Forum Discussion
Prevent file upload from external parties
- Head over to Teams admin center and External access (under Users). Disable the option that consumer accounts can initiate a chat with your org. users. This isn't applicable for the "Teams and Skype for Business users in external organizations" setting which is federation. Because when using federation (also called trusted organizations) you cannot share files in chats.
You can prevent guest users (added to your org. with a guest account) from uploading files but that isn't the question here as far as I understand.
ChristianJBergstrom I don't really see where the OP mentions it's from the consumer version.
Anyway that's not a file, it's a link to a file, just like if I emailed a link or you clicked one on a website, all the same mechanisms exist if you want to scan it. Microsoft Defender for Office 365 includes SafeLinks which will scan the destination of a link sent via Teams so offers protection.
It's very rare for organisations to allow chat with personal Teams accounts, most just turn it off and then use an allowlist for the organisations that people can talk to.
One can assume as you cannot share files in federated chats 😉
Safe Links feature will work for all kinds of links sent from the consumer account. When the consumer account is sharing documents (sharing links) you're hoping that the Safe attachments will kick in. But that's an asynchronous process so will/can be bypassed. Haven't yet seen Safe Links take action when receiving a sharing link from a consumer account. *edit* If having a license with Safe Documents you'll get protection from the above scenario. Before a user is allowed to trust a file opened in a supported version of Office, the file will be verified by Microsoft Defender for Endpoint.
Should obviously been rolled out default off as it shouldn't be on for consumer -> org direction.