diff --git a/teams/teams-ps/teams/New-CsExternalAccessPolicy.md b/teams/teams-ps/teams/New-CsExternalAccessPolicy.md index cb65796765..b2fe361498 100644 --- a/teams/teams-ps/teams/New-CsExternalAccessPolicy.md +++ b/teams/teams-ps/teams/New-CsExternalAccessPolicy.md @@ -24,7 +24,7 @@ For information about external access in Microsoft Teams, see [Manage external a ## SYNTAX ```powershell -New-CsExternalAccessPolicy [-Tenant ] [-Description ] [-EnableFederationAccess ] [-EnableAcsFederationAccess ] +New-CsExternalAccessPolicy [-Tenant ] [-Description ] [-EnableFederationAccess ] [-CommunicationWithExternalOrgs ] [-AllowedExternalDomains ] [-BlockedExternalDomains ] [-EnableAcsFederationAccess ] [-EnableXmppAccess ] [-EnablePublicCloudAccess ] [-EnablePublicCloudAudioVideoAccess ] [-EnableTeamsConsumerAccess ] [-EnableTeamsConsumerInbound ] [-EnableOutsideAccess ] [-Identity] [-InMemory] [-Force] [-WhatIf] [-Confirm] [] @@ -113,6 +113,14 @@ Finally, the last command uses the Set-CsExternalAccessPolicy cmdlet to create a If you do not call the Set-CsExternalAccessPolicy cmdlet, then the virtual policy will disappear as soon as you end your Windows PowerShell session or delete the variable $x. Should that happen, an external access policy with the Identity RedmondAccessPolicy will never be created. +### -------------------------- Example 5 ------------------------ +``` +New-CsExternalAccessPolicy -Identity GranularFederationExample -CommunicationWithExternalOrgs "AllowSpecificExternalDomains" -AllowedExternalDomains @("example1.com", "example2.com") +Set-CsTenantFederationConfiguration -CustomizeFederation $true +``` + +In this example, we create an ExternalAccessPolicy named "GranularFederationExample" that allows communication with specific external domains, namely `example1.com` and `example2.com`. The federation policy is set to restrict communication to only these allowed domains. After that, we still have to enable the `CustomizeFederation` setting in the TenantFederationConfiguration to allow the federation settings as defined in the ExternalAccessPolicy to work. + ## PARAMETERS ### -Identity @@ -171,6 +179,53 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -CommunicationWithExternalOrgs +Indicates how the users get assigned by this policy can communicate with the external orgs. There are 5 options: +* OrganizationDefault: the users of this policy will follow the federation settings defined in TenantFederationConfiguration +* AllowAllExternalDomains: the users are open to communicate with all domains +* AllowSpecificExternalDomains: the users can only communicate with the users of the domains defined in `AllowedExternalDomains` +* BlockSpecificExternalDomains: only users from the domains defined in `BlockedExternalDomains` are blocked from communicating with the users of this policy +* BlockAllExternalDomains: the users are not able to communicate with any external domains +```yaml +Type: String +Parameter Sets: (All) +Aliases: +Applicable: Lync Server 2010, Lync Server 2013, Skype for Business Server 2015, Skype for Business Server 2019 +Required: False +Position: Named +Default value: OrganizationDefault +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AllowedExternalDomains +Indicates the domains that are allowed to communicate with the users of this policy. This is referenced only when `CommunicationWithExternalOrgs` is set to be `AllowSpecificExternalDomains` +```yaml +Type: List +Parameter Sets: (All) +Aliases: +Applicable: Lync Server 2010, Lync Server 2013, Skype for Business Server 2015, Skype for Business Server 2019 +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -BlockedExternalDomains +Indicates the domains that are blocked from communicating with the users of this policy. This is referenced only when `CommunicationWithExternalOrgs` is set to be `BlockSpecificExternalDomains` +```yaml +Type: List +Parameter Sets: (All) +Aliases: +Applicable: Lync Server 2010, Lync Server 2013, Skype for Business Server 2015, Skype for Business Server 2019 +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -EnableTeamsConsumerAccess (Microsoft Teams Only) Indicates whether the user is allowed to communicate with people who have who are using Teams with an account that's not managed by an organization. diff --git a/teams/teams-ps/teams/New-CsTeamsWorkLocationDetectionPolicy.md b/teams/teams-ps/teams/New-CsTeamsWorkLocationDetectionPolicy.md index b4f16b7404..1dcb92a919 100644 --- a/teams/teams-ps/teams/New-CsTeamsWorkLocationDetectionPolicy.md +++ b/teams/teams-ps/teams/New-CsTeamsWorkLocationDetectionPolicy.md @@ -11,7 +11,7 @@ author: artemiykozlov # New-CsTeamsWorkLocationDetectionPolicy ## SYNOPSIS -This cmdlet is used to create a new instance of the TeamsWorkLocationDetectionPolicy. The end user experience utilizing this policy is currently under development and has not been made generally available. You can see updates on when it will be generally available at [Microsoft 365 Roadmap | Microsoft 365](https://www.microsoft.com/en-us/microsoft-365/roadmap?msockid=287ab43847c06d0008cca05b46076c18&filters=&searchterms=automatically%2Cset%2Cwork%2Clocation). +This cmdlet is used to create a new instance of the TeamsWorkLocationDetectionPolicy. The end user experience utilizing this policy has rolled out to the general public. You can see updates at [Microsoft 365 Roadmap | Microsoft 365](https://www.microsoft.com/en-us/microsoft-365/roadmap?msockid=287ab43847c06d0008cca05b46076c18&filters=&searchterms=automatically%2Cset%2Cwork%2Clocation%22https://www.microsoft.com/en-us/microsoft-365/roadmap?msockid=287ab43847c06d0008cca05b46076c18&filters=&searchterms=automatically%2cset%2cwork%2clocation%22) and to learn more on how to enable the end user experience, please see [Setting up Bookable Desks in Microsoft Teams - Microsoft Teams | Microsoft Learn.](/microsoftteams/rooms/bookable-desks) ## SYNTAX