Summary
Allowing communication with unmanaged Teams users exposes your organization to potential security threats: hackers can exploit this to verify if users exist, and initiate chats for phishing attacks or social engineering. It also opens the door for unauthorized contact, bypassing organizational security measures.
Usual process:
- The attackers creates a new Teams environment to appear credible
- The attacker subscribes the victim’s email to various types of spam
- The attackers reaches out to the victim on Teams, pretending to be from a helpdesk team offering assistance with the spam issue
- The victim grants access to their computer
Setting available configurations
- Disable communication: your users cannot chat or meet with unmanaged external users.
Allow outbound communication only: your users can initiate communication, but external unmanaged users cannot.
Allow all communication (not recommended): unmanaged Teams accounts can search for users in your organization, start chats and meetings with them.
This setting can be found in your Teams admin portal > Users > External Access > Teams accounts not managed by an organization
Learn more on Teams external access