Cross-organization domain share restriction has been enforced when creating users in Webex Control Hub. Unfortunately, we have discovered that the same set of rigor hasn't been enforced when creating Webex Workspaces. Webex now starts validating Workspace calendar email addresses at creation. If the email contains a domain that is already claimed by another organization, the registration is rejected.

The reasons behind this change are:

  • Upcoming features with tighter synchronization between AD/Synced organization resources and Workspaces, that will greatly benefit management of Webex Workspaces.

  • The potential for malicious calendar blockage from a rogue organization.

We're approaching this mitigation in three steps:

  1. We have already restricted all nonimpacted organizations from registering domain claimed emails, to close the opportunity to have malicious activity with this document in the known.

  2. We will close the opportunity for organizations that are currently utilizing this capability to add new devices with the given email structure on April 1 2022.

  3. We will enforce the new rule, that rejects any email registration that violates the domain claim policy. This is scheduled for the June 1 2022.

Prepare for this change

Make sure that all Workspaces in your organization are set up with a calendar email that uses a domain that is not claimed by another organization. If this isn't the case, you are at risk of being impacted by our operational enforcement mechanisms.

You can verify if the domains you're using are available in Control Hub. To read more about how to verify domains, take a look at the Add and verify section in the Manage your domains article.

Some organizations are configured to require domain verification for user emails. This configured requirement will now also be applied for Workspaces emails.