Over the last few days I spent time at the Future Decode event in London. One of the sessions I went to on Microsoft Teams a question was asked about security of a Team.
So I created a team which only I have access to. I know this is a bit lonely, but I called this team “One Man Band”. Then as a different user I tried to find my One Man Band email address in my Outlook global address book. Even though my user account doesn’t have access to the team I was still able to email the team. I guess this is how groups in Office 365 have always worked, however it does mean that if you have a team that needs to be kept as confidential that the name of the team might need to not have any information stored in it.
I then took my steps a bit further and I tried emailing a channel. So as my user account that belongs to the team I collected the email address for the general channel.
This now gave me
General – One Man Band <9423744f.veenstra.me.uk@emea.teams.ms>
Ok, so there is an email address with a unique number supplied. Well this is a bit scary. Does this mean that any body can email that address and a message will appear in the conversation? Time to take the test.
Yes, the message appeared in my channel. I even emailed this message as an external user that didn’t have access to my team.
Having worried about this for a few minutes, I can also see nice purposes for this. I can simply publish an email address or alias and make messages form anybody appear in my Microsoft Teams installation. I wonder how long it will take before I receive message in my One Man Band team.
Then I found the almost invisible link, Advanced Settings. As shown above, you can restrict who can send emails to the channel.
[…] https://veenstra.me.uk/2017/11/02/microsoft-teams-be-careful-with-email-links-to-channels […]
I was looking for something a little different today about links for videos used on premises when I saw your post (collab365) this is very helpful information. Thanks for sharing
Hi Cindy, I’m glad it helped you!
Hi, this is really nice feature. But how can I take email of channel id programmatically? May be using Graph APIS? Or how this random no is generated for email? Any idea / suggestions will be great help.
Hi Prasham, As far as I know there isn’t a way to get this. the Teams API is still fairly limited
Under Advanced settings, I don’t see the option
Anyone can send emails to this address… Any idea on how to get this option i need external users to send email to channels.
Hi Jean,
You only get the option when you go to the channel.
Then in the title there are the 3 dots next to the channel name. That is where you have to select the Get email address. Then in the dialog there you will see the advanced settings link.
Hi Pieter,
Yes, i get that, after i click on the advanced settings link i only get to see two options
Only members of this team and
only emails sent from these domains – and not the first option “Anyone can send emails to this address ” is missing.
Is this because of the admin set the option to send emails from these domains?
Yes, this could indeed be affected by a global setting.