Table of Contents
Stop Anonymous Users Accessing Chat Messages
Updated 18 June 2023
Now rolling out to tenants (and GCC in July), message center notification MC392295 (June 14, Microsoft 365 roadmap item 91142) covers the topic of blocking chat for anonymous users in Teams meetings. Unhappily, the text is less than precise and begins by informing us that “Financial institutions consider chat messages as a form of data exfiltration” and goes on to stress the need for IT administrators to control chat access for anonymous and unauthenticated users.
Update: Message center notification MC552789 (10 May 2023, Microsoft 365 roadmap item 123974) announces that the restriction placed on the ability of anonymous participants to send chat messages during meetings is extended to reading messages. In other words, if you implement the restriction as described here, it blocks all access to chat for anonymous participants.
Apparently, there’s a bunch of these folks showing up to join Teams meetings, possibly because the Teams meeting settings for the organization allow anonymous people to join meetings by using the meeting link (published in Teams meeting invitations). The first rule of thumb is not to allow anonymous folks in if you don’t want to manage their access to information. Although it’s always better to restrict meeting attendance to invited participants, good business cases exist where anonymous access is necessary, such as product announcements to customers.
Anyway, if anonymous people do join meetings, MC392295 tells us that “they should be restricted from seeing and accessing any type of electronic communication on chat.” This gets to the heart of the matter. In some instances, if anonymous people participate in a Teams meeting, you don’t want them to be able to chat with other people.
At least, that’s my summary of “This feature provides additional security by only disabling chat write access for non-federated users and unauthenticated users who join Teams meetings through a link, so it must be used in conjunction with disabled meeting chat policy applied to financial advisors to remain compliant.”
The important point here is that you can disable write access to chat for anonymous users (in other words, they can’t send chat messages), but they remain able to read chats from other participants. Ideally, Teams should block anonymous users from seeing any chat messages, but perhaps that’s the next step to meet the stated aspiration of blocking “any type of electronic communication on chat.” Unless, of course, you don’t consider reading chat to be a form of electronic communication.
Implementing the Block
The easiest way to block anonymous users from being able to send chat messages in Teams meetings is by updating the Chat in Meetings setting in Teams meeting policies (Figure 1). Select Turn it on for everyone but anonymous user to block write access. After a short delay, the setting applies to meetings organized by people covered by the meeting policy. Meeting organizers cannot override the policy setting for individual meetings.
If you like to maintain meeting policies with PowerShell, the equivalent command is:
Set-CsTeamsMeetingPolicy -MeetingChatEnabledType EnabledExceptAnonymous -Identity "Contract Workers"
The other values for the MeetingChatEnabledType setting are Enabled or Disabled.
The Effect of the Block
Figure 2 shows the effect of blocking write access to meeting chat for anonymous meeting participants. They can see the meeting chat but can’t compose and send a chat.
Better Meeting Experience on Chrome and Edge Browsers
While experimenting with blocking anonymous users from chat, I noticed that the change promised in MC393821 (Microsoft 365 roadmap item 92928) to deliver the modern meeting/calling experience for Teams running in Chrome and Edge browsers had arrived. According to Microsoft, this feature includes improved pre-join, dynamic view, and an updated control bar to align the browser interface with what’s available on the desktop client.
Figure 3 shows a Teams meeting running in a Chrome browser. Apart from not being in a pop-out window, the new interface is much better than the past and will be hard for regular users to distinguish with the desktop client.
Some will like the ability to clamp down on the nefarious activities of anonymous meeting participants. More will like the new meeting experience for browsers. At least, that’s my take.
So much change, all the time. It’s a challenge to stay abreast of all the updates Microsoft makes across Office 365. Subscribe to the Office 365 for IT Pros eBook to receive monthly insights into what happens, why it happens, and what new features and capabilities mean for your tenant.