Meetings global policy does not allow anonymous users in meeting chat
teams_meeting_chat_anonymous_users_disabled
Microsoft 365 Teams meeting policies restrict chat so anonymous participants cannot send or read messages.
Accepted configurations include EnabledExceptAnonymous or EnabledInMeetingOnlyForAllExceptAnonymous.
Risk
Anonymous chat enables unverified users to leak sensitive content, post phishing/malware links, and impersonate others.
This undermines confidentiality and accountability, and can disrupt meetings through spam, affecting availability and auditability.
prowler m365 --checks teams_meeting_chat_anonymous_users_disabled
Recommendation
Enforce chat for authenticated users only following least privilege.
- Block chat for anonymous users
- Use guest access with identity verification and lobby controls
- Apply DLP and link/file protection to chat
- Monitor audit logs and set retention to ensure traceability
Remediation
Set-CsTeamsMeetingPolicy -Identity Global -MeetingChatEnabledType EnabledExceptAnonymous
- Sign in to the Microsoft Teams admin center: https://admin.teams.microsoft.com
- Go to Meetings > Meeting policies
- Open Global (Org-wide default)
- Under Meeting engagement, set Meeting chat to "On for everyone but anonymous users"
- Click Save
Source Code
Resource Type
NotDefined