LATEST BLOG: Microsoft Teams Connect shared channels is moving into generally availability
UPDATE: Shared channels public preview rollout is now complete as of April 7, 2022.
PAST EVENT: An Offic...
Updated Jul 26, 2022
Version 18.0
Blog Post
5 MIN READ
Microsoft Teams Connect shared channels is rolling out to public preview
GaryBonifaceMS
Microsoft
MicrosoftChristianJBergstrom I had the similar thoughts with the token being active, so I revoked them between tests**.
I was actually testing on behalf of a customer, and they waited over 1 hour between tests also.
So it appears that a users ability to see and post to the shared channel does not get removed if you have a PWD claim, but not a MFA claim ... even though the MFA claim is supposed to be a condition of access to the shared channel.
I did not test file download of file access, (had issues with my file tab). I only tested posting/chatting in the shared channel.
Im trying to figure out if this is "expected" behaviour. At a security level this is not ideal for failing MFA but still seeing the posts.
ArunDas . Any advice on how to have this addressed, or if it is expected? thank you
**customer waited over an hour in test. I used this command to revoke refresh tokens
(Revoke-AzureADUserAllRefreshToken -ObjectId garyb2238@M365x71532238.onmicrosoft.com)
A good JWT should look something like this. But the one above (without mfa) still gives us access to the shared channel chat.