Forsyte IT Solutions
Forsyte IT Solutions
  • Home
  • Why Guardian 365
  • Services

    Guardian 365 managed security services makes security easy, building proactive & extensive security practices to protect your organization in the event of an attack.

    guardian 365 Managed Security

    Managed Extended Detection & Response

    Guardian 365 delivers 24x7x365 protection for the best defense in an ever-changing environment.​

    Managed Endpoint Security

    Guardian 365 monitors & safeguards devices that connect to your network to ensure essential network access.

    Managed Security & Risk Assessments

    Guardian 365 empowers organizations to defend against cybercrime with rigorous security benchmarks.

    Managed Pen Tests & Vulnerability Scans

    Guardian 365 includes continuous security assessments to expose vulnerabilities & gaps.

  • Platform

    Guardian 365 managed platform makes security easy, providing your dedicated 24x7x365 managed SOC, threat hunting, incident response, incident remediation, on-demand security dashboards & reports.

    Guardian 365 Platform

    Security Operations Center

    Guardian 365 provides customized 24x7x365 cybersecurity support you can trust.

    Threat Hunting

    Guardian 365 looks for hidden dangers to ensure the security of your environment.

    Incident Response & Remediation

    Guardian 365 responds to incidents to minimize the impact of threats on assets.

    Security Reporting

    Guardian 365 simplifies access to cybersecurity information & reporting.

  • Resources

    Security Resources

    Security Blog: Latest News

    Explore insights, industry trends, and practical tips that have the cybersecurity industry buzzing.

    Security Reports from Gartner

    Get key insights to stay ahead of risks on the horizon. From zero-day vulnerabilities to incident response strategies.

    FAQs

    Explore our FAQ to get answers quickly.

    Cybersecurity Insurance Assistance

    Take advantage of reduced cyber insurance premiums and enhanced regulatory compliance.

    Join Us: Webinars & Events

    Check back often to make sure you don’t miss out on informative webinars and events.

  • Company

    Forsyte Guardian 365 has the vision, the values, and the leadership to support your security operations.

    Company

    About Us

    Learn more about the mission, vision, and values that define Forsyte.

    Corporate Trust Report

    Explore our robust security services for proactive defense.

    Executive Leadership & Teams

    Meet the teams committed to safeguarding your digital world.

    Partnerships

    We’re committed to enhancing security and savings for our partner organizations.​

    Careers

    We work remotely and hire expert talent, no matter where you are located.

    Contact Us

    Speak to an expert today to find out how we can help secure your organization.

Enhancing Microsoft Teams Security: Integrating Tenant Allow/Block List and Preparing for Source of Authority Migration

Share This Post

Proactive Security and Threat Intelligence for Collaboration Tools

As organizations increasingly rely on Microsoft Teams for real-time collaboration and communication, maintaining a secure environment is paramount. Threat actors are constantly seeking new vectors to compromise sensitive data, making proactive security and robust threat intelligence essential. The integration of Microsoft Teams with the Tenant Allow/Block List in Microsoft Defender for Office 365, along with strategic identity management through Source of Authority (SOA) migration, represent significant advancements in safeguarding digital workspaces.

Understanding the Tenant Allow/Block List

Definition and Purpose

The Tenant Allow/Block List (TABL) is a security feature in Microsoft Defender for Office 365 designed to help organizations control who can communicate with their users. It enables IT administrators to explicitly allow or block specific email addresses, domains, and URLs across Microsoft 365 services. By centralizing these controls, the TABL helps prevent unwanted or malicious communications, reducing the risk of phishing attacks, spam, and other threats.

How the Tenant Allow/Block List Works

When a domain or address is added to the block list, any communication attempt from that entity—whether via email or, now, Microsoft Teams—is automatically restricted. Conversely, entries on the allow list bypass certain security filters, ensuring vital communications are not inadvertently blocked. The TABL provides a centralized repository for these allow/block decisions, streamlining management and enforcement of organization-wide communication policies.

Microsoft Teams Integration: Leveraging the Tenant Allow/Block List

With the latest updates, Microsoft Teams now integrates directly with the Tenant Allow/Block List. This means that the same controls used to manage safe and unsafe communications in email can be applied to Teams, providing consistent enforcement across collaboration platforms. Administrators can block external domains and addresses from initiating chats, meetings, or file sharing with their users in Teams.

Key capabilities include:

  • Blocking Teams interactions from known malicious or unwanted domains and addresses.
  • Ensuring that allow/block policies are automatically enforced across both email and Teams.
  • Reducing administrative overhead by centralizing management within Defender for Office 365.

This integration strengthens your organization’s overall security posture, ensuring that threats identified via email intelligence are also mitigated in real-time collaboration tools.

Configuring Block Lists in Microsoft Teams

Required Settings and Step-by-Step Guidance

To leverage the Tenant Allow/Block List in Microsoft Teams, follow these steps:

  1. Open Microsoft 365 Defender Portal: Sign in with an account that has the Security Administrator or Global Administrator role.
  2. Navigate to Tenant Allow/Block List: In the Microsoft 365 Defender portal, go to Email & Collaboration > Policies & Rules > Threat policies > Tenant Allow/Block List.
  3. Add Domains or Addresses: Under the relevant section (Domains & addresses), choose to add a new entry. Specify whether you want to allow or block, and enter the domain or email address.
  4. Save and Confirm: Review your entries, then save changes. These settings will now apply to both email and Teams communications.
  5. Teams Admin Center Verification: Optionally, verify in the Teams Admin Center that external access policies reflect your desired allow/block configurations.

