So you think you’ve gone through and secured your Microsoft Teams deployment, fine-tuned all the settings, and got everything just so. But have you? Have you fully understood the People in my organisation group and who that actually includes?
In Microsoft Teams there are a number of pre-defined permission groups that are offered for us to use. The People in my organisation setting is one that you may be immediately drawn to when you are looking to, for example, restrict who is a presenter in a meeting by setting the user roles, however, this group includes more people than you realise.
Where can the People in my organisation permission be used?
Within Microsoft Teams there are various places that we can use this group.
- Meeting policies in the Microsoft Teams Admin Center
- Live Events policies in the Microsoft Teams Admin Center
- Meeting options for setting attendee permissions
As the list above demonstrates, this isn’t a per-user thing. There are settings in the Microsoft Teams Admin Center that use this setting too.
For example, until last week, Microsoft Teams by default, would admit everyone to a meeting, however, the setting has been changed to Everyone in your organisation by default now as a result of a change under https://www.microsoft.com/en-gb/microsoft-365/roadmap?filters=&filters=&searchterms=63388.
So who is included in the People in my organisation group?
Naturally, you’d assume that this group includes everyone inside your Microsoft 365 deployment, all of your users, everyone that works for your company and in a sense you are correct, however, there is more.
Have you come across the term Guest? Are you using Microsoft Teams or Microsoft 365 Groups to collaborate with third-parties and external users?
Yep, that’s right. Whenever you invite an external user such as a vendor, a contractor, or someone that you are doing business and work with to collaborate on a project together, you invite that user to join a Microsoft Team or a Microsoft 365 Group. Whenever you have done that, that user has been added to your Azure Active Directory instance as a Guest user.
If we refer to the Security Guide documentation for Microsoft Teams at https://docs.microsoft.com/en-us/microsoftteams/teams-security-guide we can clearly see that the documented definition of People in my organisation is “All in tenant users, including guests”.
So what does this mean?
For many organisations what we are presenting here isn’t an issue, however, it does need consideration.
If you have gone through the Microsoft Teams Admin Center and configured settings such as only people in your organisation will be automatically admitted to a meeting; that only people in your organisation can join a Live Event; or you are educating users on setting the Presenter permission in their meetings; this will actually be including guest users too.
The People in my organisation group obviously still excludes and limits what an anonymous user can do. The likelihood is that if someone has been trusted enough to have a Microsoft Team or a Microsoft 365 Group shared with them that they can be trusted to participate in a meeting, however, it’s good to know these things.
Microsoft Teams and anonymous users
Another area to consider how you manage permissions with Microsoft Teams will be the handling of anonymous users and the definition of that.
Once again, referring to the Microsoft Teams Security Guide at https://docs.microsoft.com/en-us/microsoftteams/teams-security-guide and also referring to https://docs.microsoft.com/en-us/microsoftteams/meeting-settings-in-teams, you should ensure that you understand the definition of anonymous, and who that will affect.
Microsoft Teams policies and governance
As we’ve shown in this article, setting up Microsoft Teams for the correct level of protection, security, and governance while maintaining user collaboration capabilities if key.
At Arcible, we can review your Microsoft Teams configuration to ensure that it’s fit for purpose to meet your security and collaboration requirements. Get in touch with us if you would like us to help you review your configuration.