Skip to content

Add descriptions to granular federation control field #12143

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 5 commits into from
Oct 2, 2024
Merged

Add descriptions to granular federation control field #12143

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
7978591
Update Set-CsTenantFederationConfiguration.md
krammerliu Sep 27, 2024
879885e
Update Set-CsExternalAccessPolicy.md
krammerliu Sep 30, 2024
8f0e276
Update Set-CsTenantFederationConfiguration.md
krammerliu Sep 30, 2024
96a32ee
remove Skype for Business Online
krammerliu Oct 2, 2024
b35fdb0
Merge branch 'main' into patch-3
rjagiewich Oct 2, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
62 changes: 60 additions & 2 deletions teams/teams-ps/teams/Set-CsExternalAccessPolicy.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ This cmdlet was introduced in Lync Server 2010.

### Identity (Default)
```
Set-CsExternalAccessPolicy [-Tenant <Guid>] [-Description <String>] [-EnableFederationAccess <Boolean>] [-EnableAcsFederationAccess <Boolean>]
Set-CsExternalAccessPolicy [-Tenant <Guid>] [-Description <String>] [-EnableFederationAccess <Boolean>] [-CommunicationWithExternalOrgs <Boolean>] [-AllowedExternalDomains <List>] [-BlockedExternalDomains <List>] [-EnableAcsFederationAccess <Boolean>]
[-EnableXmppAccess <Boolean>] [-EnablePublicCloudAccess <Boolean>]
[-EnablePublicCloudAudioVideoAccess <Boolean>] [-EnableTeamsConsumerAccess <Boolean>] [-EnableTeamsConsumerInbound <Boolean>] [-EnableOutsideAccess <Boolean>] [[-Identity] <XdsIdentity>]
[-RestrictTeamsConsumerAccessToExternalUserProfiles <Boolean>] [-EnableTeamsSmsAccess <Boolean>]
Expand All @@ -28,7 +28,7 @@ Set-CsExternalAccessPolicy [-Tenant <Guid>] [-Description <String>] [-EnableFede

### Instance
```
Set-CsExternalAccessPolicy [-Tenant <Guid>] [-Description <String>] [-EnableFederationAccess <Boolean>] [-EnableAcsFederationAccess <Boolean>]
Set-CsExternalAccessPolicy [-Tenant <Guid>] [-Description <String>] [-EnableFederationAccess <Boolean>] [-CommunicationWithExternalOrgs <Boolean>] [-AllowedExternalDomains <List>] [-BlockedExternalDomains <List>] [-EnableAcsFederationAccess <Boolean>]
[-EnableXmppAccess <Boolean>] [-EnablePublicCloudAccess <Boolean>]
[-RestrictTeamsConsumerAccessToExternalUserProfiles <Boolean>] [-EnableTeamsSmsAccess <Boolean>]
[-EnablePublicCloudAudioVideoAccess <Boolean>] [-EnableTeamsConsumerAccess <Boolean>] [-EnableTeamsConsumerInbound <Boolean>] [-EnableOutsideAccess <Boolean>] [-Instance <PSObject>]
Expand Down Expand Up @@ -118,6 +118,14 @@ New-CsExternalAccessPolicy -Identity AcsFederationNotAllowed -EnableAcsFederatio

In this example, the Global policy is updated to allow Teams-ACS federation for all users, then a new external access policy instance is created with Teams-ACS federation disabled and which can then be assigned to selected users for which Team-ACS federation will not be allowed.

### -------------------------- Example 6 ------------------------
```
New-CsExternalAccessPolicy -Identity GranularFederationExample -CommunicationWithExternalOrgs "AllowSpecificExternalDomains" -AllowedExternalDomains @("example1.com", "example2.com")
Set-CsTenantFederationConfiguration -CustomizeFederation $true
```

In this example, we create an ExternalAccessPolicy named "GranularFederationExample" that allows communication with specific external domains, namely `example1.com` and `example2.com`. The federation policy is set to restrict communication to only these allowed domains. After that, we still have to enable the `CustomizeFederation` setting in the TenantFederationConfiguration to allow the federation settings as defined in the ExternalAccessPolicy to work.

