Provide ability to remove users added to recurring meetings' chats
We have the following scenario that cannot be remedied without deleting a recurring meeting:
1. User A and B have a recurring weekly meeting in Teams.
2. User C is invited to join the call on this meeting during one instance.
3. Even though User C has not been invited to the recurring meeting, User C now has access to the Teams chat of the subsequent recurring meeting instances.
This seems like a huge bug that you cannot remove a user from seeing the chat of a meeting to which they are normally not a member. I just spoke with Microsoft support and their recommended course of action is to delete the recurring meeting and re-create it, losing the chat history.
Bo Bertelsen commented
It seems that Microsoft finally listened! This seems like it will fix this issue:
We are updating a meeting participant's access to meeting chat. These changes will manage a users access to a meeting chat based on how they were invited to the meeting.
1. Microsoft 365 Roadmap ID: 68853
2. Timing: rollout will begin in early December and complete by mid-December
3. Rollout: Tenant level
4. Control: Managed by meeting participants invite to meeting
[How this impacts your organization:]
Once this has rolled out, the changes will apply to new meetings. These changes will not be applied to previously scheduled meetings.
A participants access to meeting chat will be dependent on how they were invited to the meeting:
1. Single meeting
1. Original and forwarded invitees maintain access to chat.
2. Directly added participants have access to chat for the duration of the meeting. Chat access is removed at meeting conclusion but they will be able to review the meeting chat history.
2. Recurring - Single instance of a meeting series
1. Original invitees maintain access to chat.
2. Forward invitees or directly added participants have access to chat for the duration of the meeting. Chat access is removed at meeting conclusion but they will be able to review the meeting chat history.
Note: These changes do not impact channel meetings.
Geir Gylset commented
What about this scenario:
Every other week I set up a meeting with the same people attending. It is, for several reasons, not a recurring meeting. 2 months ago person X was replaced by another one. Still person X recieves alerts for every comment in the teams chat. Person X was mever a part of any team in Teams just invited to the actual meetings. This scares me.
Bo Bertelsen commented
In the moment of writing it has been an issue for 2 and a half years.
I assume that is Microsofts way of saying; It's not a bug - it's a feature
It is unfortunate that users aren't made aware of that this is how it works, and it has the potential to cause some serious problems for the users.
phil jones commented
Persistent conference ID's should be applicable to recurring meetings organised in Channels, but conference ID should not be persistent for meetings created through Outlook or the Teams Calendar. From a product management point of view it is very difficult to provide this information to users without admitting that there is a fault in the product, which may subsequently impact adoption. Either provide warning messages or give us the choice!
That's not a solution: "delete the recurring meeting and re-create!"
In my weekly recurring meeting there are different people invited, so deleting this meeting is no option.
A very common scenario and a big security loop hole.
The nature of this one is really evil; since it's not easy to understand that it works this way.
Hence you don't have control of who sees the information!
Its simply poor and lazy design. It creates a material confidentiality issue to be managed.
Agree. I am always getting chat notifications for items I'm not needing.
Holly Douglas commented
It would nice to have an option when adding a new participant to a recurring meeting to ask the question - "This occurrence only or all meetings"
Hector Chazari commented
I agree, this is a big set back for a lot of employees. Once the meeting has ended it should remove the attendee that was added. They should not have access to any future chats/meetings.
Ryan C commented
I see this as a privacy issue. Further, it is larger than just Team Meetings, which I have experienced the above scenario as well below.
This is also an issue with Team Calls. Scenario:
1. User A calls B for a discussion using Team Calls.
2. User C is invited for a discussion during the same call.
3. During the call Chat is used to share information. Moving forward, User C is linked to the Chat shared by Users A and B, and sees any chat communication between A & B.
This should be addressed asap.
I like this approach:
"What you would like is that upon closing the meeting you get prompted that guests still have access and that you need to block their access, or even better: in the creation (or changing) of an invitation you get the option to classify invitees into permanent attendees and one time guests. The last group being automatically being kicked out of the chat after the meeting."
Sonny O commented
when adding someone to a group chat you have the capability to provide them historical chats or only future. Same should hold true for recurring meeting and associated chats.
Additionally the manual work around of removing them from the auto created chat group is not sustainable and introduces many issues.
Hajer Zaiem commented
Not acceptable for an enterprise collaboration tool.
Robin Bradbury commented
Not really acceptable in an enterprise tool.
Meta Keijzer commented
I looked into this issue and found that if you delete someone from the chat, they can still see the chat history that they were part of, but no future additions.
The problem is that it needs to be done manually, either by the one-time attendant himself or by any other member of the meeting.
What you would like is that upon closing the meeting you get prompted that guests still have access and that you need to block their access, or even better: in the creation (or changing) of an invitation you get the option to classify invitees into permanent attendees and one time guests. The last group being automatically being kicked out of the chat after the meeting.
Agree with previous comments. This is a big issue and opens our organization up to situations where the wrong information could inadvertently get shared with the wrong audience. Please fix ASAP.
Alexander Cutler commented
I agree - this is a HUGE security hole that many would miss. Many board and SMT meetings havee been running on this technology in thousands of companies, and I bet very few are aware of this dangerous loophole that suddenly means their meeting chats are nowhere near as confidential as first supposed...
As an add on, I believe User C will now ALSO have access to any files shared in the meeting which they are not entitled to, but get Read Access by being a part of the meeting (once). - David
The manual solution of going back into the Chat and removing those one time guests is fine for an advanced user. But, leadership are not advanced users and we are working the hardest to increase collaboration with Teams. This is a problem for me/us and one I consider a security gap. - David