Skip to Content
EmailTeamsExternal AccessFederation

Federation

Manage federation settings for cross-organization Teams communication. Federation controls which external organizations can communicate with your users through Teams chat and calling. OpsPilot365 provides centralized federation management with bulk deployment across managed tenants.

Note: Teams policies are available with any Microsoft 365 license that includes Teams. Policy management via Graph API requires Directory.ReadWrite.All and TeamsPolicy.ReadWrite.All permissions.

Federation Types

TypeDescriptionUse Case
Open federationCommunicate with any Teams organization by defaultOrganizations with broad collaboration needs
Allowed domainsOnly specific domains can communicateRegulated industries requiring tight control
Blocked domainsAll except listed domains can communicateBlock known problematic domains

Domain Management

Configure which external domains can federate with your tenant:

  • Add allowed domain — Permit federation with a specific external organization
  • Add blocked domain — Block federation with a specific external organization
  • Remove domain — Remove a domain from the allow or block list

Cross-Tenant Federation for MSPs

For MSP environments, OpsPilot365 enables centralized federation management:

  • Apply consistent federation policies across all managed tenants
  • Allow inter-tenant communication between managed client organizations
  • Block federation with known malicious or undesirable domains
  • Monitor federation settings for drift from baseline standards

Bulk Policy Deployment

OpsPilot365 enables bulk federation policy deployment across multiple tenants with conflict detection and rollback capabilities.

Deployment Workflow

  1. Define Policy — Create or import federation configuration with all settings
  2. Select Tenants — Choose target tenants using tags or manual selection
  3. Preview Changes — Review conflicts and differences before deployment
  4. Deploy and Monitor — Execute deployment with real-time status tracking

Policy Drift Detection

Monitor federation configurations across tenants to detect drift from your baseline:

  • Compliant — Matches baseline configuration
  • Warning — Minor deviations detected
  • Drifted — Significant policy changes found

Remediation Options

  • Auto-remediate — Automatically revert to baseline on detection
  • Alert only — Send notification for manual review
  • Update baseline — Accept drift as new standard
  • Exempt tenant — Exclude from drift monitoring

Best Practices

Policy Design

  • Use group-based assignment for scalability
  • Keep the global policy restrictive as a baseline
  • Document exceptions with business justification
  • Test policies in pilot groups before wide deployment

Security Considerations

  • Block federation with consumer domains by default
  • Restrict external communication for sensitive tenants
  • Review federation settings quarterly
  • Monitor policy changes via audit logs

API Reference

# Get Teams app settings
GET /teamwork/teamsAppSettings
# OpsPilot365 API - Bulk deploy federation policy
POST /api/teams/policies/deploy
{
  "policyType": "federation",
  "policyName": "MSP-Standard-Federation",
  "tenantIds": ["tenant-1", "tenant-2"],
  "assignmentType": "global",
  "conflictResolution": "overwrite"
}
  • GET /api/teams/federation/domains — List configured domains
  • POST /api/teams/federation/domains — Add domain to allow/block list
  • DELETE /api/teams/federation/domains/:domain — Remove domain from list
Last updated on
External AccessGuest Access