More Security for Teams Meetings
There is not a lot of security around team meetings internally. Right now anyone with a Team meeting Link can join in, this is problematic when any non-organisation wide meeting is held. It would be nice if a scheduled meeting was restricted to the accounts that it was scheduled for (or if extra's had to go through lobby to be invited).
Use case: The business owners want to regularly meet on teams to discuss sensitive topics and be ensured the communication stays confidential, anyone that gains access to the link in the recurring meeting will be able to join/eavesdrop.
Note: This is only an issue with meetings held on Teams, the Team Channel membership list restricts fine.
Agree with this feature. It would be very nice to have more policy options around who can attend (internal, external, individual), admit (host, by role), and how (conference) all on a meeting by meeting basis.
I like that you can restrict entry to a Calendar Meeting using the Lobby feature, and that you can assign participants as "Attendee". But you need to be able to do this when you first set the meeting up and not as a separate task after the meeting is established using the "Meeting Options".
This is a major issue, had a non internal user ***** the link for a re-occurring meeting the link is based on the name which means even if you rebuild the meeting with the same name they can join. I mentioned this to support and they said whilst its a security issue it had to go here to probably not be looked a for 5 years. So effectively we were Teams bombed a MS's response to this is to ignore the issue.I have since gone back to our staff and trained them around this new form of information phishing but as an administrator I hate leaving things to chance.
Ben Ryder commented
This is also problematic in the school setting. Students are able to forward the join link to other students who are not in their class. These students can join the meeting even though they are not members of the class 'team' or 'channel'. Students enter the meeting directly, as they are members of the organisation; there is no option to force internal users to use the lobby at present.