Note: Changes may take several minutes to propagate across all services.

Source of Authority (SOA): A Foundation for Identity Management

What Is SOA?

Source of Authority (SOA) refers to the system that serves as the primary record for user identities within your organization. Traditionally, many organizations have used on-premises Active Directory (AD) as their SOA, synchronizing identities to Microsoft 365 and other cloud services.

Active Directory vs. Entra ID

With the shift to cloud-first strategies, Microsoft Entra ID (formerly Azure Active Directory) is increasingly preferred as the SOA. Entra ID provides modern identity management, advanced security controls, and seamless integration with cloud services, reducing reliance on legacy infrastructure.

Implications for Identity Management

Choosing the right SOA impacts how users are created, managed, and authenticated across your organization. Migrating SOA to Entra ID enables centralized, cloud-based identity management, supporting remote work, zero trust security models, and future-proofed access controls.

Why Switch SOA to Entra ID?

Migrating SOA from Active Directory to Entra ID offers several strategic advantages:

  • Reduced On-Premises Dependencies: Decrease reliance on legacy infrastructure, lowering maintenance costs and complexity.
  • Modern Security Features: Access advanced security capabilities such as conditional access, identity protection, and risk-based authentication.
  • Centralized Management: Streamline user and device management through a single, cloud-based interface.
  • Simplified Access: Enable seamless, secure access for remote and hybrid workers.
  • Future Readiness: Align with Microsoft’s cloud-first direction and ensure compatibility with new features.

Preparing for the SOA Switch: Key Migration Steps

Transitioning SOA to Entra ID requires careful planning and execution. Here’s how to prepare:

  1. Inventory Current Identities: Audit on-premises AD and Entra ID to ensure all user, group, and device objects are accounted for.
  2. Synchronize Identities: Use Microsoft Entra Connect to sync users and groups. Address any duplicate or conflicting objects.
  3. Migrate Mailboxes and Devices: Move mailboxes to Exchange Online and enroll devices in Intune or another MDM solution.
  4. Update Provisioning Workflows: Adjust HR and IT processes to create and manage identities directly in Entra ID.
  5. Switch Group SOA: For Microsoft 365 groups and Teams, update the SOA to Entra ID to ensure all new and existing groups are managed in the cloud.
  6. Test and Validate: Conduct pilot migrations, validate authentication and access, and address issues before full deployment.
  7. Communicate and Train: Inform stakeholders and provide training to ensure a smooth transition.

Security Enhancements and Strategic Value

The integration of Microsoft Teams with the Tenant Allow/Block List in Defender for Office 365 marks a major step forward in unified communication security. Combined with a strategic migration of Source of Authority to Entra ID, organizations can achieve stronger, more agile security postures, reduce complexity, and empower their users for the future of work. By staying proactive and leveraging these advancements, IT admins and security professionals can ensure their organization’s collaboration environment is both productive and protected.

More To Explore

Schedule a Pen Test

The Guardian 365 Pen Test assesses your systems by simulating cyberattacks on internal resources, external resources, and web apps.

See identify configuration issues and vulnerabilities that external and internal attackers could use to exploit your systems. Sign up for a Guardian 365 Pen Test to enhance your security today!

Contact - Schedule a Pen Test
Name
Name
First
Last

EDUCATION LEADERS TALK SECURITY

You’re in the right place! Complete the form to hear the latest Guardian 365 security discussion featuring IT leaders from Spelman College and Spring Grove Area School District. You won’t want to miss this!

Guardian 365: Education Leaders Talk Security
Name
Name
First
Last

Cybersecurity Insurance Audit

Let us help you save money on your Cybersecurity Insurance by providing an audit of your current environment, and provide recommendations on how to reduce the cost of your insurance policy,

Get the team you want with the support you need for an audit. Have questions? Contact Us today!

Contact - Cybersecurity Insurance
Name
Name
First
Last

Request a Demo

At Forsyte Guardian 365, we believe in transparency and hands-on experiences. Complete the form to request your personalized demo. Remember, security is not a luxury. It’s a necessity. Let’s empower your team with Guardian 365! 

Request a Demo

At Forsyte Guardian 365, we believe in transparency and hands-on experiences. Complete the form to request your personalized demo. Remember, security is not a luxury. It's a necessity. Let's empower your team with Guardian 365! 

Request A Demo
Name
Name
First
Last

Get Started

If you are experiencing a security breach or have detected suspicious activity, get help now.

Get the team you want with the support you need for a full recovery. Have questions? Contact Us today!

Contact - Talk to an Expert
Name
Name
First
Last

Expert Recovery Services for Security Breaches

If you are experiencing a security breach or have detected suspicious activity, get help now.

Get the team you want with the support you need for a full recovery. Have questions? Contact Us today!

Contact - Recovery Services
Name
Name
First
Last