Forum Discussion

tsl65's avatar
tsl65
Copper Contributor
Sep 19, 2022
Solved

Prevent file upload from external parties

Hi,
We have a bit of a security concern: 
Persons external to our company can without any notice initiate a chat to an employee and send a file. 
Is it possible to block either for external initiated chat or prevent the external user can upload a file? 
The concern is, these files could be anything, including malware and then we have to rely solely on our virus scanner (that we trust, but there are zero-day exploits and rare cases....) 

I found al kinds of articles and how to prevent file sharing from internal to external, but here we don't want to receive files from external. 

Any suggestions ??

Regards
TSL65
Guest Access
microsoft teams
  • ChristianJBergstrom's avatar
    ChristianJBergstrom
    Sep 19, 2022
    Head over to Teams admin center and External access (under Users). Disable the option that consumer accounts can initiate a chat with your org. users. This isn't applicable for the "Teams and Skype for Business users in external organizations" setting which is federation. Because when using federation (also called trusted organizations) you cannot share files in chats.

    You can prevent guest users (added to your org. with a guest account) from uploading files but that isn't the question here as far as I understand.

7 Replies

  • StevenC365's avatar
    StevenC365
    MVP
    Sep 19, 2022

    tsl65 How can they send a file? Federated chat to or from people outside your organisation doesn't allow file transfer. 

    • tsl65's avatar
      tsl65
      Copper Contributor
      Sep 19, 2022

      StevenC365 We had the setting that Christian mentioned, set to allow contact from unmanaged sources. 

      (Teams accounts not managed by an organization)

    • ChristianJBergstrom's avatar
      ChristianJBergstrom
      MVP
      Sep 19, 2022
      Hey Steven, it's a sharing link from the consumer account pointing to its OneDrive where that file is being shared from. Don't like the open default setting here tbh.
      • StevenC365's avatar
        StevenC365
        MVP
        Sep 19, 2022

        ChristianJBergstrom I don't really see where the OP mentions it's from the consumer version.

         

        Anyway that's not a file, it's a link to a file, just like if I emailed a link or you clicked one on a website, all the same mechanisms exist if you want to scan it. Microsoft Defender for Office 365 includes SafeLinks which will scan the destination of a link sent via Teams so offers protection.

         

        It's very rare for organisations to allow chat with personal Teams accounts, most just turn it off and then use an allowlist for the organisations that people can talk to.

  • ChristianJBergstrom's avatar
    ChristianJBergstrom
    MVP
    Sep 19, 2022
    Head over to Teams admin center and External access (under Users). Disable the option that consumer accounts can initiate a chat with your org. users. This isn't applicable for the "Teams and Skype for Business users in external organizations" setting which is federation. Because when using federation (also called trusted organizations) you cannot share files in chats.

    You can prevent guest users (added to your org. with a guest account) from uploading files but that isn't the question here as far as I understand.
    • tsl65's avatar
      tsl65
      Copper Contributor
      Sep 19, 2022
      Thanks, that will take the top of the concerns and lower my managers blood pressure 🙂
      We are most concerned about the unknow users that suddenly contacts us.
      Teams is made for collaboration so we cannot shout down for all external activities.

Resources