Over the last few days I spent time at the Future Decode event in London. One of the sessions I went to on Microsoft Teams a question was asked about security of a Team.

So I created a team which only I have access to. I know this is a bit lonely, but I called this team “One Man Band”.  Then as a different user I tried to find my One Man Band email address in my Outlook global address book. Even though my user account doesn’t have access to the team I was still able to email the team. I guess this is how groups in Office 365 have always worked, however it does mean that if you have a team that needs to be kept as confidential that the name of the team might need to not have any information stored in it.

I then took my steps a bit further and I tried emailing a channel. So as my user account that belongs to the team I collected the email address for the general channel.

 

Microsoft Teams - be careful with email links to channels! Microsoft Office 365, Microsoft Teams getemailaddres

This now gave me

General – One Man Band <9423744f.veenstra.me.uk@emea.teams.ms>

Ok, so there is an email address with a unique number supplied. Well this is a bit scary. Does this mean that any body can email that address and a message will appear in the conversation? Time to take the test.

Microsoft Teams - be careful with email links to channels! Microsoft Office 365, Microsoft Teams conversation

Yes, the message appeared in my channel. I even emailed this message as an external user that didn’t have access to my team.

Having worried about this for a few minutes, I can also see nice purposes for this. I can simply publish an email address or alias and make messages form anybody appear in my Microsoft Teams installation. I wonder how long it will take before I receive message in my One Man Band team.

 

Microsoft Teams - be careful with email links to channels! Microsoft Office 365, Microsoft Teams advanced

Then I found the almost invisible link, Advanced Settings. As shown above, you can restrict who can send emails to the channel.

Avatar for Pieter Veenstra

By Pieter Veenstra

Business Applications Microsoft MVP working as a Principal Architect at HybrIT Services Ltd. You can contact me using contact@sharepains.com

9 thoughts on “Microsoft Teams – be careful with email links to channels!”
  1. I was looking for something a little different today about links for videos used on premises when I saw your post (collab365) this is very helpful information. Thanks for sharing

  2. Hi, this is really nice feature. But how can I take email of channel id programmatically? May be using Graph APIS? Or how this random no is generated for email? Any idea / suggestions will be great help.

  3. Under Advanced settings, I don’t see the option
    Anyone can send emails to this address… Any idea on how to get this option i need external users to send email to channels.

    1. Hi Jean,

      You only get the option when you go to the channel.

      Then in the title there are the 3 dots next to the channel name. That is where you have to select the Get email address. Then in the dialog there you will see the advanced settings link.

      1. Hi Pieter,
        Yes, i get that, after i click on the advanced settings link i only get to see two options
        Only members of this team and
        only emails sent from these domains – and not the first option “Anyone can send emails to this address ” is missing.
        Is this because of the admin set the option to send emails from these domains?

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Discover more from SharePains by Microsoft MVP Pieter Veenstra

Subscribe now to keep reading and get access to the full archive.

Continue Reading