> For the complete documentation index, see [llms.txt](https://docs.tminus365.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.tminus365.com/security/teams/unmanaged-user-access-shall-be-restricted.md).
# Unmanaged User Access SHALL Be Restricted
## Description
Blocking contact with unmanaged Teams users prevents these users from looking up internal users by their email address and initiating chats and calls within Teams. These users would still be able to join calls, assuming anonymous join is enabled. Additionally, unmanaged users may be added to Teams chats if the internal user initiates the contact. Unmanaged accounts are ones not managed by an organization, typically Teams personal accounts.
## Policy
* Unmanaged users SHALL NOT be enabled to initiate contact with internal users.
* Internal users SHOULD NOT be enabled to initiate contact with unmanaged users.
## Licensing Considerations
Any Teams licensing supports this configuration.
## Set Up Instructions
Microsoft Resources:
[Manage external meetings and chat - Microsoft Teams | Microsoft Learn](https://learn.microsoft.com/en-us/microsoftteams/manage-external-access#manage-contact-with-external-teams-users-not-managed-by-an-organization)
To block unmanaged users for initiating contact:
1. Sign in to the Microsoft Teams admin center.
2. Select Users -> External access.
3. To completely block contact with unmanaged users, under Teams accounts not managed by an organization, set People in my organization can communicate with Teams users whose accounts aren't managed by an organization to Off.
4. To allow contact with unmanaged users only if the internal user initiates the contact:
1. Under Teams accounts not managed by an organization, set People in my organization can communicate with Teams users whose accounts aren't managed by an organization to On.
2. Clear the check next to External users with Teams accounts not managed by an organization can contact users in my organization.
## End-User Impact
{% hint style="info" %}
Level: Low
{% endhint %}
This will vary depending on the organization and need for external collaboration with users not managed by an organization. A formal process for adding external domains for collaboration should be established so that end users have a place to request new external participants.
{% hint style="info" %}
Tips
Make sure its clear how end-users request external collaboration participants
{% endhint %}
## PowerShell Scripts
Set External Access Policy: [Set-CsExternalAccessPolicy (SkypeForBusiness) | Microsoft Learn](https://learn.microsoft.com/en-us/powershell/module/skype/set-csexternalaccesspolicy?view=skype-ps)
## Videos
None Currently
---
# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.
## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:
```
GET https://docs.tminus365.com/security/teams/unmanaged-user-access-shall-be-restricted.md?ask=&goal=
```
`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.