MS.TEAMS.1.2v1 - Anonymous users SHALL NOT be enabled to start meetings.

Information

For agencies that implemented custom policies providing more flexibility to some users to automatically admit "everyone" to a meeting - this policy provides protection from anonymous users starting meeting to scrape internal contacts.

Solution

To configure settings for anonymous users:

1. Sign in to the Microsoft Teams admin center.

2. Select Meetings > Meeting policies.

3. Select the Global (Org-wide default) policy.

4. Under the Meeting join & lobby section, set Anonymous users and dial-in callers can start a meeting to Off.

5. If custom policies were created, repeat these steps for each policy, selecting the appropriate policy in step 3.

See Also

https://github.com/cisagov/ScubaGear/tree/v1.5.0/

Item Details

Category: ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|AC-2, 800-53|AC-5, 800-53|AC-6, 800-53|CA-7, 800-53|SA-3, 800-53|SA-4, 800-53|SA-8, 800-53|SA-10, 800-53|SA-11, 800-53|SA-15, 800-53|SA-16, 800-53|SA-17, 800-53|SC-28, 800-53|SI-4

Plugin: microsoft_azure

Control ID: c07dd6c67d45244a5d569eebfcaffbaefc28e5dfa1b68c5735b5e8aba2911e1f