Users cannot communicate with unmanaged users
teams_unmanaged_communication_disabled
Microsoft 365 Teams external access configuration for unmanaged Teams accounts is reviewed, expecting the "Teams accounts not managed by an organization" option to be Off, preventing chats with personal Microsoft accounts.
Risk
Allowing unmanaged accounts enables unsolicited contact that undermines confidentiality and integrity: attackers can enumerate users, deliver phishing or malware links, and run social-engineering leading to data exfiltration and unauthorized changes. It also fuels spam and alert fatigue.
prowler m365 --checks teams_unmanaged_communication_disabled
Recommendation
Disable communication with unmanaged Teams accounts to enforce least privilege and reduce attack surface.
If collaboration is needed, allow only outbound initiation, prefer guest access or trusted domains, apply defense in depth with DLP/link protection, and monitor external interactions.
Remediation
Set-CsTenantFederationConfiguration -AllowTeamsConsumer $false
- Sign in to the Microsoft Teams admin center
- Go to Users > External access
- Under "Teams accounts not managed by an organization", turn OFF "People in my organization can communicate with Teams users whose accounts aren't managed by an organization"
- Click Save
Source Code
Resource Type
NotDefined