Forum Discussion
Securing Microsoft Teams Best Practice & Cleanup
Block Teams Creations- Correct, you will need to restrict the creation of M365 Groups and create a security group for those allowed to create new teams.
Expire or Archive old Teams- To expire Teams, you can create a M365 group expiration policy in AAD Admin Center. For Archiving, you can go to Teams Admin Center or archive the team using PowerShell or MS Graph.
There is also the option to use retention policies by going to MS Purview Compliance portal.
Governance Example Policy
“All guest accounts must be approved, require MFA, and be reviewed every 90 days. Guest accounts inactive for 90 days will be automatically disabled. Sharing of content must be restricted to authenticated guests only — anonymous links are prohibited.”
Quick Implementation Checklist
- Restrict who can invite guests
- Require MFA for all guest accounts
- Limit external sharing (no “Anyone with the link”)
- Classify Teams/sites with sensitivity labels
- Set up Access Reviews for recurring guest audits
- Enable logging & monitoring of guest activity
Would you have any links or documentation on the steps to accomplish these items? Any guidance is appreciated. Thank you.