BIO 09.02.05 ISO A.9.2.1

Teams: Disable Meeting Chat For Anonymous Users

📅 2025-10-30

•

⏱️ 3 minuten lezen

•

🔴 Must-Have

💼 Management Samenvatting

Block anonymous users from meeting chat - voorkomt unauthenticated external participants accessing confidential meeting chat.

Aanbeveling

IMPLEMENT

Risico zonder

Medium

Risk Score

6/10

Implementatie

2u (tech: 1u)

Van toepassing op:

✓ Microsoft Teams

Anonymous meeting chat = data leakage: Anonymous users: External participants WITHOUT Microsoft account (join via link), Meeting chat: Often contains: Confidential discussion, Links to internal resources, Email addresses, phone numbers, Sensitive decisions. Anonymous access: No identity verification, No audit trail (who was anonymous user?), Data retention: Chat stored in SharePoint (anonymous content mixed with authenticated). Attack: Competitor joins as anonymous → reads confidential chat → competitive intelligence.

PowerShell Modules Vereist

Primary API: Microsoft Graph API
Connection: Connect-MicrosoftTeams
Required Modules: MicrosoftTeams

Implementatie

Block anonymous chat: Policy: AllowAnonymousUsersToJoinMeetingChat = False, Effect: Anonymous users can join meeting (audio/video) BUT NOT chat, Authenticated users: Can chat (normal), Use case: Public webinars (anonymous attendance, no chat participation).

Vereisten

Microsoft Teams
Teams meeting policy
External meetings: Guests use authenticated accounts (not anonymous)

Implementatie

Teams Admin Center → Meetings → Meeting policies → Participants & guests → Let anonymous people start a meeting: Off, Meeting chat: On for everyone except anonymous users.

Compliance

AVG Art. 32 (Access control), BIO 09.02, ISO 27001 A.9.2.1.

Monitoring

Gebruik PowerShell-script meeting-chat-no-anonymous.ps1 (functie Invoke-Monitoring) – Controleren.

Remediatie

Gebruik PowerShell-script meeting-chat-no-anonymous.ps1 (functie Invoke-Remediation) – Herstellen.

Compliance & Frameworks

BIO: 09.02.05 -
ISO 27001:2022: A.9.2.1 -

Automation

Gebruik het onderstaande PowerShell script om deze security control te monitoren en te implementeren. Het script bevat functies voor zowel monitoring (-Monitoring) als remediation (-Remediation).

PowerShell

<#
.SYNOPSIS
    Meeting Chat No Anonymous
.DESCRIPTION
    Restricts meeting chat to prevent anonymous users from participating
.NOTES
    NL Baseline v2.0
#>
#Requires -Version 5.1
#Requires -Modules MicrosoftTeams

[CmdletBinding()]
param([switch]$Monitoring)

$ErrorActionPreference = 'Stop'

Write-Host "`n========================================" -ForegroundColor Cyan
Write-Host "Meeting Chat No Anonymous" -ForegroundColor Cyan
Write-Host "========================================`n" -ForegroundColor Cyan

function Invoke-Monitoring {
    try {
        Connect-MicrosoftTeams -ErrorAction Stop
        
        $policy = Get-CsTeamsMeetingPolicy -Identity Global
        
        $result = @{
            isCompliant = ($policy.AllowMeetingChat -ne 'Enabled')
            chatSetting = $policy.AllowMeetingChat
        }
        
        Write-Host "  Meeting Chat: $($policy.AllowMeetingChat)" -ForegroundColor $(
            if ($policy.AllowMeetingChat -eq 'EnabledExceptAnonymous') { 'Green' }
            elseif ($policy.AllowMeetingChat -eq 'Disabled') { 'Green' }
            else { 'Red' }
        )
        
        Write-Host "`n  Chat Options:" -ForegroundColor Cyan
        Write-Host "    • Disabled: No meeting chat" -ForegroundColor Green
        Write-Host "    • EnabledExceptAnonymous: Chat for authenticated users only" -ForegroundColor Green
        Write-Host "    • Enabled: Chat for everyone including anonymous" -ForegroundColor Red
        
        Write-Host "`n  Security Benefits:" -ForegroundColor Cyan
        Write-Host "    • Prevents anonymous chat participation" -ForegroundColor Gray
        Write-Host "    • Reduces security risks" -ForegroundColor Gray
        Write-Host "    • Maintains meeting security" -ForegroundColor Gray
        
        Write-Host "`n  Recommended: EnabledExceptAnonymous" -ForegroundColor Gray
        
        if ($result.isCompliant) {
            Write-Host "`n[OK] COMPLIANT - Anonymous chat blocked" -ForegroundColor Green
            exit 0
        }
        else {
            Write-Host "`n[FAIL] NON-COMPLIANT - Anonymous chat allowed!" -ForegroundColor Red
            exit 1
        }
    }
    catch {
        Write-Host "ERROR: $_" -ForegroundColor Red
        exit 2
    }
}

try {
    if ($Monitoring) { Invoke-Monitoring }
    else { Write-Host "Use: -Monitoring" -ForegroundColor Yellow }
}
catch { throw }
finally {
    Write-Host "`n========================================`n" -ForegroundColor Cyan
}

function Invoke-Remediation {
    <#

    .SYNOPSIS
        Herstelt de configuratie naar de gewenste staat
    .DESCRIPTION
        Dit is een monitoring-only control, remediation delegeert naar monitoring
    #>

    [CmdletBinding()]
    param()
    
    Write-Host "[INFO] Dit is een monitoring-only control" -ForegroundColor Yellow
    Write-Host "[INFO] Running monitoring check..." -ForegroundColor Cyan
    Invoke-Monitoring
}

Risico zonder implementatie

Medium: Medium: Anonymous meeting chat = confidential data leakage (no identity verification).

Management Samenvatting

Block anonymous users from Teams meeting chat. Authenticated only. Confidential discussion protection. Implementatie: 1-2 uur.

Implementatietijd: 2 uur
FTE required: 0.01 FTE

Teams: Disable Meeting Chat For Anonymous Users

💼 Management Samenvatting

Implementatie

Vereisten

Implementatie

Compliance

Monitoring

Remediatie

Compliance & Frameworks

Automation

Risico zonder implementatie

Management Samenvatting

Share artikel