Provide ability to remove users added to recurring meetings' chats
We have the following scenario that cannot be remedied without deleting a recurring meeting:
1. User A and B have a recurring weekly meeting in Teams.
2. User C is invited to join the call on this meeting during one instance.
3. Even though User C has not been invited to the recurring meeting, User C now has access to the Teams chat of the subsequent recurring meeting instances.
This seems like a huge bug that you cannot remove a user from seeing the chat of a meeting to which they are normally not a member. I just spoke with Microsoft support and their recommended course of action is to delete the recurring meeting and re-create it, losing the chat history.
Jonathon Lamon commented
This is a security risk in GCC High in meetings where participants are invited to join a discussion temporarily in a recurring meeting.. Security is there to prevent the participant from seeing past conversations, but if the user is not a recurring participant they should not be able to see meeting chat once they have left the meeting. This will be extremely important in the future when you allow collaboration between non GCC High and GCC High.
Please also consider the scenario in which guests and other internal attendees need to only attend for a part of the meeting agenda then drop out once they have taken their section of the meeting. There needs to be the ability to remove guests and internal guests quickly from the meeting and the chat once they have completed their session mid way through the meeting. Otherwise the risk is that confidential information will be exposed in chat and viewable after the guests have left. Don't believe roadmap item 68853 fully covers this particular scenario.
Thomas Moy commented
I'm happy this has found its way onto the Roadmap, but we also need it in Government cloud environments too.
Brian Klish commented
The mentioned change by Bo Bertelson has been pushed back and is now targeted for Q1 2021
Bo Bertelsen commented
It seems that Microsoft finally listened! This seems like it will fix this issue:
We are updating a meeting participant's access to meeting chat. These changes will manage a users access to a meeting chat based on how they were invited to the meeting.
1. Microsoft 365 Roadmap ID: 68853
2. Timing: rollout will begin in early December and complete by mid-December
3. Rollout: Tenant level
4. Control: Managed by meeting participants invite to meeting
[How this impacts your organization:]
Once this has rolled out, the changes will apply to new meetings. These changes will not be applied to previously scheduled meetings.
A participants access to meeting chat will be dependent on how they were invited to the meeting:
1. Single meeting
1. Original and forwarded invitees maintain access to chat.
2. Directly added participants have access to chat for the duration of the meeting. Chat access is removed at meeting conclusion but they will be able to review the meeting chat history.
2. Recurring - Single instance of a meeting series
1. Original invitees maintain access to chat.
2. Forward invitees or directly added participants have access to chat for the duration of the meeting. Chat access is removed at meeting conclusion but they will be able to review the meeting chat history.
Note: These changes do not impact channel meetings.
Geir Gylset commented
What about this scenario:
Every other week I set up a meeting with the same people attending. It is, for several reasons, not a recurring meeting. 2 months ago person X was replaced by another one. Still person X recieves alerts for every comment in the teams chat. Person X was mever a part of any team in Teams just invited to the actual meetings. This scares me.
Bo Bertelsen commented
In the moment of writing it has been an issue for 2 and a half years.
I assume that is Microsofts way of saying; It's not a bug - it's a feature
It is unfortunate that users aren't made aware of that this is how it works, and it has the potential to cause some serious problems for the users.
phil jones commented
Persistent conference ID's should be applicable to recurring meetings organised in Channels, but conference ID should not be persistent for meetings created through Outlook or the Teams Calendar. From a product management point of view it is very difficult to provide this information to users without admitting that there is a fault in the product, which may subsequently impact adoption. Either provide warning messages or give us the choice!
That's not a solution: "delete the recurring meeting and re-create!"
In my weekly recurring meeting there are different people invited, so deleting this meeting is no option.
A very common scenario and a big security loop hole.
The nature of this one is really evil; since it's not easy to understand that it works this way.
Hence you don't have control of who sees the information!
Its simply poor and lazy design. It creates a material confidentiality issue to be managed.
Agree. I am always getting chat notifications for items I'm not needing.
Holly Douglas commented
It would nice to have an option when adding a new participant to a recurring meeting to ask the question - "This occurrence only or all meetings"
Hector Chazari commented
I agree, this is a big set back for a lot of employees. Once the meeting has ended it should remove the attendee that was added. They should not have access to any future chats/meetings.
Ryan C commented
I see this as a privacy issue. Further, it is larger than just Team Meetings, which I have experienced the above scenario as well below.
This is also an issue with Team Calls. Scenario:
1. User A calls B for a discussion using Team Calls.
2. User C is invited for a discussion during the same call.
3. During the call Chat is used to share information. Moving forward, User C is linked to the Chat shared by Users A and B, and sees any chat communication between A & B.
This should be addressed asap.
I like this approach:
"What you would like is that upon closing the meeting you get prompted that guests still have access and that you need to block their access, or even better: in the creation (or changing) of an invitation you get the option to classify invitees into permanent attendees and one time guests. The last group being automatically being kicked out of the chat after the meeting."
Sonny O commented
when adding someone to a group chat you have the capability to provide them historical chats or only future. Same should hold true for recurring meeting and associated chats.
Additionally the manual work around of removing them from the auto created chat group is not sustainable and introduces many issues.
Hajer Zaiem commented
Not acceptable for an enterprise collaboration tool.
Robin Bradbury commented
Not really acceptable in an enterprise tool.
Meta Keijzer commented
I looked into this issue and found that if you delete someone from the chat, they can still see the chat history that they were part of, but no future additions.
The problem is that it needs to be done manually, either by the one-time attendant himself or by any other member of the meeting.
What you would like is that upon closing the meeting you get prompted that guests still have access and that you need to block their access, or even better: in the creation (or changing) of an invitation you get the option to classify invitees into permanent attendees and one time guests. The last group being automatically being kicked out of the chat after the meeting.