Teams baselines: create a new baseline to restrict tenant users joining externally organized meetings and update ScubaGear to check the new policy #1540
Assignees
Labels
baseline-document
Issues relating to the text in the baseline documents themselves
enhancement
This issue or pull request will add new or improve existing functionality
Milestone
Comments
nanda-katikaneni
added
baseline-document
1 task
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
🐛 Summary
Based on a review/testing of Microsoft 365 Team's new functionality (as documented in #1320, it is to allow Teams administrators to restrict tenant users joining externally organized meetings) - requires a adding an additional Meeting Policy guidance to Teams SCB's. Update the Teams baseline document to add a new policy as defined below.
MS.TEAMS.1.8v1: Tenant users SHOULD be restricted in joining externally organized Teams meetings - they SHOULD be allowed to only meetings organized by 'People in Trusted Organizations'.
Update the Teams baselines with appropriate rationale and implementation steps (use #1320 as reference).
Update the Rego code for the Teams to support the new policy as defined above along with unit tests, functional tests and any other depedendent modules.
To reproduce
This is a new configuration support added by Microsoft for the Teams administrators. Under the Teams Admin Center -> Meetings -> Meeting Policies, administrators can add/update meeting policies. To use the new features, access the "Global (Org-wide default)" policy. Under the "Meeting join & lobby" section, look for a new config parameter: "People can join external meetings organized by:" - by default it is configued to the option of "Anyone".
Since tenant users joining external meetings organized by "Anyone" can expose organizations to potential data leaks, the new policy advices this config option to be changed to "Only people in trusted orgs".
Expected behavior
After the implementation, the baseline document for Teams should have a new policy with an id MS.TEAMS.1.8v1 with appropriate description, rationale, implementation steps etc. The ScubaGear code should produce a results report that include the new MS.TEAMS.1.8.v1 policy with pass/fail based on the tenant config.
The policy would be a pass If the tenant is configured with following config:
Global Meeting Policy is configured with "People can join external meetings organized by:" assigned to either "Only people in trusted orgs" or "No one".
The policy would be a pass If the tenant is configured with following config:
Global Meeting Policy is configured with "People can join external meetings organized by:" assigned to "Anyone".
Add any screenshots of the problem here.
The text was updated successfully, but these errors were encountered: