Stream trial license circumvents Stream app security for UserType "Guest" users (State 4)

Stream trial license circumvents Stream app security for UserType "Guest" users (State 4)
 08-03-2018
0 Comments 
New

Consider this scenario:

 

We allocate subcontractors an Office 365 Enterprise E3 license with only Exchange Online enabled.  Subcontractors are granted access to content on an an-needed basis and are not considered employees.  Subcontractors Azure AD identities are assigned the "Guest" UserType.

 

The subcontractor successfully authenticates to Office 365 by visiting https://portal.office.com and then visits https://web.microsoftstream.com by typing the URL into the browser's address bar.  A Stream Trial License is then automatically assigned outside of Enterprise E3 license and the service is provisioned to give access to the subcontractor.  After a few minutes, the subcontractor is able to see all internal video content that is not meant for a "Guest" UserType.  This circumvents guest controls which to my understanding is currently not possible (https://techcommunity.microsoft.com/t5/Office-365/Microsoft-stream-external-sharing/td-p/143411).

 

We have been using Stream with the understanding that Guest Users are not able to get access and that the appropriate controls to limit access will be introduced when anonymous/guest access is made available.

 

Can you comment on this?  How do you limit "Even though as an admin you might have removed Microsoft Stream license from a user, they have the option to sign-up via a free trial and get access to your organization's stream portal." to UserType "Members" and not "UserType "Guests"?

 

https://docs.microsoft.com/en-us/stream/disable-user-organization

0 Upvote
Comment
Similar Ideas
No similar ideas