Teams Abusive behaviour on video calls

Occasional Contributor

Hi Folks,

 

I believe we're suffering teamsbombing, we have a situation whereby a video call is starting up for a team of students, the students are getting the meeting info for the team from either the invite URL or the ellipsis menu\meeting info, they are then firing up an incognito browser session and then joining as anonymous users using different names or names of other students.

 

This is very distracting for the teaching staff.

 

 

I've disabled guest access via POSH for the team but that doesn't appear to flow down to a video call, we need guest access on overall for the tenant for serveral other business reasons.

 

Are there any work arounds or fixes?

 
 
 
 
6 Replies

@Zer0 Hello, there are many ways to secure the Teams environment, with meeting policies and messaging policies for example.

 

You can start by reading this.

Keeping students safe while using Teams for distance learning - Office Support (microsoft.com)

 

For the specific issue though you can turn off "anonymous can join meetings" (also described in above link) or adjust the teams meeting options (lobby and roles).

 

Roles in a Teams meeting - Office Support (microsoft.com)

Change participant settings for a Teams meeting - Office Support (microsoft.com)

@Zer0 

One suggestion - it won't stop it happening but will help in proving who the culprit is for whatever behaviour sanctions your school is running at the moment:

 

You (or whoever has Teams admin rights) can go onto the Teams Admin centre (https://admin.teams.microsoft.com/), then Users, then pick a teacher whose lessons are suffering, then Call History, pick one of the calls that was being "teamsbombed", and you can then see all the participants. You can then click on some of the guest ones and look through the data and you'll find device name in there which is normally a give-away of who it is. Otherwise if you go onto the Debug tab and look for Connectivity_LocalSite it will give their IP address, you can compare this to students who are logged in as evidence of who is doing it.

@CoasterKaty 

 

When I look through the debug data I can see the client is the webclient, when I lookup the Connectivity_LocalSite ip it resolves to Microsofts subnets, it is also evident in those debug logs that the webclient runs on VMs in Microsofts infrastructure quite fascinating reading really.

 

I did take the IP and look it up on cloud app security just to confirm my suspicions. 

 

I might log a ticket is MS support to see if there's a way I can resolve a web client anonymous user back to a real IP.

 

In your case were students using the full app?

@Zer0 Ah that's annoying, when I had a look through it must have been a desktop client user I had picked on as that value was lookup up as an ISP. 

 

In my case they were using an iPhone called "Name's iPhone" so it was obvious who it was (as the names weren't all that common), and the IP addresses matched.

Thanks Christian, I've been through it several times to get them as locked down as much as possible, which they are, but that "Anonymous can join meetings" option appears tenant wide.

Is there a way to disable it per team via a PoSH cmdlet?

@Zer0 Hello, sorry for the late reply! I've been experiencing issues not getting notifications when someone replies to my posts. So I'm chasing them down manually.

 

If your org. choose to keep the "Anonymous users can join a meeting" enabled, which is a Teams Meeting setting, you must ensure that the meeting organizers are using proper lobby settings. It can be controlled with policy or per-meeting using the meeting options (meaning you don't control the anon meeting setting but instead use lobby settings so anon users cannot attend).

 

It's described in detail here Keeping students safe while using Teams for distance learning - Office Support (microsoft.com) under "Prevent anonymous users from joining".