Update Set-CsExternalAccessPolicy.md #12720
Conversation
|
Learn Build status updates of commit 2dfc1bc: ✅ Validation status: passed
For more details, please refer to the build report. For any questions, please:
|
|
Learn Build status updates of commit d717c46: ✅ Validation status: passed
For more details, please refer to the build report. For any questions, please:
|
|
Learn Build status updates of commit 6ff6201: ✅ Validation status: passed
For more details, please refer to the build report. For any questions, please:
|
|
Learn Build status updates of commit 91d96c4: ✅ Validation status: passed
For more details, please refer to the build report. For any questions, please:
|
michbrown-png
added
Sign off
| > [!NOTE] | ||
| > Please note that this parameter is in Private Preview. | ||
|
|
||
| Indicates the domains that are allowed to communicate with the users of this policy. This is referenced only when `CommunicationWithExternalOrgs` is set to be `AllowSpecificExternalDomains`. Only custom policies can change this setting. In Global (default) policy this setting should be default value always and is not allowed to be changed. |
There was a problem hiding this comment.
@krammerliu I may not be aware of the most recent changes to GFC plan, therefore, asking. Are we saying that global org wide external access policy will not allow specifying Specific domains? This would only be available in org settings page?
There was a problem hiding this comment.
@MJMicrosoft yes and no. Are we saying that global org wide external access policy will not allow specifying Specific domains? <- yes, but for "This would only be available in org settings page?" <- this would only be available in external access policy page, which is not enabled yet in our preview
There was a problem hiding this comment.
@krammerliu shouldn't we update the Tenant Federation config doc as well in this case ?
There was a problem hiding this comment.
@krammerliu just to make sure that I understand this correctly:
external access org wide policy - will only have 2 options:
- Off
- follow org settings
Correct?
External access custom policies will have 5 options:
- Follow org settings
- Allow specific
- Allow all
- Block specific
- Block all
Correct?
I am probably not getting that information reading the document.
There was a problem hiding this comment.
@MJMicrosoft for custom polies, yes. for org wide policy, based on "In Global (default) policy this setting should be default value always and is not allowed to be changed", it will be "Follow org settings" by default and customers can't change this value
| > [!NOTE] | ||
| > Please note that this parameter is in Private Preview. | ||
|
|
||
| Indicates the domains that are blocked from communicating with the users of this policy. This is referenced only when `CommunicationWithExternalOrgs` is set to be `BlockSpecificExternalDomains`. Only custom policies can change this setting. In Global (default) policy this setting should be default value always and is not allowed to be changed. | ||
|
|
There was a problem hiding this comment.
@krammerliu same question as above.
|
|
||
| The setting only applies if `EnableFederationAccess` is true. Simiar to `AllowedExternalDomains` and `BlockedExternalDomains`, only custom policies can change this setting. In Global (default) policy this setting should be default value always and is not allowed to be changed. |
There was a problem hiding this comment.
@krammerliu should we add clarity about what is the default value?
There was a problem hiding this comment.
@MJMicrosoft yes, the default value is listed below (line #214 before the change. line #224 in the new change)
There was a problem hiding this comment.
But that is not clear enough I feel . OrganizationDefault , is what it says right ? What I am missing is the default behavior
There was a problem hiding this comment.
hi @akhilsoman what's missing in your opinion based on "the users of this policy will follow the federation settings defined in TenantFederationConfiguration"? feel free to suggest. thanks!
| > [!NOTE] | ||
| > Please note that this parameter is in Private Preview. | ||
|
|
||
| Indicates the domains that are allowed to communicate with the users of this policy. This is referenced only when `CommunicationWithExternalOrgs` is set to be `AllowSpecificExternalDomains`. Only custom policies can change this setting. In Global (default) policy this setting should be default value always and is not allowed to be changed. |
There was a problem hiding this comment.
@krammerliu should we add clarity about what is the default value?
There was a problem hiding this comment.
default value is listed below, which is an empty list
There was a problem hiding this comment.
