Deny anonymous access , enabling only authenticated external/guest to join meetings

%3CLINGO-SUB%20id%3D%22lingo-sub-1441062%22%20slang%3D%22fr-FR%22%3EDeny%20anonymous%20access%20%2C%20enabling%20only%20authenticated%20external%2Fguest%20to%20join%20meetings%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1441062%22%20slang%3D%22fr-FR%22%3E%3CP%3EHi%20all%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EApologize%20if%20this%20subject%20may%20have%20been%20posted%20before%2C%20but%20i%20didn't%20find%20answer%20that%20match%20the%20same%20issue.%3C%2FP%3E%3CP%3EWe%20have%20a%20Customer%20that%20have%20done%20a%20pilot%20deployment%20experiment%2C%20in%20this%20one%20we%20have%20turned-on%20all%20options%20for%20them%20to%20play%20with%20MS%20Teams%20and%20see%20all%20his%20features.%3C%2FP%3E%3CP%3EAfter%20having%20validated%20all%2C%20we%20switched%20for%20more%20specific%20Policies%20(ie%3A%20restrict%20teams%20creation%20to%20specific%20users%2Cdisabling%20Anonymous%20access%20to%20meetings)%20and%20have%20applied%20them.%20But%20now%20it%20seems%20one%20issue%20was%20appeared%20specifically%20about%20external%20users.%20This%20option%20as%20you%20know%20is%20necessary%20to%20force%20authentication%20from%20user%20(disabling%20ability%20for%20anyone%20who%20accesses%20the%20link%20to%20access%20meetings%20anonymously).%20But%20after%20changing%20this%20option%20an%20external%20user%20who%20could%20previously%20access%20a%20meeting%20have%20now%20an%20error%20message%20that%20said%20he%20is%20not%20authorized%20because%20is%20outside%20of%20our%20organization%20and%20must%20authenticate.%20And%20he%20don't%20have%20opportunity%20to%20access.%3C%2FP%3E%3CP%3EI%20asked%20Microsoft%20support%20to%20investigate%20with%20me%2C%20and%20they%20provide%20me%20with%20some%20information%20that%20I%20cannot%20understand%3A%20they%20said%20that%20is%20mandatory%20to%20enable%20Anonymous%20access%20in%20meeting%20strategy%20to%20allow%20access%20to%20all%20external%20users%2C%20and%20have%20to%20use%20the%20lobby%20to%20perform%20a%20selecting%20of%20who%20can%20join%20meeting.%3C%2FP%3E%3CP%3EBut%20my%20purpose%20is%20to%20avoid%20that%20all%20external%20or%20guest%20users%20that%20there%20are%20not%20authenticated%20with%20an%20MS%20teams%20account%20could%20join%20a%20meeting.%3C%2FP%3E%3CP%3EMy%20reflection%20make%20me%20think%20about%20some%20issue%20like%20Outlook%20contact%20cache%20conflict%20when%20your%20organization%20migrates%20mail%20system%20and%20you%20need%20to%20clear%20your%20autocomplete%20file%20otherwise%20you%20cannot%20use%20suggested%20contacts%20for%20internal%20email%20without%20issues%20on%20email%20delivery.%20%3CBR%20%2F%3E%20I%20don't%20know%20how%20Teams%20store%20a%20conttact%20after%20first%20time%20it%20joins%20a%20meeting%2C%20but%20if%20my%20reflection%20is%20correct%20does%20u%20have%20to%20ask%20all%20external%20user%20that%20previously%20connect%20to%20clear%20datasomewhere%20in%20their%20MS%20Teams%20settings%20(or%20may-be%20a%20disconnect%20and%20reconnect)%20before%20they%20can%20again%20access%20meeting%20to%20my%20organization%20and%20be%20able%20to%20see%20the%20autenthicate%20popup%20when%20they%20try%20to%20use%20link%20next%20time%20we%20schedule%20a%20meeting%3F%3C%2FP%3E%3CP%3EIf%20that%20reflection%20is%20false%2C%20may%20be%20some%20one%20who%20passed%20the%20same%20situation%20can%20give%20me%20an%20advice%20on%20it%20please%2C%20i%20would%20greatly%20appreciate%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%2C%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1441062%22%20slang%3D%22fr-FR%22%3E%3CLINGO-LABEL%3EMeetings%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMicrosoft%20Teams%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESettings%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1445828%22%20slang%3D%22en-US%22%3ERe%3A%20Deny%20anonymous%20access%20%2C%20enabling%20only%20authenticated%20external%2Fguest%20to%20join%20meetings%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1445828%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F689299%22%20target%3D%22_blank%22%3E%40Mustapha365%3C%2FA%3E%26nbsp%3B%20-%20the%20question%20is%20whom%20were%20this%20meetings%20were%20sent%20to%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EConfirm%20the%20steps%20you've%20perform%20to%20create%20this%20meetings.%3C%2FP%3E%3CP%3E1.%20Created%20a%20teams%20meeting%20and%20just%20added%20email%20address%20to%20the%20attendee%3F%3C%2FP%3E%3CP%3E2%20Created%20Guest%20User%20in%20your%20tenant%26gt%3B%20Created%20a%20teams%20meeting%20and%20added%20those%20Guest%20user%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAnonymous%20Team%20meetings%20access%20was%20intended%20to%20cater%20%231%3A%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoftteams%2Fmeeting-settings-in-teams%23%3A~%3Atext%3DAllow%2520anonymous%2520users%2520to%2520join%2520meetings%2C-With%2520anonymous%2520join%26amp%3Btext%3DTo%2520learn%2520more%252C%2520see%2520Join%2520a%2520meeting%2520without%2520a%2520Teams%2520account.%26amp%3Btext%3DGo%2520to%2520the%2520admin%2520center%2Cusers%2520can%2520join%2520a%2520meeting.%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoftteams%2Fmeeting-settings-in-teams%23%3A~%3Atext%3DAllow%2520anonymous%2520users%2520to%2520join%2520meetings%2C-With%2520anonymous%2520join%26amp%3Btext%3DTo%2520learn%2520more%252C%2520see%2520Join%2520a%2520meeting%2520without%2520a%2520Teams%2520account.%26amp%3Btext%3DGo%2520to%2520the%2520admin%2520center%2Cusers%2520can%2520join%2520a%2520meeting.%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eand%20I%20believe%20you%20shouldn't%20have%20any%20problem%20if%20you've%20added%20those%20attendee%20as%20B2B%20Guest%20User%20(External%20AAD%20or%20MSA)%20prior%20to%20adding%20them%20to%20the%20meeting.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E-%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fb2b%2Fadd-users-administrator%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fb2b%2Fadd-users-administrator%3C%2FA%3E%3C%2FP%3E%3CP%3E-%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fb2b%2Fuser-properties%23can-azure-ad-b2b-users-be-added-as-members-instead-of-guests%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fb2b%2Fuser-properties%23can-azure-ad-b2b-users-be-added-as-members-instead-of-guests%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20hope%20this%20helps.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPolite%20as%20usual%2C%3C%2FP%3E%3CP%3EBFN%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E----------------------------------------------------------------------------------------------------%3C%2FP%3E%3CP%3ENote%3A%20I%20do%20this%20on%20my%20free%20time%20(mostly%20Tue%2C%20Thurs%20%26amp%3B%20Sat)%20to%20help%20foster%20the%20cloud%20community.%20Please%20also%20mark%20my%20response%20accordingly%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

