Ensure users can't send emails to a channel email address
Why This Matters
Channel email addresses in Microsoft Teams operate outside your tenant's domain, giving you no control over their security settings. If an attacker discovers a channel email address, they can send malicious emails directly to the channel, potentially exposing your organization to phishing or data leakage. Disabling this feature reduces your attack surface by removing an uncontrolled external communication vector.
What Aether365 Checks
This check verifies that the setting "Users can send emails to a channel email address" is turned Off in the Microsoft Teams admin center. It appears in the Aether365 dashboard under microsoft-365 checks as M365.2168.
How to Fix
To remediate this setting using the Microsoft Teams admin center: