Ensure external Teams users cannot initiate conversations

Why This Matters

Allowing external Teams users to initiate conversations increases the risk of phishing, social engineering, and data leakage. Without this control, external parties can directly message your users, bypassing your security gate and potentially tricking employees into sharing sensitive information. By blocking these initiation requests, you maintain authority over who can contact your organization’s Teams members.

What Aether365 Checks

This check verifies that your Teams external access policy prevents external users from starting conversations with users inside your organization. In the Aether365 dashboard, under microsoft-365 checks, this control appears as CIS.M365.8.2.3 and flags any configuration that permits unsolicited external chat.