8.5.8 Ensure external meeting chat is off

Information

This meeting policy setting controls whether users can read or write messages in external meeting chats with untrusted organizations. If an external organization is on the list of trusted organizations this setting will be ignored.

Rationale:

Restricting access to chat in meetings hosted by external organizations limits the opportunity for an exploit like GIFShell or DarkGate malware from being delivered to users.

Impact:

When joining external meetings users will be unable to read or write chat messages in Teams meetings with organizations that they don't have a trust relationship with. This will completely remove the chat functionality in meetings. From an I.T. perspective both the upkeep of adding new organizations to the trusted list and the decision-making process behind whether to trust or not trust an external partner will increase time expenditures.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

To remediate using the UI:

Navigate to Microsoft Teams admin center https://admin.teams.microsoft.com.

Click to expand Meetings select Meeting policies.

Click Global (Org-wide default).

Under meeting engagement set External meeting chat to Off.

To remediate using PowerShell:

Connect to Teams PowerShell using Connect-MicrosoftTeams.

Run the following command to set the recommended state:

Set-CsTeamsMeetingPolicy -Identity Global -AllowExternalNonTrustedMeetingChat $false

Default Value:

On(True)

See Also

https://workbench.cisecurity.org/benchmarks/15279

Item Details

Category: PLANNING, SYSTEM AND SERVICES ACQUISITION

References: 800-53|PL-8, 800-53|SA-8

Plugin: microsoft_azure

Control ID: 8f7b78c2cfb3d29fb3dd0434732474a188dc806f0d9c9e188522955b48056a06