Added documentation for Teams block in TABL

TABL is added support for blocking domains in Teams admin center. So added a new document for it. Updated TABL, Microsoft Teams overview, Microsoft secops guide to call it out.

Author: dhairyya

defender-office-365/mdo-support-teams-about.md

@@ -16,7 +16,7 @@ ms.collection:
   - tier1
 description: Admins can learn about Microsoft Teams features in Microsoft Defender for Office 365 Plan 2.
 ms.service: defender-office-365
-ms.date: 07/24/2025
+ms.date: 07/28/2025
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/mdo-about#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 Plan 2</a>
 ---
@@ -30,7 +30,7 @@ appliesto:
 With the increased use of collaboration tools like Microsoft Teams, the possibility of malicious attacks using chat messages has also increased. Microsoft Defender for Office 365 already provides the following Teams protection features:
 
 - Time of click protection for URLs and files in Teams messages through [Safe Links for Microsoft Teams](safe-links-about.md#safe-links-settings-for-microsoft-teams) and [Safe Attachments for SharePoint, OneDrive, and Microsoft Teams](safe-attachments-for-spo-odfb-teams-about.md).
-- Allow/block [URLs](tenant-allow-block-list-urls-configure.md) and [files](tenant-allow-block-list-files-configure.md) inside Teams using Tenant Allow Block Lists.
+- Allow/block [domains](tenant-allow-block-list-teams-domain-configure.md), [URLs](tenant-allow-block-list-urls-configure.md) and [files](tenant-allow-block-list-files-configure.md) inside Teams using Tenant Allow Block Lists.
 
 In Microsoft 365 E5 and Defender for Office 365 Plan 2, we've extended Teams protection with a set of capabilities that are designed to disrupt the attack chain:
 

defender-office-365/mdo-support-teams-sec-ops-guide.md

@@ -16,7 +16,7 @@ ms.collection:
   - tier1
 description: A prescriptive playbook for SecOps personnel to manage Microsoft Teams protection in Microsoft Defender for Office 365.
 ms.service: defender-office-365
-ms.date: 04/22/2025
+ms.date: 07/28/2025
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/mdo-about#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 Plan 2</a>
 ---
@@ -59,7 +59,7 @@ SecOps team members can also use block entries in the Tenant Allow/Block List to
 SecOps team members can use threat hunting or information from external threat intelligence feeds to proactively respond to false negative Teams messages (bad messages allowed). They can use the information to proactively block threats. For example:
 
 - [Create URL block entries](tenant-allow-block-list-urls-configure.md#create-block-entries-for-urls) in the Tenant Allow/Block List in Defender for Office 365. Block entries apply at time of click for URLs in Teams.  
-- [Block domains in Teams using the Teams admin center](/microsoftteams/trusted-organizations-external-meetings-chat#specify-trusted-microsoft-365-organizations).
+- [Block domains in Teams using the Tenant Allow/Block List](tenant-allow-block-list-teams-domain-configure.md).
 - Submit undetected URLs to Microsoft using [admin submission](submissions-admin.md#report-questionable-urls-to-microsoft).
 
 > [!TIP]

defender-office-365/tenant-allow-block-list-about.md

@@ -8,7 +8,7 @@ manager: deniseb
 audience: ITPro
 ms.topic: how-to
 ms.localizationpriority: medium
-ms.date: 07/08/2025
+ms.date: 07/28/2025
 search.appverid:
 - MET150
 ms.collection:
@@ -30,9 +30,9 @@ appliesto:
 > [!IMPORTANT]
 > To allow phishing URLs that are part of non-Microsoft attack simulation training, use the [advanced delivery configuration](advanced-delivery-policy-configure.md) to specify the URLs. Don't use the Tenant Allow/Block List.
 
-You might occasionally disagree with the filtering verdict from the default email protections for cloud mailboxes or from Microsoft Defender for Office 365. For example, a good message might be marked as bad (a false positive), or a bad message might be allowed through (a false negative).
+You might occasionally disagree with the filtering verdict from Microsoft Defender for Office 365 for cloud email mailboxes or Microsoft Teams or Office apps. For example, a good message might be marked as bad (a false positive), or a bad message might be allowed through (a false negative) or a URL might be blocked when it shouldn't have.
 
-The Tenant Allow/Block List in the Microsoft Defender portal gives you a way to manually override filtering verdicts. The list is used during mail flow or time of click for incoming messages from external senders.
+The Tenant Allow/Block List in the Microsoft Defender portal gives you a way to manually override filtering verdicts. The list is used during mail flow (for email) or time of click (for Teams, Office, Email)from senders.
 
 Entries for **Domains and email addresses** and **Spoofed senders** apply to messages from both internal and external senders. Special handling applies to internal spoofing scenarios. Block entries for **Domains and email addresses** also prevent users in the organization from *sending* email to those blocked domains and addresses.
 