Hi all,

 

Apologize if this subject may have been posted before, but i didn't find answer that match the same issue.

We have a Customer that have done a pilot deployment experiment,in this one we have turned-on all options for them to play with MS Teams and see all his features.

After having validated all, we switched for more specific Policies (ie : restrict teams creation to specific users,disabling Anonymous access to meetings) and have applied them.But now it seem one issue was appared specifically about external users.This option as you know is necessary to force authentication from user (disabling ability for anyone who access the link to access meetings anonymously).But after change this option an external user who could previously access a meeting have now a error message that said he is not authorized because is outside of our organization and must authenticate.And he do not have possibility to access.

I asked Microsoft support to investigate with me , and they provide me some informations that i cannot understand : they said that is mandatory to enable Anonymous access in meeting strategy to permit acces to all external users, and have to use the lobby to perform a selecting of who can join meeting.

But my purpose is to avoid that all external or guest users that there are not authenticated with a MS teams account could join a meeting.

My reflexion make me think about some issue like Outlook contact cache conflict when your organisation migrate mail system and you need to clear your autocomplete file otherwise you cannot use suggested contacts for internal email without issues on email delivery.
I don't know how Teams store a conttact after first time he join a meeting, but if my reflexion is correct does u have to ask all external user that previously connect to clear datasomewhere in their MS Teams settings (or may-be a disconnect and reconnect) before they can again access meeting to my organisation and be able to see the autenthicate popup when they try to use join link next time we schedule a meeting ?

If that reflexion is false, may be some one who passed the same situation can give me an advice on it please, i would greatly appreciate,

 

Thanks,

1 Reply
Highlighted

@Mustapha365  - the question is whom were this meetings were sent to?

 

Confirm the steps you've perform to create this meetings.

1. Created a teams meeting and just added email address to the attendee?

2 Created Guest User in your tenant> Created a teams meeting and added those Guest user?

 

Anonymous Team meetings access was intended to cater #1:

https://docs.microsoft.com/en-us/microsoftteams/meeting-settings-in-teams#:~:text=Allow%20anonymous%...

 

and I believe you shouldn't have any problem if you've added those attendee as B2B Guest User (External AAD or MSA) prior to adding them to the meeting.

 

https://docs.microsoft.com/en-us/azure/active-directory/b2b/add-users-administrator

https://docs.microsoft.com/en-us/azure/active-directory/b2b/user-properties#can-azure-ad-b2b-users-b...

 

I hope this helps.

 

Polite as usual,

BFN

 

 

----------------------------------------------------------------------------------------------------

Note: I do this on my free time (mostly Tue, Thurs & Sat) to help foster the cloud community. Please also mark my response accordingly