How do we mitigate Microsoft Teams information security risks when using Microsoft Teams guest access for external parties?

When collaborating with users external to your organization, it’s important to understand the difference between external access and guest External access is granted at the domain level, between organizations. If organizations A and B have external access enabled between them, any Teams user in A can find, contact, and set up meetings with any other Teams user in B, and vice versa. Note, external access does not grant access to Teams collaboration areas. To grant access to Teams collaboration areas, guest access must be granted at the individual level by adding the guest’s email account to the specific Team where they can then access shared files and collaborate. Note, guests cannot access an organization’s ODFB environment, create/modify teams, or upload files in 1-1 chats.

To protect your sensitive information, you need to have a strategy for collaborating securely with external users. These external sharing recommendations will get you started on the right foot:

• Collaboration: Enable external sharing by default and disable based on classification.
• Domains: Limit domains as required.
• Educate: Educate your users on how to share and what to share.
• Anyone Links: Use DLP to prevent the creation of “anyone” links for sensitive SharePoint and OneDrive for Business documents.
• Audit: Make security audits part of your governance process.