MS.TEAMS.2.1v1 - External access for users SHALL only be enabled on a per-domain basis.

Information

The default configuration allows members to communicate with all external users with similar access permissions. This unrestricted access can lead to data breaches and other security threats. This policy provides protection against threats posed by unrestricted access by allowing communication with only trusted domains.

Solution

To enable external access for only specific domains:

1. Sign in to the Microsoft Teams admin center.

2. Select Users > External access.

3. Under Choose which external domains your users have access to, select Allow only specific external domains.

4. Click Allow domains to add allowed external domains. All domains not added in this step will be blocked.

5. Click Save.

See Also

https://github.com/cisagov/ScubaGear/tree/v1.5.0/

Item Details

Category: ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|AC-3, 800-53|AC-4, 800-53|AC-6, 800-53|AC-8, 800-53|CA-7, 800-53|CM-2, 800-53|CM-6, 800-53|CM-7, 800-53|SC-7, 800-53|SC-44, 800-53|SI-2, 800-53|SI-3, 800-53|SI-4, 800-53|SI-8

Plugin: microsoft_azure

Control ID: 60397061a67683f823544248bc69e035096fc53249be16fd688ff2c9612bcb26