Forum Discussion
Block Anonymous Access to Teams without GSA
Documentation states that anonymous access to Teams and Sharepoint can be blocked on the data plane with TrV2 through GSA.
Testing TrV2 with a browser extension (Modheader) to inject the TrV2 header I found that injecting this header also to "data plane", ie Teams.microsoft.com does block anonymous access to Teams.
I am wondering if this method could be safely used to block anonymous access to specific M365 service until a potential move to GSA
Yes but only for traffic you control, such as within your own network. What makes GSA special is it is enforced by conditional access policies, so any authenticated user who then attempts to access a resource is then required to tunnel through GSA, thus enforcing the TrV2.
