Block External Consumer Chats in Microsoft Teams [CHK-1622]
This check determines whether your Microsoft Teams environment allows incoming chats from external consumer Teams accounts. These are personal Microsoft accounts that can use the free version of Microsoft Teams.
Rationale
Allowing incoming chats from consumer Teams accounts can be exploited for phishing attacks and social engineering attempts. Attackers can easily use personal Microsoft accounts to send malicious links, fake requests, or other harmful content directly to your employees. Disabling this feature reduces the attack surface and helps prevent potential security incidents that could compromise your organization’s data and systems.
Fix
An automated fix is available through Attic. If Attic has write access to your Microsoft configuration, the fix will be suggested via an Attic ticket.
To fix it yourself, follow these steps:
- Navigate to the Microsoft Teams admin center.
- Go to Teams > Teams settings > External access.
- Disable "Let users communicate with users who have Teams accounts not managed by an organization (consumer accounts)".
- Disable "Let users receive incoming calls from users who have Teams accounts not managed by an organization (consumer accounts)".
- Save the changes.
- Navigate to Microsoft Teams Admin Center: https://admin.teams.microsoft.com.
- Select Users.
- Select External Access.
- Select Policy > Global policy.
- Disable the setting "People in my organization can communicate with Teams users whose accounts aren't managed by an organization." if the setting "People in my organization can communicate with unmanaged Teams accounts" is enabled.
- Save the changes.
Impact
Disabling this feature will prevent external consumer accounts from initiating chats with your organization's Teams users, reducing the risk of phishing attacks and social engineering attempts.