Forum Discussion
Solved
Disable images in Teams or force to act like files.
So apparently a new security hole has been introduced into teams. I am not sure quite when. We use Team in the GCCH environment and this is new functionality and is very bad. Images are no longe...
- So I got an engineer call finally, they are swamped right now. In case anyone else need to block teams
Conditional Access Policy, However you have to block more than just teams, You have to block all services in the chain for Teams to work
https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/service-dependencies
Then under access controls check to completely block everyone. The trick to getting what you want is under Conditions and filter for devices. Exclude the devices you want. You can get as details as you want, Hybrid joined devices, Azure AD joined devices only Azure AD Registered devices, Compliant devices. Device Ownership set in Intune, To a group or heck right down to a list of device names if you want. This will exclude these devices from the compliance policy.
This works better than grand access on a few things.
Thanks, will look into the Chrome settings, I did try it with Edge and Chrome, The only 2 browsers we allow.
As far as teams change, yes this is something new. We are in the GCCH environment we get updates much later. We even have a different Teams Client installer. We can not use commercial teams or Teams that comes installed on Windows. However, you are correct I can copy and paste or upload mages, However, when you tried to copied and pastes Images which I know as much as 2 weeks ago, if the images were not from your one drive you got an error message that the image was outside of your boundary. You needed to save the image to one drive before it could be put into teams. This was standard procedure. And yes, It was extra work however this allowed the labeling and file security on images the same as files. When you get send on teams with a copied and pasted image one drive would inform you that you shared the file abcd.jpg with Username of person you sent it to. So Images were treated as files with the same security. I know I did this to my boss 2 weeks ago, Found a meme on internet forgot out of habit copied and pasted and got the error, I has to actually save the meme to my one drive then attach it in teams. This is the functionality we had. Everythign was shared like that. And when a user left the company and the one drive was purged so were the images.
As far as teams change, yes this is something new. We are in the GCCH environment we get updates much later. We even have a different Teams Client installer. We can not use commercial teams or Teams that comes installed on Windows. However, you are correct I can copy and paste or upload mages, However, when you tried to copied and pastes Images which I know as much as 2 weeks ago, if the images were not from your one drive you got an error message that the image was outside of your boundary. You needed to save the image to one drive before it could be put into teams. This was standard procedure. And yes, It was extra work however this allowed the labeling and file security on images the same as files. When you get send on teams with a copied and pasted image one drive would inform you that you shared the file abcd.jpg with Username of person you sent it to. So Images were treated as files with the same security. I know I did this to my boss 2 weeks ago, Found a meme on internet forgot out of habit copied and pasted and got the error, I has to actually save the meme to my one drive then attach it in teams. This is the functionality we had. Everythign was shared like that. And when a user left the company and the one drive was purged so were the images.
JeffsRealm Interesting, I didn't realize that Teams in the GCCH environment handled this differently. Thanks for the correction.
If Conditional Access is not working with Microsoft Edge, there must be something else going on, since Edge natively supports it: Microsoft Edge and Conditional Access | Microsoft Learn. (Perhaps this is another GCCH limitation.)
- So I got an engineer call finally, they are swamped right now. In case anyone else need to block teams
Conditional Access Policy, However you have to block more than just teams, You have to block all services in the chain for Teams to work
https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/service-dependencies
Then under access controls check to completely block everyone. The trick to getting what you want is under Conditions and filter for devices. Exclude the devices you want. You can get as details as you want, Hybrid joined devices, Azure AD joined devices only Azure AD Registered devices, Compliant devices. Device Ownership set in Intune, To a group or heck right down to a list of device names if you want. This will exclude these devices from the compliance policy.
This works better than grand access on a few things.