Merge pull request #13351 from williamlooney/master

Ruchika-mittal01 · web-flow · commit 6865bd967dec · 2026-02-26T06:16:28.000+05:30
Pre-release version of RequireMutualFederationForChatMembership and ApplyExternalAccessRestrictionsToChatMembership docs
diff --git a/teams/teams-ps/MicrosoftTeams/Set-CsTenantFederationConfiguration.md b/teams/teams-ps/MicrosoftTeams/Set-CsTenantFederationConfiguration.md
@@ -30,6 +30,8 @@ Set-CsTenantFederationConfiguration [-Tenant <Guid>]
  [-AllowedDomainsAsAList <List>] [-ExternalAccessWithTrialTenants <ExternalAccessWithTrialTenantsType>]
  [-SecurityTeamAllowBlockListDelegation <SecurityTeamAllowBlockListDelegationType>]
  [-AllowedTrialTenantDomains <List>]
+ [-ApplyExternalAccessRestrictionsToChatMembership <Boolean>]
+ [-ExtendMutualFederationForChatMembership <Boolean>]
  [[-Identity] <XdsIdentity>] [-Force] [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 
@@ -38,7 +40,10 @@ Set-CsTenantFederationConfiguration [-Tenant <Guid>]
 Set-CsTenantFederationConfiguration [-Tenant <Guid>] [-AllowedDomains <IAllowedDomainsChoice>]
  [-BlockedDomains <List>] [-BlockAllSubdomains <Boolean>] [-AllowFederatedUsers <Boolean>]
  [-TreatDiscoveredPartnersAsUnverified <Boolean>] [-SharedSipAddressSpace <Boolean>] [-RestrictTeamsConsumerToExternalUserProfiles <Boolean>]
- [-AllowedDomainsAsAList <List>] [-Instance <PSObject>] [-Force] [-WhatIf] [-Confirm] [<CommonParameters>]
+ [-AllowedDomainsAsAList <List>]
+ [-ApplyExternalAccessRestrictionsToChatMembership <Boolean>]
+ [-ExtendMutualFederationForChatMembership <Boolean>]
+ [-Instance <PSObject>] [-Force] [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 
 ## DESCRIPTION
@@ -309,7 +314,7 @@ Accept wildcard characters: False
 > Applicable: Microsoft Teams
 
 When set to True (the default value) users will be potentially allowed to communicate with users from other domains.
-If this property is set to False then users cannot communicate with users from other domains, regardless of the values assigned to the `AllowedDomains` and `BlockedDomains` properties or any `ExternalAccessPolicy` instances. In effect, the `AllowFederatedUsers` property serves as a master switch that globally enables or disables federation across the Tenant, overridding all other policy settings. 
+If this property is set to False then users cannot communicate with users from other domains, regardless of the values assigned to the `AllowedDomains` and `BlockedDomains` properties or any `ExternalAccessPolicy` instances. In effect, the `AllowFederatedUsers` property serves as a master switch that globally enables or disables federation across the Tenant, overriding all other policy settings. 
 
 To block all domains while selectively allowing specific users to communicate externally via explicit `ExternalAccessPolicy` instances, set `AllowFederatedUsers` to `True` and leave the `AllowedDomains` property empty.
 
@@ -459,6 +464,63 @@ Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
+### -ApplyExternalAccessRestrictionsToChatMembership
+
+> Applicable: Microsoft Teams
+
+> This parameter is reserved for future use and has no effect at this time.
+
+When set to False (the default value), users in the tenant who have `EnableFederationAccess` set to False in their assigned `ExternalAccessPolicy` can be added to group chats that include external users only when the chat is initiated by a user in the same tenant who has `EnableFederationAccess` set to True. 
+
+When set to True, users in the tenant who have `EnableFederationAccess` set to False are blocked from being added to any group chat that includes external users and are removed from existing active group chats that include external users. 
+
+The `ApplyExternalAccessRestrictionsToChatMembership` parameter does not affect the behavior set by `CommunicationWithExternalOrgs` parameter of the `ExternalAccessPolicy`.
+> [!NOTE]
+> This setting only applies to group chats and does not affect a user's ability to join meetings with external users or participate in meeting chats with external users. Refer to [Set-CsExternalAccessPolicy](/powershell/module/microsoftteams/set-csexternalaccesspolicy) for information about `EnableFederationAccess` parameter.
+>
+> Removal of users only applies to active group chats. An active group chat is defined as a chat in which a message has been sent within the past two hours. Users are removed from inactive group chats only when a new message is sent and the chat becomes active
+
+```yaml
+Type: ApplyExternalAccessRestrictionsToChatMembership
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: False
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+### -ExtendMutualFederationForChatMembership
+
+> Applicable: Microsoft Teams
+
+> This parameter is reserved for future use and has no effect at this time.
+
+This parameter specifies whether additional mutual federation requirements are extended across all participants in a group chat. Mutual federation relationships are determined by each user’s effective external access configuration (`AllowedDomains`, `BlockedDomains`, and `ExternalAccessPolicy`). When enabled, this parameter adds participant‑level mutual federation enforcement to group chat.
+
+When set to False (the default value), **only the initiator of the group chat and the user joining or being added are required to have a mutual federation relationship**. Users in the tenant can join or be added to group chats that may include other external participants who are not permitted by the user’s own external access configuration, based on the initiating user’s settings. This behavior applies to group chats initiated by users within the tenant or by external users.
+
+When set to True, **all participants in the group chat must have mutual federation relationships with every other participant in the chat**. Users are blocked from joining or being added to group chats if they do not have mutual federation relationships with all existing participants. These relationships are evaluated continuously for all active chats and participants are automatically removed from existing active group chats when required relationships are no longer valid. 
+
+> [!NOTE]
+> This setting only applies to group chats and does not affect a user's ability to join meetings with external users or participate in meeting chats with external users. Refer to [Set-CsExternalAccessPolicy](/powershell/module/microsoftteams/set-csexternalaccesspolicy) for information about `EnableFederationAccess` parameter.
+>
+> Removal of users only applies to active group chats. An active group chat is defined as a chat in which a message has been sent within the past two hours. Users are removed from inactive group chats only when a new message is sent and the chat becomes active.
+>
+> The user who initiated the chat is never removed from the group chat as a result of this setting.
+
+```yaml
+Type: ExtendMutualFederationForChatMembership
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: False
+Accept pipeline input: False
+Accept wildcard characters: False
+```
 
 ### -Force
 
@@ -483,7 +545,7 @@ Accept wildcard characters: False
 > Applicable: Microsoft Teams
 
 Specifies the collection of tenant federation configuration settings to be modified.
-Because each tenant is limited to a single, global collection of federation settings there is no need include this parameter when calling the `Set-CsTenantFederationConfiguration` cmdlet.
+Because each tenant is limited to a single, global collection of federation settings there is no need to include this parameter when calling the `Set-CsTenantFederationConfiguration` cmdlet.
 If you do choose to use the Identity parameter you must also include the Tenant parameter.
 For example:
 