Specifies the external domains allowed to communicate with users assigned to this policy. This setting is applicable only when CommunicationWithExternalOrgs is configured to AllowSpecificExternalDomains. This setting can be modified only in custom policy. In Global (default) policy CommunicationWithExternalOrgs can only be set to OrganizationDefault and cannot be changed.
| > [!NOTE] | ||
| > Please note that this parameter is in Private Preview. | ||
|
|
||
| Indicates the domains that are allowed to communicate with the users of this policy. This is referenced only when `CommunicationWithExternalOrgs` is set to be `AllowSpecificExternalDomains`. Only custom policies can change this setting. In Global (default) policy this setting should be default value always and is not allowed to be changed. |
There was a problem hiding this comment.
Specifies the external domains allowed to communicate with users assigned to this policy. This setting is applicable only when CommunicationWithExternalOrgs is configured to AllowSpecificExternalDomains. This setting can be modified only in custom policy. In Global (default) policy CommunicationWithExternalOrgs can only be set to OrganizationDefault and cannot be changed.
| > [!NOTE] | ||
| > Please note that this parameter is in Private Preview. | ||
|
|
||
| Indicates the domains that are blocked from communicating with the users of this policy. This is referenced only when `CommunicationWithExternalOrgs` is set to be `BlockSpecificExternalDomains`. Only custom policies can change this setting. In Global (default) policy this setting should be default value always and is not allowed to be changed. |
There was a problem hiding this comment.
Specifies the external domains blocked from communicating with users assigned to this policy. This setting is applicable only when CommunicationWithExternalOrgs is configured to BlockSpecificExternalDomains. This setting can be modified only in custom policy. In Global (default) policy CommunicationWithExternalOrgs can only be set to OrganizationDefault and cannot be changed.
| @@ -196,14 +202,18 @@ Accept wildcard characters: False | |||
| ``` | |||
|
|
|||
| ### -CommunicationWithExternalOrgs | |||
| > [!NOTE] | |||
| > Please note that this parameter is in Private Preview. | |||
|
|
|||
| Indicates how the users get assigned by this policy can communicate with the external orgs. There are 5 options: | |||
There was a problem hiding this comment.
Indicates how users assigned to the policy can communicate with external organizations (domains). This setting has 5 possible values:
| - AllowSpecificExternalDomains: the users can only communicate with the users of the domains defined in `AllowedExternalDomains` | ||
| - BlockSpecificExternalDomains: only users from the domains defined in `BlockedExternalDomains` are blocked from communicating with the users of this policy | ||
| - BlockAllExternalDomains: the users are not able to communicate with any external domains | ||
| - OrganizationDefault: the users of this policy will follow the federation settings defined in TenantFederationConfiguration. |
There was a problem hiding this comment.
- OrganizationDefault: users follow the federation settings specified in
TenantFederationConfiguration. This is the default value.
| - BlockSpecificExternalDomains: only users from the domains defined in `BlockedExternalDomains` are blocked from communicating with the users of this policy | ||
| - BlockAllExternalDomains: the users are not able to communicate with any external domains | ||
| - OrganizationDefault: the users of this policy will follow the federation settings defined in TenantFederationConfiguration. | ||
| - AllowAllExternalDomains: the users are open to communicate with all domains. |
There was a problem hiding this comment.
- AllowAllExternalDomains: the users are allowed to communicate with all domains.
| > [!NOTE] | ||
| > Please note that this parameter is in Private Preview. | ||
|
|
||
| Indicates the domains that are blocked from communicating with the users of this policy. This is referenced only when `CommunicationWithExternalOrgs` is set to be `BlockSpecificExternalDomains`. Only custom policies can change this setting. In Global (default) policy this setting should be default value always and is not allowed to be changed. |
There was a problem hiding this comment.
