Removed external meeting participant can easily rejoin

Copper Contributor

We are in the process of switching over to Teams but encountered an odd issue in testing meetings with external guests.  We have it set up so guests start out in the lobby and then we approve them to enter.  If we remove them at some point during the meeting they are correctly forced out and on their screen see the message that they were removed and get two options, Rejoin or Dismiss.  If they immediately click Rejoin they bypass the lobby and are right back in the meeting.  It feels like this is not intended.  If they dismiss and close their browser then go back to the invitation and click the link to enter the meeting again they get put back in the lobby and have to wait to be let back in.  This is with the guest attending the meeting using a web browser.  I tried this with both Edge and Chrome, I have not yet tried this using the Teams app.

15 Replies

Doesn't look like it's worked as supposed to, let me ping few folks...

Just a follow up, I get the same behavior when using the app as I do with a browser.

Sorry, forgot to circle back here. Apparently Microsoft already has something in the works to address this.

hi, this is still behaving as described above. Can you please provide update on the fix to address this? This is very troubling that a user can just jump back into a meeting. @Vasil Michev 

@Erscpa725
this pointless re-animation of a session still seems to work!

Why no 

1) Fix

2) comment from MS

 

Come one - this is clearly a very silly design decision. Although I can see that this might work against a genuine attendee who was dropped through connectivity issues and I suppose, could be used against a genuine user in some kind of DOS attack, the fact that the system redisplays the join details must mean that state information is being used to get them back into the meeting at the same status so it would be possible to use this (or remove it entirely) to bounce them back to the lobby. Surely if there is any concern about people "wrongly" going back to the lobby when they had a technical fail, this could be a meeting option?


"users who are dropped or removed must renter via lobby" checkbox -  those who have poor connections and few "abusers" could choose not to use this - the rest of us set it up so that anyone who is disconnected by remove or drop re-enter through the lobby.

I'd also like to see a ban option but I can see how this with unvalidated users (anonymous) could be used to mount DOS attacks on innocent attendees but anyone who is that important could be made a guest and validated and it would take some technical skill to spoof an IP address (could be part of the ban table)

Agreed. The inability to remove someone from a meeting is a terrible design flaw.

 

Come on, Microsoft! 

Yes soma happens to us

Would also be useful if there was an option that forced everyone to go through the lobby should it be required so that internal people can be bumped to there as well.

@bertloftis this is so frustrating - has anyone heard when there will be a fix?

@MichelleB1982 

See UserVoice here: https://microsoftteams.uservoice.com/forums/555103-public/suggestions/39481747-issue-with-guests-ree...

 

Think it may solve the issues along with the ability to set who can bypass lobb to "Only me" when that is released in June

@Trevor Baxter 
Hey Trev - this in development and we should have it in June :)

 

Will force even internals to go to lobby

@Rakesh Chauhan 

 

the issue has nothign to do with who is forced to go to the lobby - although Only me (which is referred to in one of the working on is useufl).

 

The problem is that currently that someone who enters via the lobby. is accepted but then removed (e.g. for disruption) from a meeting by an organiser r presenter can rejoin without being held in the lobby. Teams even puts a helpful rejoin button their screen all they have to do is press it to circumvent the remove.

 

Please confirm that it is a requirement to return to the lobby if you use rejoin that is being worked on,

otherwise, you will not be fixing the issue.

 

(I say one button rejoin for someone who was booted is just a good old fashioned bug)

 

Yes, I understand that with no authentication, they could rejoin with a new identity and the lobby monitor would have to make a judgment call but at least that takes a while - straight back in with a single press makes remove utterly pointless.

Hi all.
It has been fixed (partly) for us, if we remove a participant they are now forced to come back via the lobby whereas before they could just come straight back in. If you click the cross to deny access they get a message to say access denied. I have a screenshot of it in my laptop but not to hand.

@MichelleB1982 

thanks for confirming - that sound better.

 

I assume that with an anonymous guest (rather than an azure guest), the deny only works as long as the user doesn't just start an InPrivate window and join with another name. But, of course, in that case they'd end up in the lobby and might not get the benefit of the doubt (especially if it was the middle of the meeting and only one person had been removed)

 

I think so - they would be forced into the lobby if they tried to enter another way and you just would deny access.