In this blog I will discuss basic settings related to security for Teams meetings. These Security Settings primarily deal with, controlling who can access meeting and meeting content.
All the settings discussed in this blog are set from the Teams Admin Console. Good news is that, most of these settings are enabled by default. I will go over the settings to explain what these settings mean and what options are available.
Log into Teams Admin Console with full administrative access.
From the left pane -> Expand Meetings -> Policies
You will see the “Global” policy which is your default org-wide policy. You can use this policy for everyone or create custom policies.
Select the policy setting by clicking on the link.
It will open a page with Settings.
you can keep every setting ON.
For Audio and Video:
By default, “Allow Cloud Recording” is set to ON. It means that, users will be able to record meeting. If you do not want users to record meeting for privacy concerns turn this off.
Note that, user will have to be authenticated to access the recorded meeting.
For Content Sharing:
By default, sharing content by external user is turned off, and you should keep it OFF.
External participants can be anonymous users, federated users or any other external users.
For Participants and Guests:
The setting for “Let Anonymous people start a meeting” is off by default and it should be kept off. The caveat is that, when a meeting organizer tries to start a meeting by calling the bridge number, they will need to enter their Pin for authentication.
The next setting for “Automatically admit people” is set to “everyone in your organization”. You should keep this setting, or you can let federated users to be admitted automatically as well.
However, you should first check your federation settings. If you have open federation, then, do not allow federated users. This can lead to unwanted users join meeting. Same goes for organizations with large number of federated domains.
It is not recommended to select “Everyone”. This can cause anyone to “crash” in your meeting, aka “Teams bombing”.
You can check Federation by going to “org-wide settings” -> “External Access”. By default, it is set for open federation with all Skype, Skype for Business and Teams users.
The next setting for “Allow dial-in users to bypass the lobby” is turned off and it should be kept off.
The impact is very similar to previous settings, this will keep off “anonymous users” from joining a meeting without anyone’s consent. When a user admits a caller they should check to ensure they caller is recognizable.
The “Meeting Settings” section under “Meetings” only contains one setting related to security. It is the settings for “Participant”.
It is the setting for “Anonymous users can join a meeting” – by default, it is on and you should keep it on.
If you follow rest of the recommended settings then, anonymous user will not be able to join Automatically. User will wait in Lobby and one of the authenticated participant or organizer can admit the user. If you turn this off, then, users such as guests, dial-in users, will not be able to join the meeting.
The configuration discussed here are basic configuration that should be set when you first enable Teams. There are more settings available in the Admin Console and in Powershell. Hopefully, I will find the time to write a new blog soon.