diff --git a/teams/teams-ps/teams/Set-CsTenantFederationConfiguration.md b/teams/teams-ps/teams/Set-CsTenantFederationConfiguration.md index 957f463b80..c881b93707 100644 --- a/teams/teams-ps/teams/Set-CsTenantFederationConfiguration.md +++ b/teams/teams-ps/teams/Set-CsTenantFederationConfiguration.md @@ -29,6 +29,7 @@ Set-CsTenantFederationConfiguration [-Tenant ] [-AllowFederatedUsers ] [-AllowTeamsConsumer ] [-AllowTeamsConsumerInbound ] [-TreatDiscoveredPartnersAsUnverified ] [-SharedSipAddressSpace ] [-RestrictTeamsConsumerToExternalUserProfiles ] [-AllowedDomainsAsAList ] [-ExternalAccessWithTrialTenants ] + [-DomainBlockingForMDOAdminsInTeams ] [-AllowedTrialTenantDomains ] [[-Identity] ] [-Force] [-WhatIf] [-Confirm] [] ``` @@ -62,7 +63,7 @@ $x = New-CsEdgeDomainPattern -Domain "fabrikam.com" Set-CsTenantFederationConfiguration -BlockedDomains @{Replace=$x} ``` -In Example 2, the domain fabrikam.com is assigned as the only domain on the blocked domains list for current tenant. +In Example 1, the domain fabrikam.com is assigned as the only domain on the blocked domains list for current tenant. To do this, the first command in the example uses the `New-CsEdgeDomainPattern` cmdlet to create a new domain object for fabrikam.com. This domain object is stored in a variable named $x. @@ -214,6 +215,11 @@ Example 15 shows how you can remove domains from the existing Allowed Trial Tena First, a List is created and domains are added to it, then use the Remove method in the `AllowedTrialTenantDomains` parameter to remove the domains from the existing allowed domains list. When this command completes, the domains in the list will be removed from the Allowed Trial Tenant Domains list. +### -------------------------- Example 16 ------------------------- +``` +Set-CsTenantFederationConfiguration -DomainBlockingForMDOAdminsInTeams "Enabled" +``` + ## PARAMETERS ### -AllowedDomains @@ -490,6 +496,23 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -DomainBlockingForMDOAdminsInTeams +When set to 'Enabled', security operations team will be able to add domains to the blocklist on security portal. +When set to 'Disabled', security operations team will not have permissions to update the domains blocklist. + +```yaml +Type: DomainBlockingForMDOAdminsInTeamsType +Parameter Sets: (All) +Aliases: +Applicable: Microsoft Teams + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -AllowedTrialTenantDomains You can whitelist specific "trial-only" tenant domains, while keeping the `ExternalAccessWithTrialTenants` set to `Blocked`. This will allow you to protect your organization against majority of tenants that don't have any paid subscriptions, while still being able to collaborate externally with those trusted trial-tenants in the list.