Restricting access to 'anonymous' Teams Meetings in other tenants for specific users

%3CLINGO-SUB%20id%3D%22lingo-sub-1548803%22%20slang%3D%22en-US%22%3ERestricting%20access%20to%20'anonymous'%20Teams%20Meetings%20in%20other%20tenants%20for%20specific%20users%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1548803%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20utilize%20the%20M365%20IP%20service%20to%20let%20users%20in%20our%20firewall%20access%20to%20M365%20services%2C%20including%20Teams.%20We%20use%20tenant%20restrictions%20in%20our%20firewall%20to%20ensure%20they%20are%20only%20connecting%20to%20our%20tenant%2C%20with%20AAD%20certificate%20auth%20%26amp%3B%20MFA%20using%20CA.%20However%2C%20because%20teams%20is%20on%20the%20network%20whitelist%20-%20meeting%20invitations%20from%20other%20tenants%20can%20be%20sent%20and%20joined%20anonymously%20-%20providing%20a%20pathway%20to%20exfiltrate%20data%20from%20an%20otherwise%20secure%20endpoint.%20Our%20only%20solution%20is%20to%20hard%20block%20the%20URLs%20involved%20in%20Teams%20-%20but%20we%20would%20like%20these%20higher%20security%20users%20to%20use%20Teams%20with%20Information%20Barriers%20-%20but%20can't%20allow%20them%20to%20get%20these%20meeting%20invites%20to%20other%20organizations%20uncontrollably.%20This%20would%20be%20a%20great%20CAS%20feature%2C%20to%20identify%20anonymous%20teams%20meetings%20and%20allow%20for%20alerts%20or%20restriction.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1548803%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECloud%20App%20Security%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EData%20Protection%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EThreat%20Protection%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Occasional Visitor

We utilize the M365 IP service to let users in our firewall access to M365 services, including Teams. We use tenant restrictions in our firewall to ensure they are only connecting to our tenant, with AAD certificate auth & MFA using CA. However, because teams is on the network whitelist - meeting invitations from other tenants can be sent and joined anonymously - providing a pathway to exfiltrate data from an otherwise secure endpoint. Our only solution is to hard block the URLs involved in Teams - but we would like these higher security users to use Teams with Information Barriers - but can't allow them to get these meeting invites to other organizations uncontrollably. This would be a great CAS feature, to identify anonymous teams meetings and allow for alerts or restriction.

0 Replies