockedExternalDomains` are blocked from communicating with the users of this policy
205
-
- BlockAllExternalDomains: the users are not able to communicate with any external domains
210
+
- OrganizationDefault: the users of this policy will follow the federation settings defined in TenantFederationConfiguration.
211
+
- AllowAllExternalDomains: the users are open to communicate with all domains.
212
+
- AllowSpecificExternalDomains: the users can only communicate with the users of the domains defined in `AllowedExternalDomains`.
213
+
- BlockSpecificExternalDomains: only users from the domains defined in `BlockedExternalDomains` are blocked from communicating with the users of this policy.
214
+
- BlockAllExternalDomains: the users are not able to communicate with any external domains.
206
215
216
+
The setting only applies if `EnableFederationAccess` is true. Simiar to `AllowedExternalDomains` and `BlockedExternalDomains`, only custom policies can change this setting. In Global (default) policy this setting should be default value always and is not allowed to be changed.
0 commit comments