Information
This policy setting can prevent anyone other than invited attendees (people directly invited by the organizer, or to whom an invitation was forwarded) from bypassing the lobby and entering the meeting.
For more information on how to setup a sensitive meeting, please visit Configure Teams meetings with protection for sensitive data - Microsoft Teams: https://learn.microsoft.com/en-us/MicrosoftTeams/configure-meetings-sensitive-protection
Rationale:
For meetings that could contain sensitive information, it is best to allow the meeting organizer to vet anyone not directly sent an invite before admitting them to the meeting. This will also prevent the anonymous user from using the meeting link to have meetings at unscheduled times.
Note: Those companies that don't normally operate at a Level 2 environment, but do deal with sensitive information, may want to consider this policy setting.
Impact:
Individuals who were not sent or forwarded a meeting invite will not be able to join the meeting automatically.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
To remediate using the UI:
Navigate to Microsoft Teams admin center https://admin.teams.microsoft.com.
Click to expand Meetings select Meeting policies.
Click Global (Org-wide default)
Under meeting join & lobby set Anonymous users can join a meeting to Off.
To remediate using PowerShell:
Connect to Teams PowerShell using Connect-MicrosoftTeams
Run the following command to set the recommended state:
Set-CsTeamsMeetingPolicy -Identity Global -AllowAnonymousUsersToJoinMeeting $false
Default Value:
On (True)