Over the last few days I spent time at the Future Decode event in London. One of the sessions I went to on Microsoft Teams a question was asked about security of a Team.

So I created a team which only I have access to. I know this is a bit lonely, but I called this team “One Man Band”.  Then as a different user I tried to find my One Man Band email address in my Outlook global address book. Even though my user account doesn’t have access to the team I was still able to email the team. I guess this is how groups in Office 365 have always worked, however it does mean that if you have a team that needs to be kept as confidential that the name of the team might need to not have any information stored in it.

I then took my steps a bit further and I tried emailing a channel. So as my user account that belongs to the team I collected the email address for the general channel.

 

This now gave me

General – One Man Band <9423744f.veenstra.me.uk@emea.teams.ms>

Ok, so there is an email address with a unique number supplied. Well this is a bit scary. Does this mean that any body can email that address and a message will appear in the conversation? Time to take the test.

Yes, the message appeared in my channel. I even emailed this message as an external user that didn’t have access to my team.

Having worried about this for a few minutes, I can also see nice purposes for this. I can simply publish an email address or alias and make messages form anybody appear in my Microsoft Teams installation. I wonder how long it will take before I receive message in my One Man Band team.

 

Then I found the almost invisible link, Advanced Settings. As shown above, you can restrict who can send emails to the channel.

Advertisements