Over the last few days I spent time at the Future Decode event in London. One of the sessions I went to on Microsoft Teams a question was asked about security of a Team.
So I created a team which only I have access to. I know this is a bit lonely, but I called this team “One Man Band”. Then as a different user I tried to find my One Man Band email address in my Outlook global address book. Even though my user account doesn’t have access to the team I was still able to email the team. I guess this is how groups in Office 365 have always worked, however it does mean that if you have a team that needs to be kept as confidential that the name of the team might need to not have any information stored in it.
I then took my steps a bit further and I tried emailing a channel. So as my user account that belongs to the team I collected the email address for the general channel.
This now gave me
General – One Man Band <firstname.lastname@example.org>
Ok, so there is an email address with a unique number supplied. Well this is a bit scary. Does this mean that any body can email that address and a message will appear in the conversation? Time to take the test.
Yes, the message appeared in my channel. I even emailed this message as an external user that didn’t have access to my team.
Having worried about this for a few minutes, I can also see nice purposes for this. I can simply publish an email address or alias and make messages form anybody appear in my Microsoft Teams installation. I wonder how long it will take before I receive message in my One Man Band team.
Then I found the almost invisible link, Advanced Settings. As shown above, you can restrict who can send emails to the channel.