@@ -44,6 +44,7 @@ For usage and configuration instructions, see the following articles:
 - **Files**: [Allow or block files using the Tenant Allow/Block List](tenant-allow-block-list-files-configure.md)
 - **URLs**: [Allow or block URLs using the Tenant Allow/Block List](tenant-allow-block-list-urls-configure.md).
 - **IP addresses**: [Allow or block IPv6 addresses using the Tenant Allow/Block List](tenant-allow-block-list-ip-addresses-configure.md).
+- **Teams domains**: [Block domains in Microsoft Teams using the Tenant Allow/Block List](tenant-allow-block-list-teams-domain-configure.md).
 
 These articles contain procedures in the Microsoft Defender portal and in PowerShell.
 
@@ -73,6 +74,8 @@ In the Tenant Allow/Block List, you can also directly create block entries for t
 
 - **[IP addresses](tenant-allow-block-list-ip-addresses-configure.md#create-block-entries-for-ipv6-addresses)**: If you manually create a block entry, all incoming email messages from that IP address are dropped at the edge of the service.
 
+-  **[Teams domains]((tenant-allow-block-list-teams-domain-configure.md))**: If you manually create a block entry, all incoming communication over Teams from that domain will be blocked whereas existing communication will be deleted.
+
 By default, the following types of block entries expire after 30 days, but you can set them to expire up 90 days or to never expire:
 
 - [Domains and email addresses](tenant-allow-block-list-email-spoof-configure.md#create-block-entries-for-domains-and-email-addresses)
@@ -83,6 +86,7 @@ The following types of block entries never expire:
 
 - [Spoofed senders](tenant-allow-block-list-email-spoof-configure.md#create-block-entries-for-spoofed-senders)
 - [IP addresses](tenant-allow-block-list-ip-addresses-configure.md#create-block-entries-for-ipv6-addresses)
+- [Teams domains](tenant-allow-block-list-teams-domain-configure.md).
 
