Published Jan 17, 2024
Microsoft Teams will soon allow tenant admins to control whether some users in their organizations can join any externally hosted Teams meetings. This feature can be used to protect potential data exfiltration from specific user groups within an organization. The rollout will begin in early February 2024 and is expected to complete by late April 2024. Users will be limited based on the policy configuration set by the tenant admins. Admins should prepare to identify the users (or groups) in their organization who may need to be regulated in terms of the external hosted meetings that they should be allowed (or prevented) to join.
Updated April 15, 2024: We have updated the rollout timeline below. Thank you for your patience.
This feature enables tenant admins to control whether some users in their organizations can join any externally hosted Microsoft Teams meetings. When these regulated users are signed in on their Teams clients, their ability to join an externally hosted meeting will be limited based on the policy configuration. This capability can be used by the tenant admins to protect potential data exfiltration from specific user groups within their organization.
This message is associated with Microsoft 365 Roadmap ID 187230
When this will happen:
We will begin rolling out early February 2024 and expect to complete by late April 2024 (previously late March).
How this will affect your organization:
Currently, Teams for work (or school) users can join any externally hosted Teams meetings. Whether they join these externally hosted meetings anonymously or with their signed in work (or school) credentials is determined by the external access configuration set by the tenant admins.
After this capability is launched, this configuration will provide an added layer of protection and regulate whether or not the users can join externally hosted meetings while using the Teams desktop app or web client. This new policy – “People can join meetings hosted by” – allows users to be able to join these meetings with the following behavior:
Note: This retains all currently available behavior for Teams meetings.
a) People and guests in their current org
b) People in the orgs that are set for trusted external access
a) People and guests in their current org
Note: This disables the ability to join any externally hosted Teams meeting.
What you need to do to prepare:
You should prepare to identify the users (or groups) in your organization who may need to be regulated in terms of the external hosted meetings that they should be allowed (or prevented) to join.
Some key callouts:
1. Meetings hosted in non-trusted orgs: If an external org with whom the external access trust is not configured hosts a Teams meeting, then, today, users are presented only with an anonymous option to join the meeting. If this new policy is set to “People and guests in my org only” or “People and guests in my org, and trusted orgs” then users won’t be allowed to join such a meeting with any option.
2. Meetings hosted in trusted orgs: If an external org with whom the external access trust is configured hosts a Teams meeting, then, today, users can join the meeting with their current org’s Teams account. If this new policy is set to “People and guests in my org only” for the specific user then the user won’t be allowed to join the externally hosted meeting using their signed-in Teams client.