When searching in teams, all user accounts even service accounts) show as available users, even though none of them have a teams license
Currently in Teams, if you search to add someone to your contacts, it will return EVERY account in AD, whether it has a license or not. For instance, service accounts and other accounts that do not have any licenses show up. If you are on the mobile phone app, you might get a message that says they don't have a license, but not always, and in the web version and the Teams desktop app, there is no indication that these accounts are not available for Teams. This is a problem for multiple reasons, but mostly it's a problem with users who might share documents or chats with someone that should not have access to that information (least privilege). If we set up a Team site/channel for IT or the Board of Directors or other sensitive groups for them to more easily communicate and share documents, we don't want there to be any indication that anyone else may or may not be able to see these things. We have outside and guest access turned off and all users who are not in those teams do not have the license turned on, so why are they still showing up? And why is it that, at least in the phone app, it gives you the indication that the user is not licensed, but the desktop app and web interface do not? I get that some places want this feature, but we would rather not have the feature. Why are there no instructions for this?
Mårtin W commented
Hiding users from GAL is no option, because this causes much other trouble (like sending issues by sending on behalf of shared mailboxes using outlook)
john tullo commented
I've submitted a DCR and Msft has said that the envisioned solution will prevent end users from sending the message itself to an entity that is not enabled for Teams. The ideal solution is still under review with their backend engineering team.