Enables administrators to specify the domains that their users will be allowed to communicate with. The New-CsEdgeAllowList cmdlet, which can be used only with Skype for Business Online, must be used in conjunction with the New-CsEdgeDomainPattern cmdlet and the Set-CsTenantFederationConfiguration cmdlet.


   [-AllowedDomain <String>]


Federation is a service that enables users to exchange IM and presence information with users from other domains. With Skype for Business Online, administrators can use the federation configuration settings to govern:

Whether or not users can communicate with people from other domains and, if so, which domains they are allowed to communicate with.

Whether or not users can communicate with people who have accounts on public IM and presence providers such as Windows Live, AOL, and Yahoo

Federation is managed, in part, by using allowed domain and blocked domain lists. The allowed domain list specifies the domains that users are allowed to communicate with; the blocked domain list specifies the domains that users are not allowed to communicate with. By default, users can communicate with any domain that does not appear on the blocked list. However, administrators can modify this default setting and limit communication to domains that are on the allowed domains list.

Skype for Business Online does not allow you to directly modify the allowed list or the blocked list; for example, you cannot use a command similar to this one, which passes a string value representing a domain name to the allowed domains list:

Set-CsTenantFederationConfiguration -AllowedDomains ""

Instead, you must use either the New-CsEdgeAllowAllKnownDomains cmdlet or the New-CsEdgeAllowList cmdlet to create a domain object and then pass that domain object to the Set-CsTenantFederationConfiguration cmdlet. The New-CsEdgeAllowAllKnownDomains cmdlet is used if you want to allow users to communicate with all domains except for those expressly specified on the blocked domains list. The New-CsEdgeAllowList cmdlet is used if you want to limit user communication to a specified collection of domains. In that case, users will only be allowed to communicate with domains that appear on the allowed domains list.

To add a single domain ( to the allowed domain list, you need to use a set of command similar to these:

$x = New-CsEdgeDomainPattern -Domain ""

$newAllowList = New-CsEdgeAllowList -AllowedDomain $x

Set-CsTenantFederationConfiguration -AllowedDomains $newAllowList

When this command finishes executing, users will only be allowed to communicate with users from domain.


-------------------------- Example 1 --------------------------

$x = New-CsEdgeDomainPattern -Domain ""

$newAllowList = New-CsEdgeAllowList -AllowedDomain $x

Set-CsTenantFederationConfiguration -AllowedDomains $newAllowList

The commands shown in Example 1 assign the domain to the allowed domains list for the tenant with the TenantId "bf19b7db-6960-41e5-a139-2aa373474354". To do this, the first command in the example uses the New-CsEdgeDomainPattern cmdlet to create a domain object for; this object is stored in a variable named $x. After the domain object has been created, the New-CsEdgeAllowList cmdlet is used to create a new allowed list containing only the domain

With the allowed domain list created, the final command in the example can then use the Set-CsTenantFederationConfiguration cmdlet to configure as the only domain on the allowed domain list for the current tenant.

-------------------------- Example 2 --------------------------

$x = New-CsEdgeDomainPattern -Domain ""

$y = New-CsEdgeDomainPattern -Domain ""

$newAllowList = New-CsEdgeAllowList -AllowedDomain $x,$y

Set-CsTenantFederationConfiguration -AllowedDomains $newAllowList

Example 2 shows how you can add multiple domains to an allowed domains list. This is done by calling the New-CsEdgeDomainPattern cmdlet multiple times (one for each domain to be added to the list), and storing the resulting domain objects in separate variables. Each of those variables can then be added to the allow list created by the New-CsEdgeAllowList cmdlet simply by using the AllowedDomain parameter and separating the variables name by using commas.

-------------------------- Example 3 --------------------------

$newAllowList = New-CsEdgeAllowList -AllowedDomain $Null

Set-CsTenantFederationConfiguration -AllowedDomains $newAllowList

In Example 3, all domains are removed from the allowed domains list. To do this, the first command in the example uses the New-CsEdgeAllowList cmdlet to create a blank list of allowed domains; this is accomplished by setting the AllowedDomain property to a null value ($Null). The resulting object reference ($newAllowList) is then used in conjunction with the Set-CsTenantFederationConfiguration cmdlet to remove all the domains from the allowed domain list.



Object reference to the new domain (or set of domains) to be added to the allowed domain list. Domain object references must be created by using the New-CsEdgeDomainPattern cmdlet. Multiple domain objects can be added by separating the object references using commas. For example:

-AllowedDomain $x,$y

Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Skype for Business Online


None. The New-CsEdgeAllowList cmdlet does not accept pipelined input.


The New-CsEdgeAllowList cmdlet creates new instances of the Microsoft.Rtc.Management.WritableConfig.Settings.Edge.AllowList object.