CIS.M365.8.5.3 - (L1) Ensure only people in my org can bypass the lobby
Overviewβ
8.5.3 (L1) Ensure only people in my org can bypass the lobby
This policy setting controls who can join a meeting directly and who must wait in the lobby until they're admitted by an organizer, co-organizer, or presenter of the meeting.
The recommended state is People who were invited or more restrictive.
Rationaleβ
For meetings that could contain sensitive information, it is best to allow the meeting organizer to vet anyone not directly sent an invite before admitting them to the meeting. This will also prevent the anonymous user from using the meeting link to have meetings at unscheduled times.
Impactβ
Individuals who are not part of the organization will have to wait in the lobby until they're admitted by an organizer, co-organizer, or presenter of the meeting.
Any individual who dials into the meeting regardless of status will also have to wait in the lobby. This includes internal users who are considered unauthenticated when dialing in.
Remediation action:β
- Navigate to Microsoft Teams Admin Center.
- Select Settings & policies > Global (Org-wide default) settings.
- Select Meetings to open the meeting settings section.
- Under meeting join & lobby set Who can bypass the lobby to People who were invited or a more restrictive value: People in my org, Only organizers and co-organizers.
PowerShellβ
- Connect to Teams PowerShell using
Connect-MicrosoftTeams. - Run the following command to set the recommended state:
Set-CsTeamsMeetingPolicy -Identity Global -AutoAdmittedUsers "InvitedUsers"
Note: More restrictive values EveryoneInCompanyExcludingGuests or OrganizerOnly are also in compliance.
Related linksβ
- Microsoft Teams Admin Center.
- Overview of lobby settings and policies
- Set-CsTeamsMeetingPolicy
- CIS Microsoft 365 Foundations Benchmark v6.0.1 - Page 434
Test Metadataβ
| Field | Value |
|---|---|
| Test ID | CIS.M365.8.5.3 |
| Severity | Medium |
| Suite | CIS |
| Category | CIS E3 Level 1 |
| PowerShell test | Test-MtCisTeamsLobbyBypass |
| Tags | CIS, CIS E3, CIS E3 Level 1, CIS M365 v6.0.1, CIS.M365.8.5.3, L1 |
Sourceβ
- Pester test:
tests/cis/Test-MtCisTeamsLobbyBypass.Tests.ps1 - PowerShell source:
powershell/public/cis/Test-MtCisTeamsLobbyBypass.ps1