Ensure external Teams users cannot initiate conversations
Why This Matters
Unauthenticated external users with free or trial Microsoft Teams accounts can initiate conversations with your organization's users, creating a direct vector for social engineering, phishing, and malware delivery. Threat actors have exploited this channel to deliver DarkGate malware, conduct targeted attacks by Midnight Blizzard, and perform username enumeration through GIFShell techniques. Disabling this setting prevents unmanaged external users from starting conversations, reducing your attack surface against these real-world threats.
What Aether365 Checks
This check verifies that the setting "External users with Teams accounts not managed by an organization can contact users in my organization" is unchecked in the Teams admin center. It appears in the Aether365 dashboard under Microsoft 365 compliance checks and is part of the CIS Microsoft 365 Foundations Benchmark.