Microsoft
MicrosoftChris_L DLP work in external access chat (federation) just not consumer external access chats.
ITEric Shared channels on it's way, later Q1 Shared channels roadmap
Markus_Johansson Good questions mate. I will answer as how I believe it will work (the authors can perhaps add more details).
1) I suppose the built-in M365 security features processing information will take care of that, such as the mentioned "spam checker". It would also mean that the affected user has accepted that conversation invite. As of today, from what I can tell, it has to be the user blocking the conversation from the chat window or possibly the "spam checker" taking care of that.
2) Nothing I've heard of. The easiest way would probably be for the user to block and hide that chat (soon also delete that chat). You could use a retention policy, but as far as I know there's no way of targeting that particular consumer conversation.
3) The "shared file" is simply a link to the consumer personal OneDrive so if your subscription is eligible for Safe-Links you have the real-time URL scanning on top of the built-in security features working in the background. Then we have the Safe attachments, but that's more of securing your own libraries, but one might guess that Microsoft has their security checks for personal OneDrive's as well. If a user would go and download that shared file from the personal OneDrive, such as "Download a copy", you probably already have endpoint features looking at that, and perhaps even the Safe Documents feature.
1) I haven't found any such tools or views for admins (doesn't mean it doesn't exist). If the recipient don't want to engage they don't have to accept and can simply block the external account, before or after the user selects "preview message".
2) Nothing in audit log activities from what I can tell, but saw all the consumer chat messages using content search. The results only shows the sender and the message, nothing else. Btw, (a lot of edits now haha) the message will turn up in content search regardless of user accepting or not.
