Hi all, 

Apologies if this is the wrong location, but how does one go about requesting a change to Teams official documentation? 

Unfortunately, the company I work for hasn't yet (it's planned) sent myself or the local IT team on official Microsoft training for Teams, but we have been requested to implement Team in-house ASAP and without any third party / consultation.

This is something I am aware that is very common in the IT space, and thus it's the reason why so many of us rely on good documentation.

So, without further ado we started reading the docs from Microsoft and got to the point of external / guest collaboration, and luckily we (myself and my team) naturally err on the side of caution when it comes to security, and often find ourselves challenging documentation as it's quite often written on the side of "getting it done", rather than getting it done "securely". 

As we know, Teams is a large interconnected system made up of various components; Teams, Office 365 Groups, Sharepoint sides, Azure, OneDrive, etc. The last thing we wanted to do was to allow "guests" into our system and have a problem of Confidentiality on our hands!

We were therefore surprised to read the following 'Checklist' on how to Enable Guest Access in Microsoft Teams: https://docs.microsoft.com/en-us/microsoftteams/guest-access-checklist

There are a few areas in this doc which very much fall into the "getting it done" camp, rather than getting it done "securely" camp. For examples:

1. Make sure that the Let group owners add people outside the organization to groups check box is selected. - For the Office 365 Group settings.

2. Make sure that the option is set to Anyone or New and existing guests. - For SharePoint site sharing settings. 

My question / point is that what have these got to do with allowing Guests into the system? The answer is that neither of these settings are needed for Guest access to Teams despite the article alluding that they are, but instead these settings are needed for sharing files whilst within Teams. If of course you do not want to allow guests to share files with internal users then do NOT set these two options.

Unfortunately I very much see this as hang up of days which I hoped where long forgotten, but clearly not. 

Those days being = Microsoft (everything is turned on by default and you have to know it exists to lower your risk) Vs Linux, etc (it's generally turned off unless you need it, in which case you turn it on).

In this interconnected day and age it would be nice to see Microsoft err on the side of caution too, and perhaps that is still allowing the options to allow sharing for everyone, but explain more clearly as to what this does and the associated risks.

I searched the internet to find more information on these check boxes and unfortunately it comes down to blogs to determine the real changes these settings make in the back-end. I don't feel that that's the correct answer for this. - I believe it's up to those that create the systems and services to think long and hard about what an option does and really give the end user / admin the correct and up-to-date information to make the correct decision.

This is not a rant, but an observation that I know a lot of my peers would agree with, and I believe that we all have shared responsibility to help everyone out; be that a large company with lots of trained staff or a small company with limited budget. Security is paramount and it's very much linked to education and awareness through good documentation. 

Many thanks for your time.

John