## PARAMETERS

### -Identity
Expand Down Expand Up @@ -194,6 +202,56 @@ Accept pipeline input: False
Accept wildcard characters: False
```

### -CommunicationWithExternalOrgs
Indicates how the users get assigned by this policy can communicate with the external orgs. There are 5 options:
* OrganizationDefault: the users of this policy will follow the federation settings defined in TenantFederationConfiguration
* AllowAllExternalDomains: the users are open to communicate with all domains
* AllowSpecificExternalDomains: the users can only communicate with the users of the domains defined in `AllowedExternalDomains`
* BlockSpecificExternalDomains: only users from the domains defined in `BlockedExternalDomains` are blocked from communicating with the users of this policy
* BlockAllExternalDomains: the users are not able to communicate with any external domains
```yaml
Type: String
Parameter Sets: (All)
Aliases:
Applicable: Lync Server 2010, Lync Server 2013, Skype for Business Server 2015, Skype for Business Server 2019

Required: False
Position: Named
Default value: OrganizationDefault
Accept pipeline input: False
Accept wildcard characters: False
```

### -AllowedExternalDomains
Indicates the domains that are allowed to communicate with the users of this policy. This is referenced only when `CommunicationWithExternalOrgs` is set to be `AllowSpecificExternalDomains`
```yaml
Type: List
Parameter Sets: (All)
Aliases:
Applicable: Lync Server 2010, Lync Server 2013, Skype for Business Server 2015, Skype for Business Server 2019

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
```

### -BlockedExternalDomains
Indicates the domains that are blocked from communicating with the users of this policy. This is referenced only when `CommunicationWithExternalOrgs` is set to be `BlockSpecificExternalDomains`
```yaml
Type: List
Parameter Sets: (All)
Aliases:
Applicable: Lync Server 2010, Lync Server 2013, Skype for Business Server 2015, Skype for Business Server 2019

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
```

### -EnableAcsFederationAccess
Indicates whether Teams meeting organized by the user can be joined by users of customer applications built using Azure Communication Services (ACS). This policy setting only applies if ACS Teams federation has been enabled at the tenant level using the cmdlet Set-CsTeamsAcsFederationConfiguration.

Expand Down
27 changes: 25 additions & 2 deletions teams/teams-ps/teams/Set-CsTenantFederationConfiguration.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ Set-CsTenantFederationConfiguration [-Tenant <Guid>]
[-AllowedDomains <IAllowedDomainsChoice>] [-BlockedDomains <List>] [-BlockAllSubdomains <Boolean>]
[-AllowFederatedUsers <Boolean>] [-AllowPublicUsers <Boolean>] [-AllowTeamsConsumer <Boolean>] [-AllowTeamsConsumerInbound <Boolean>]
[-TreatDiscoveredPartnersAsUnverified <Boolean>] [-SharedSipAddressSpace <Boolean>] [-RestrictTeamsConsumerToExternalUserProfiles <Boolean>]
[-AllowedDomainsAsAList <List>] [-ExternalAccessWithTrialTenants <ExternalAccessWithTrialTenantsType>]
[-AllowedDomainsAsAList <List>] [-ExternalAccessWithTrialTenants <ExternalAccessWithTrialTenantsType>] [-CustomizeFederation <Boolean>]
[[-Identity] <XdsIdentity>] [-Force] [-WhatIf] [-Confirm] [<CommonParameters>]
```

Expand All @@ -33,7 +33,7 @@ Set-CsTenantFederationConfiguration [-Tenant <Guid>]
Set-CsTenantFederationConfiguration [-Tenant <Guid>] [-AllowedDomains <IAllowedDomainsChoice>]
[-BlockedDomains <List>] [-BlockAllSubdomains <Boolean>] [-AllowFederatedUsers <Boolean>] [-AllowPublicUsers <Boolean>]
[-TreatDiscoveredPartnersAsUnverified <Boolean>] [-SharedSipAddressSpace <Boolean>] [-RestrictTeamsConsumerToExternalUserProfiles <Boolean>]
[-AllowedDomainsAsAList <List>] [-Instance <PSObject>] [-Force] [-WhatIf] [-Confirm] [<CommonParameters>]
[-AllowedDomainsAsAList <List>] [-CustomizeFederation <Boolean>] [-Instance <PSObject>] [-Force] [-WhatIf] [-Confirm] [<CommonParameters>]
```

## DESCRIPTION
Expand Down Expand Up @@ -175,6 +175,13 @@ Set-CsTenantFederationConfiguration -ExternalAccessWithTrialTenants "Allowed"

Example 11 shows how you can allow users to communicate with users in tenants that contain only trial licenses (default value is Blocked).

### -------------------------- Example 12 -------------------------
```
Set-CsTenantFederationConfiguration -CustomizeFederation $True
```

Example 12 shows how you can enable the feature where you can customize your federation in ExternalAccessPolicy.


## PARAMETERS

Expand Down Expand Up @@ -484,6 +491,22 @@ Accept pipeline input: False
Accept wildcard characters: False
```

### -CustomizeFederation
Defines if we enable more customized federation settings in ExternalAccessPolicy or not. For example, when this is true, if the `AllowedDomains` includes [a.com, b.com], but the `AllowedExternalDomains` of the ExternalAccessPolicy includes [c.com], then users assigned by the ExternalAccessPolicy will only be allowed to access c.com, all other users will have access to a.com and b.com as defined in `AllowedDomains`.
Possible values: True, False

```yaml
Type: Boolean
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
```

### -WhatIf
Describes what would happen if you executed the command without actually executing the command.

Expand Down