Provide ability to remove users added to recurring meetings' chats
We have the following scenario that cannot be remedied without deleting a recurring meeting:
1. User A and B have a recurring weekly meeting in Teams.
2. User C is invited to join the call on this meeting during one instance.
3. Even though User C has not been invited to the recurring meeting, User C now has access to the Teams chat of the subsequent recurring meeting instances.
This seems like a huge bug that you cannot remove a user from seeing the chat of a meeting to which they are normally not a member. I just spoke with Microsoft support and their recommended course of action is to delete the recurring meeting and re-create it, losing the chat history.
Sonny O commented
when adding someone to a group chat you have the capability to provide them historical chats or only future. Same should hold true for recurring meeting and associated chats.
Additionally the manual work around of removing them from the auto created chat group is not sustainable and introduces many issues.
Hajer Zaiem commented
Not acceptable for an enterprise collaboration tool.
Robin Bradbury commented
Not really acceptable in an enterprise tool.
Meta Keijzer commented
I looked into this issue and found that if you delete someone from the chat, they can still see the chat history that they were part of, but no future additions.
The problem is that it needs to be done manually, either by the one-time attendant himself or by any other member of the meeting.
What you would like is that upon closing the meeting you get prompted that guests still have access and that you need to block their access, or even better: in the creation (or changing) of an invitation you get the option to classify invitees into permanent attendees and one time guests. The last group being automatically being kicked out of the chat after the meeting.
Agree with previous comments. This is a big issue and opens our organization up to situations where the wrong information could inadvertently get shared with the wrong audience. Please fix ASAP.
Alexander Cutler commented
I agree - this is a HUGE security hole that many would miss. Many board and SMT meetings havee been running on this technology in thousands of companies, and I bet very few are aware of this dangerous loophole that suddenly means their meeting chats are nowhere near as confidential as first supposed...
As an add on, I believe User C will now ALSO have access to any files shared in the meeting which they are not entitled to, but get Read Access by being a part of the meeting (once). - David
The manual solution of going back into the Chat and removing those one time guests is fine for an advanced user. But, leadership are not advanced users and we are working the hardest to increase collaboration with Teams. This is a problem for me/us and one I consider a security gap. - David
It is very annoying, and not intuitive at all. There is no expectation that someone would retain access to the meeting chat beyond the content that was created during the meeting instance the person was attending.
Ben Florquin commented
We are having the same scenario and this is a security risk for us. The manual removal works but it's indeed easily overlooked. Can you please come with a more solid solution?
This is a big issue for us in our organization. We run a lot reoccurring meetings and there are many times where one or two people are invited for one specific instance of a meeting to present. These people can rejoin any future meetings in the series through their old invitation...Even if they're removed from the scheduling assistant and through Teams. I see how you can remove them from the meeting chat (which is manual), but any time they would try to rejoin via the old meeting invitation they're right back in the chat...
Al Collier commented
You can manually remove a user but easily overlooked. Better to set it up so that if someone is invited to a single occurrence of the meeting they are automatically removed from the chat at the end of the meeting
This looks to have been addressed. If you find the meeting in your chat history, you will see the view and add participants button in the top right hand corner with a count of participants. Clicking this will give you a popup menu with a list of people, that have been in the meeting. Click the x next to the person you wish to remove. A warning message identifies that they will see the chat history (but presumably not new messages).
I have not found a way to do this through the calendar for recurring meetings only chat history.
This is creating security risks. For example, if I invite an employee to present project status at a managers' meeting, then that employee can continue to see chat threads of future managers. meetings, where confidential information may be exposed.
Dave Field commented
@Howard, It does look like you can remove a guest, but not any user who has credentials from within the org.
Still a big hole because, let's say you have invited someone as a guest presenter, but then want to discuss their presentation on subsequent calls. This person continues to have a view on the discussion, even at times you would prefer to keep it private.
this is very annoying when I am invited to a recurring meeting, never attend, but still get chat history and unread threads that I have to clear :(
Howard Kistler commented
In addition to being a management annoyance with regular meetings, this is a potentially significant security hole. There is no indication that someone added once to an established meeting will continue to have access to all future occurrences of that meeting. Thus this could be an unmonitored window into conversations that are otherwise assumed to be secure. Take this example:
1) An organisation has a regular internal weekly meeting.
2) An external consultant is invited into the meeting once for a particular discussion.
3) This consultant now has access to all future occurrences of the meeting, potentially in an undetectable way if they audit those meetings silently.
Until this addressed, this hole significantly compromises the usability of Teams in a professional setting, and may even lead to violations of corporate, national, or international privacy regulations under some circumstances.