Ensure external domains are restricted in the Teams admin center
Why This Matters
Unrestricted external domain access in Microsoft Teams exposes your organization to significant security threats, including malware delivery (such as DarkGate), social engineering attacks (like those from Midnight Blizzard), and sophisticated exploits (for example, GIFShell and username enumeration). By limiting external domains to a strict allowlist or blocking all external domains, you control which external organizations your users can communicate with, reducing the attack surface. Without this control, attackers can impersonate trusted partners or launch targeted attacks through Teams external access channels.
What Aether365 Checks
Aether365 verifies that external domain restrictions in the Microsoft Teams admin center are set to either "Allow only specific external domains" or "Block all external domains." This check appears under the microsoft-365 section of your Aether365 dashboard.