 ## Allow entries in the Tenant Allow/Block List
 

defender-office-365/tenant-allow-block-list-teams-domain-configure

@@ -0,0 +1,114 @@
+---
+title: Block domains in Microsoft Teams using the Tenant Allow/Block List
+f1.keywords:
+  - NOCSH
+ms.author: chrisda
+author: chrisda
+manager: deniseb
+audience: ITPro
+ms.topic: how-to
+ms.localizationpriority: medium
+search.appverid:
+  - MET150
+ms.collection:
+  - m365-security
+  - tier1
+description: Admins can learn how to block domains in Microsoft Teams using the Tenant Allow/Block List.
+ms.service: defender-office-365
+ms.date: 07/28/2025
+appliesto:
+  - ✅ <a href="https://learn.microsoft.com/defender-office-365/mdo-about#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 Plan 1 and Plan 2</a>
+  - ✅ <a href="https://learn.microsoft.com/defender-xdr/microsoft-365-defender" target="_blank">Microsoft Defender XDR</a>
+---
+
+# Block domains in Microsoft Teams using the Tenant Allow/Block List
+
+<!-- MDO Trial banner content goes here. If needed, manually include the banner text or leave this comment as a placeholder. -->
+
+In all organizations with Microsoft Teams with EOP, admins can create and manage entries for domains to block in the Teams Admin center using the Tenant Allow/Block List. For more information about the Tenant Allow/Block List, see [Manage allows and blocks in the Tenant Allow/Block List](tenant-allow-block-list-about.md).
+
+This article describes how security admins can manage entries for blocked domains in the Teams admin center using the Microsoft Defender portal.
+
+
+- You open the Microsoft Defender portal at <https://security.microsoft.com>. To go directly to the **Tenant Allow/Block Lists** page, use <https://security.microsoft.com/tenantAllowBlockList>. To go directly to the **Submissions** page, use <https://security.microsoft.com/reportsubmission>.
+
+- To connect to Exchange Online PowerShell, see [Connect to Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell).
+
+## What do you need to know before you begin?
+
+- Entry limits for domains:
+
+- You open the Microsoft Defender portal at <https://security.microsoft.com>. To go directly to the **Tenant Allow/Block Lists** page, use <https://security.microsoft.com/tenantAllowBlockList>. Than go to **Teams domains** tab.
+
+- Entries never expire.
+
+- An entry should be active within 5 minutes.
+
+- Once the block entry is added, all new communication from that tenant over Teams is blocked. This includes new Teams meetings, chats, channels, and calls. Existing Teams meetings, chats, channels, and calls are deleted.
+
+- You need to ensure that on the [external access policy in the teams admin center](https://admin.teams.microsoft.com/company-wide-settings/external-communications) the Teams and Skype for Business users in external organizations are configured to **Allow all external domains** or **Block only specific external domains**. If you select **Block all external domains** or **Allow only specific external domains**, than you cannot add domains v the Tenant Allow/Block List.
+
+- You also need to ensure that on the [external access policy in the teams admin center](https://admin.teams.microsoft.com/company-wide-settings/external-communications)  "Allow my security team to manage blocked domains" is enabled. If this option is disabled, you cannot do anything from the Tenant Allow/Block List.
+
+-You need to be assigned permissions before you can do the procedures in this article. You have the following options:
+  - [Microsoft Entra permissions](/entra/identity/role-based-access-control/manage-roles-portal): Membership in the **Global Administrator**<sup>\*</sup>, **Security Administrator**, **Global Reader**, or **Security Reader** roles gives users the required permissions *and* permissions for other features in Microsoft 365.
+
+## Domains for Teams in the Tenant Allow/Block List
+
+### Create block entries for domains inside Microsoft Teams via the Tenant Allow/Block List
+
+#### Use the Microsoft Defender portal to create block entries 
+
+1. In the Microsoft Defender portal at <https://security.microsoft.com>, go to **Policies & rules** \> **Threat Policies** \> **Rules** section \> **Tenant Allow/Block Lists**. Or, to go directly to the **Tenant Allow/Block Lists** page, use <https://security.microsoft.com/tenantAllowBlockList>.
+
+2. On the **Tenant Allow/Block Lists** page, verify that the **Teams domains** tab is selected.
+
+3. You need to ensure that on the [external access policy in the teams admin center](https://admin.teams.microsoft.com/company-wide-settings/external-communications) the Teams and Skype for Business users in external organizations are configured to **Allow all external domains** or **Block only specific external domains**. If you select **Block all external domains** or **Allow only specific external domains**, than you cannot add domains v the Tenant Allow/Block List.
+
+4. You also need to ensure that on the [external access policy in the teams admin center](https://admin.teams.microsoft.com/company-wide-settings/external-communications)  "Allow my security team to manage blocked domains" is enabled. If this option is disabled, you cannot do anything from the Tenant Allow/Block List.
+
+5. On the **Teams domains** tab, select :::image type="icon" source="media/m365-cc-sc-create-icon.png" border="false"::: **Add**, and then select **Block**.
+
+6. In the **Block external domains in Teams** flyout that opens, configure the following settings:
+
+   - **Add domains**: Enter one domain per line, up to a maximum of 20.
+
+7. When you're finished in the **Block external domains in Teams** flyout, select **Add**.
+
+Back on the **Teams domains** tab, the entry is listed. It will show up on the Teams admin center page after a few minutes as well.
+
+### Use the Microsoft Defender portal to view blocked domains
+
+In the Microsoft Defender portal at <https://security.microsoft.com>, go to **Policies & rules** \> **Threat Policies** \> **Tenant Allow/Block Lists** in the **Rules** section. Or, to go directly to the **Tenant Allow/Block Lists** page, use <https://security.microsoft.com/tenantAllowBlockList>.
+
+Verify the **Teams domains** tab is selected.
+
+On the **Teams domains** tab, you can sort the entries by clicking on an available column header. The following columns are available:
+
+- **Value**: The domain or email address.
+
+Use the :::image type="icon" source="media/m365-cc-sc-search-icon.png" border="false"::: **Search** box and a corresponding value to find specific entries.
+
+### Use the Microsoft Defender portal to remove blocked domains
+
+1. In the Microsoft Defender portal at <https://security.microsoft.com>, go to **Policies & rules** \> **Threat Policies** \> **Rules** section \> **Tenant Allow/Block Lists**. Or, to go directly to the **Tenant Allow/Block Lists** page, use <https://security.microsoft.com/tenantAllowBlockList>.
+
+2. Verify the **Teams domains** tab is selected.
+
+3. On **Teams domains** tab, do one of the following steps:
+
+   - Select the entry from the list by selecting the check box next to the first column, and then select the :::image type="icon" source="media/m365-cc-sc-delete-icon.png" border="false"::: **Delete** action that appears.
+
+     > [!TIP]
+     > - You can select multiple entries by selecting each check box, or select all entries by selecting the check box next to the **Value** column header.
+
+4. In the warning dialog that opens, select **Delete**.
+
+Back on the **Teams domains** tab, the entry is no longer listed. It will be deleted from the Teams admin center page after a few minutes as well.
+
+## Related articles
+
+- [Managing external access in Teams admin center](microsoftteams/trusted-organizations-external-meetings-chat?tabs=organization-settings#specify-trusted-microsoft-365-organizations)
+- [Report false positives and false negatives in Teams](submissions-teams.md)
+- [Allow or block files in the Tenant Allow/Block List](tenant-allow-block-list-files-configure.md)
+- [Allow or block URLs in the Tenant Allow/Block List](tenant-allow-block-list-urls-configure.md)