Disabling Email Access to Microsoft Teams Channels [CHK-1621]
This check verifies if the channels in Microsoft Teams are reachable via email.
Rationale
The email addresses of Teams channels fall outside the organization's email domain, which means fewer security controls are available. This can allow outsiders, including potential attackers, to send messages directly into the organization.
Fix
An automated fix is available through Attic.
To fix it yourself:
- Navigate to Teams admin center at https://admin.teams.microsoft.com
- Go to Teams > Teams settings
- Under "Email integration", set "Users can send emails to a channel email address" to "Off"
- Click "Save"
Impact
Disabling email access to Teams channels reduces the risk of unauthorized messages being sent into the organization.
More Information
For more details, visit Microsoft Support
CIS Mapping
- CIS Item: 8.1.2 (L1) Ensure users can't send emails to a channel email address
- Profile: E3 Level 1