Specifies the external domains blocked from communicating with users assigned to this policy. This setting is applicable only when CommunicationWithExternalOrgs is configured to BlockSpecificExternalDomains. This setting can be modified only in custom policy. In Global (default) policy CommunicationWithExternalOrgs can only be set to OrganizationDefault and cannot be changed.
| @@ -230,6 +235,9 @@ Accept wildcard characters: False | |||
| ``` | |||
|
|
|||
| ### -CommunicationWithExternalOrgs | |||
| > [!NOTE] | |||
| > Please note that this parameter is in Private Preview. | |||
|
|
|||
| Indicates how the users get assigned by this policy can communicate with the external orgs. There are 5 options: | |||
|
|
|||
| - OrganizationDefault: the users of this policy will follow the federation settings defined in TenantFederationConfiguration. | |||
There was a problem hiding this comment.
-OrganizationDefault: users follow the federation settings specified in TenantFederationConfiguration. This is the default value.
| @@ -238,6 +246,7 @@ Indicates how the users get assigned by this policy can communicate with the ext | |||
| - BlockSpecificExternalDomains: only users from the domains defined in `BlockedExternalDomains` are blocked from communicating with the users of this policy. | |||
There was a problem hiding this comment.
-BlockSpecificExternalDomains: users are blocked from communicating with domains listed in BlockedExternalDomains
| @@ -238,6 +246,7 @@ Indicates how the users get assigned by this policy can communicate with the ext | |||
| - BlockSpecificExternalDomains: only users from the domains defined in `BlockedExternalDomains` are blocked from communicating with the users of this policy. | |||
| - BlockAllExternalDomains: the users are not able to communicate with any external domains. | |||
There was a problem hiding this comment.
-BlockAllExternalDomains: users cannot communicate with any external domains.
| @@ -238,6 +246,7 @@ Indicates how the users get assigned by this policy can communicate with the ext | |||
| - BlockSpecificExternalDomains: only users from the domains defined in `BlockedExternalDomains` are blocked from communicating with the users of this policy. | |||
| - BlockAllExternalDomains: the users are not able to communicate with any external domains. | |||
|
|
|||
| The setting only applies if `EnableFederationAccess` is true. Simiar to `AllowedExternalDomains` and `BlockedExternalDomains`, only custom policies can change this setting. In Global (default) policy this setting should be default value always and is not allowed to be changed. | |||
There was a problem hiding this comment.
The setting is only applicable when EnableFederationAccess is set to true. This setting can only be modified in custom policies. In the Global (default) policy, it is fixed to OrganizationDefault and cannot be changed.
|
Learn Build status updates of commit 6c01f10: ✅ Validation status: passed
For more details, please refer to the build report. For any questions, please:
|
|
Learn Build status updates of commit 46edee9: ✅ Validation status: passed
For more details, please refer to the build report. For any questions, please:
|
| - BlockAllExternalDomains: the users are not able to communicate with any external domains | ||
| - OrganizationDefault: users follow the federation settings specified in `TenantFederationConfiguration`. This is the default value. | ||
| - AllowAllExternalDomains: users are allowed to communicate with all domains. | ||
| - AllowSpecificExternalDomains: users the users can communicate with external domains listed in `AllowedExternalDomains`. |
There was a problem hiding this comment.
Remove the "users the"
| - BlockAllExternalDomains: the users are not able to communicate with any external domains. | ||
| - OrganizationDefault: users follow the federation settings specified in `TenantFederationConfiguration`. This is the default value. | ||
| - AllowAllExternalDomains: users are allowed to communicate with all domains. | ||
| - AllowSpecificExternalDomains: users the users can communicate with external domains listed in `AllowedExternalDomains`. |
|
Learn Build status updates of commit cc68787: ✅ Validation status: passed
For more details, please refer to the build report. For any questions, please:
|
|
Learn Build status updates of commit bf8c657: ✅ Validation status: passed
For more details, please refer to the build report. For any questions, please:
|
michbrown-png
added
the
Sign off
|
Learn Build status updates of commit a088edb: ✅ Validation status: passed
For more details, please refer to the build report. For any questions, please:
|
No description provided.