Listen to this Post
By default, Microsoft Teams allows users from any external domain to contact your organizationβs users, creating a potential social engineering risk. To mitigate this, restrict communication to trusted domains only.
Steps to Configure External Access in Microsoft Teams:
1. Open Teams Admin Center:
- Navigate to Microsoft Teams Admin Center.
2. Go to Users > External Access:
- Under Org-wide settings, select External access.
3. Modify Settings:
- Disable “Allow users to communicate with external Teams users” if unnecessary.
- Enable “Allow only specific domains” and add trusted domains (e.g.,
partner.com).
PowerShell Automation (For Admins):
Connect to Microsoft Teams Connect-MicrosoftTeams Disable open federation (allow only listed domains) Set-CsTenantFederationConfiguration -AllowFederatedUsers $false Add trusted domains New-CsAllowedDomain -Domain "trustedpartner.com"
You Should Know:
- Audit Existing External Chats: Before blocking, check current external communications:
Get-CsExternalAccessPolicy | Format-Table Identity, EnableOutsideAccess
- Monitor Logs: Use Azure Sentinel or Microsoft Defender for Office 365 to detect phishing attempts.
- User Training: Educate employees to report unsolicited Teams messages.
Linux/Mac Alternative (via CLI):
If managing Office 365 via Linux, use `curl` + `jq` for API checks:
Query tenant federation settings (requires OAuth token) curl -s -H "Authorization: Bearer $TOKEN" \ "https://graph.microsoft.com/v1.0/teams/getAllMessages" | jq .
What Undercode Says:
- Defense-in-Depth: Combine Teams restrictions with conditional access policies (e.g., MFA for external chats).
- Logging: Enable Teams audit logs via:
Set-AdminAuditLogConfig -UnifiedAuditLogIngestionEnabled $true
- Backup Domains: Export current trusted domains before changes:
Get-CsAllowedDomain | Export-Csv -Path "trusted_domains.csv"
- Linux Admins: Use `grep` to parse Teams logs:
journalctl -u teams --since "1 hour ago" | grep "external message"
Expected Output:
- Reduced phishing risks via Teams.
- Controlled external collaboration.
- Automated domain management via PowerShell.
Reference: Microsoft Teams External Access Docs.
References:
Reported By: Wanderson Silva – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass β
