Forum Discussion
Solved
Disable possibility that our employees get added as guests in other companies
We are currently rolling out Teams to all employees but restrict the access to a lot of features. But unfortunately a colleague got invited from another tenant as a guest and would be able to switch ...
- There is a uservoice open for this here
https://microsoftteams.uservoice.com/forums/555103-public/suggestions/36352375-prevent-users-from-joining-external-tenants-as-gue
And you could try what Mitchell Bakker suggests in terms of blocking the invites which stops the join
However, what I would say here is that your problem is not prevent others from joining other tenants, but it is sharing information. Security by impossibility has been shown to not be that effective, and they could just - for example - do this on WhatsApp. You just want to stop them copying files, so you would
1.) Move all the sensitive information into specified teams
2.) Restrict Sharing as you have done
3.) Apply sensitivity labels to the Teams you need
4.) Apply the correct permissions so that users can only see the documents in the Teams and not be able to download them (I.e. on the underlying SharePoint site)
5.) Use Azure Information Protection meaning if someone tries opening that file it is encrypted, it doesn't even matter if they copy it into another tenant
Try to control the data, not the access, otherwise users will just circumvent this
Hope that answers your question
Best, Chris
There is a uservoice open for this here
https://microsoftteams.uservoice.com/forums/555103-public/suggestions/36352375-prevent-users-from-joining-external-tenants-as-gue
And you could try what Mitchell Bakker suggests in terms of blocking the invites which stops the join
However, what I would say here is that your problem is not prevent others from joining other tenants, but it is sharing information. Security by impossibility has been shown to not be that effective, and they could just - for example - do this on WhatsApp. You just want to stop them copying files, so you would
1.) Move all the sensitive information into specified teams
2.) Restrict Sharing as you have done
3.) Apply sensitivity labels to the Teams you need
4.) Apply the correct permissions so that users can only see the documents in the Teams and not be able to download them (I.e. on the underlying SharePoint site)
5.) Use Azure Information Protection meaning if someone tries opening that file it is encrypted, it doesn't even matter if they copy it into another tenant
Try to control the data, not the access, otherwise users will just circumvent this
Hope that answers your question
Best, Chris
https://microsoftteams.uservoice.com/forums/555103-public/suggestions/36352375-prevent-users-from-joining-external-tenants-as-gue
And you could try what Mitchell Bakker suggests in terms of blocking the invites which stops the join
However, what I would say here is that your problem is not prevent others from joining other tenants, but it is sharing information. Security by impossibility has been shown to not be that effective, and they could just - for example - do this on WhatsApp. You just want to stop them copying files, so you would
1.) Move all the sensitive information into specified teams
2.) Restrict Sharing as you have done
3.) Apply sensitivity labels to the Teams you need
4.) Apply the correct permissions so that users can only see the documents in the Teams and not be able to download them (I.e. on the underlying SharePoint site)
5.) Use Azure Information Protection meaning if someone tries opening that file it is encrypted, it doesn't even matter if they copy it into another tenant
Try to control the data, not the access, otherwise users will just circumvent this
Hope that answers your question
Best, Chris
ChrisHoardMVP Amen 🙂