CIS.M365.8.2.2 - (L1) Ensure communication with unmanaged Teams users is disabled
Overview
8.2.2 (L1) Ensure communication with unmanaged Teams users is disabled
This policy setting controls chats and meetings with external unmanaged Teams users (those not managed by an organization, such as Microsoft Teams (free)).
The recommended state is: People in my organization can communicate with unmanaged Teams accounts set to Off.
Rationale
Allowing users to communicate with unmanaged Teams users presents a potential security threat as little effort is required by threat actors to gain access to a trial or free Microsoft Teams account. Some real-world attacks and exploits delivered via Teams over external access channels include:
- DarkGate malware
- Social engineering / Phishing attacks by "Midnight Blizzard"
- GIFShell
- Username enumeration
Impact
Users will be unable to communicate with Teams users who are not managed by an organization. Organizations may choose to create additional policies for specific groups needing to communicate with unmanaged external users.
Note: The settings that govern chats and meetings with external unmanaged Teams users aren't available in GCC, GCC High, or DOD deployments, or in private cloud environments
Remediation action:
To remediate using the UI:
- Navigate to Microsoft 365 Teams Admin Center.
- Click to expand Users select External access.
- Select the Policies tab
- Click on the Global (Org-wide default) policy.
- Set People in my organization can communicate with unmanaged Teams accounts to Off.
- Click Save.
PowerShell
- Connect to Teams PowerShell using
Connect-MicrosoftTeams. - Run the following command:
Set-CsExternalAccessPolicy -Identity Global -EnableTeamsConsumerAccess $false
Note: Configuring the organization settings to block communication is also in compliance with this control.
Related links
- Microsoft 365 Teams Admin Center
- IT Admins - Manage external meetings and chat with people and organizations using Microsoft identities
- Midnight Blizzard conducts targeted social engineering over Microsoft Teams
- GIFShell Attack Lets Hackers Create Reverse Shell through Microsoft Teams GIFs
- CIS Microsoft 365 Foundations Benchmark v6.0.1 - Page 413
Test Metadata
| Field | Value |
|---|---|
| Test ID | CIS.M365.8.2.2 |
| Severity | Medium |
| Suite | CIS |
| Category | CIS M365 v6.0.1 |
| PowerShell test | Test-MtCisCommunicateWithUnmanagedTeamsUsers |
| Tags | CIS, CIS E3 Level 1, CIS M365 v6.0.1, CIS.M365.8.2.2 |
Source
- Pester test:
tests/cis/Test-MtCisCommunicateWithUnmanagedTeamsUsers.Tests.ps1 - PowerShell source:
powershell/public/cis/Test-MtCisCommunicateWithUnmanagedTeamsUsers.ps1