cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Prevent file upload from external parties

tsl65
Copper Contributor

‎Sep 19 2022 04:22 AM

‎Sep 19 2022 04:22 AM

Prevent file upload from external parties

Hi,
We have a bit of a security concern: 
Persons external to our company can without any notice initiate a chat to an employee and send a file. 
Is it possible to block either for external initiated chat or prevent the external user can upload a file? 
The concern is, these files could be anything, including malware and then we have to rely solely on our virus scanner (that we trust, but there are zero-day exploits and rare cases....) 

I found al kinds of articles and how to prevent file sharing from internal to external, but here we don't want to receive files from external. 

Any suggestions ??

Regards
TSL65
Labels:
4,800 Views
0 Likes
7 Replies
Reply
7 Replies
best response confirmed by tsl65 (Copper Contributor)
ChristianJBergstrom

‎Sep 19 2022 04:59 AM

‎Sep 19 2022 04:59 AM

Solution

Re: Prevent file upload from external parties

Head over to Teams admin center and External access (under Users). Disable the option that consumer accounts can initiate a chat with your org. users. This isn't applicable for the "Teams and Skype for Business users in external organizations" setting which is federation. Because when using federation (also called trusted organizations) you cannot share files in chats.

You can prevent guest users (added to your org. with a guest account) from uploading files but that isn't the question here as far as I understand.
1 Like
Reply
Steven Collier

‎Sep 19 2022 05:01 AM

‎Sep 19 2022 05:01 AM

Re: Prevent file upload from external parties

@tsl65 How can they send a file? Federated chat to or from people outside your organisation doesn't allow file transfer. 

0 Likes
Reply
ChristianJBergstrom

‎Sep 19 2022 05:05 AM

‎Sep 19 2022 05:05 AM

Re: Prevent file upload from external parties

Hey Steven, it's a sharing link from the consumer account pointing to its OneDrive where that file is being shared from. Don't like the open default setting here tbh.
0 Likes
Reply
Steven Collier

‎Sep 19 2022 05:16 AM

‎Sep 19 2022 05:16 AM

Re: Prevent file upload from external parties

@ChristianJBergstrom I don't really see where the OP mentions it's from the consumer version.

 

Anyway that's not a file, it's a link to a file, just like if I emailed a link or you clicked one on a website, all the same mechanisms exist if you want to scan it. Microsoft Defender for Office 365 includes SafeLinks which will scan the destination of a link sent via Teams so offers protection.

 

It's very rare for organisations to allow chat with personal Teams accounts, most just turn it off and then use an allowlist for the organisations that people can talk to.

0 Likes
Reply
tsl65

‎Sep 19 2022 05:26 AM

‎Sep 19 2022 05:26 AM

Re: Prevent file upload from external parties

Thanks, that will take the top of the concerns and lower my managers blood pressure :)
We are most concerned about the unknow users that suddenly contacts us.
Teams is made for collaboration so we cannot shout down for all external activities.
1 Like
Reply
ChristianJBergstrom

‎Sep 19 2022 05:27 AM - edited ‎Sep 26 2022 11:58 PM

‎Sep 19 2022 05:27 AM - edited ‎Sep 26 2022 11:58 PM

Re: Prevent file upload from external parties

One can assume as you cannot share files in federated chats ;)

Safe Links feature will work for all kinds of links sent from the consumer account. When the consumer account is sharing documents (sharing links) you're hoping that the Safe attachments will kick in. But that's an asynchronous process so will/can be bypassed. Haven't yet seen Safe Links take action when receiving a sharing link from a consumer account. *edit* If having a license with Safe Documents you'll get protection from the above scenario. Before a user is allowed to trust a file opened in a supported version of Office, the file will be verified by Microsoft Defender for Endpoint.

Should obviously been rolled out default off as it shouldn't be on for consumer -> org direction.

0 Likes
Reply
tsl65

‎Sep 19 2022 05:30 AM - last edited on ‎Nov 08 2023 06:44 PM by

‎Sep 19 2022 05:30 AM - last edited on ‎Nov 08 2023 06:44 PM by

Re: Prevent file upload from external parties

@Steven Collier We had the setting that Christian mentioned, set to allow contact from unmanaged sources. 

(Teams accounts not managed by an organization)

0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by tsl65 (Copper Contributor)
ChristianJBergstrom

‎Sep 19 2022 04:59 AM

‎Sep 19 2022 04:59 AM

Solution

Re: Prevent file upload from external parties

Head over to Teams admin center and External access (under Users). Disable the option that consumer accounts can initiate a chat with your org. users. This isn't applicable for the "Teams and Skype for Business users in external organizations" setting which is federation. Because when using federation (also called trusted organizations) you cannot share files in chats.

You can prevent guest users (added to your org. with a guest account) from uploading files but that isn't the question here as far as I understand.

View solution in original post

1 Like
Reply