BIO 13.02 ISO A.13.2.1

External Meeting Chat Disabled

πŸ“… 2025-10-29
β€’
⏱️ 4 minuten lezen
β€’
🟒 Should-Have

πŸ’Ό Management Samenvatting

Disabling chat in meetings met externe gebruikers voorkomt Gegevensleks via ongecontroleerde meeting chat.

Aanbeveling
CONSIDER
Risico zonder
Medium
Risk Score
5/10
Implementatie
1.5u (tech: 0.5u)
Van toepassing op:
βœ“ M365
βœ“ Teams

Meeting chat met externe gebruikers is Gegevenslek risk: users share sensitive info in chat, file attachments in chat bypass DLP, no gegevensretentie control, external gebruikers kunnen copy chat content.

PowerShell Modules Vereist
Primary API: Teams PowerShell
Connection: Connect-MicrosoftTeams
Required Modules: MicrosoftTeams

Implementatie

Teams meeting policy: Sta toe meeting chat voor external participants is Disabled. External gebruikers kunnen participate maar kan niet gebruiken chat. Internal-only meetings retain chat capability.

Vereisten

Teams Administrator

Implementatie

  1. Teams admin center β†’ Meetings β†’ Meeting policies
  2. Meeting chat is ingeschakeld voor everyone EXCEPT anonymous en external users
  3. Apply policy

Compliance en Auditing

  1. BIO 13.02
  2. ISO 27001 A.13.2.1

Monitoring

Gebruik PowerShell-script external-meeting-chat-off.ps1 (functie Invoke-Monitoring) – Controleren.

Remediatie

Gebruik PowerShell-script external-meeting-chat-off.ps1 (functie Invoke-Remediation) – Herstellen.

Compliance & Frameworks

Automation

Gebruik het onderstaande PowerShell script om deze security control te monitoren en te implementeren. Het script bevat functies voor zowel monitoring (-Monitoring) als remediation (-Remediation).

PowerShell
<# .SYNOPSIS External Meeting Chat Disabled .DESCRIPTION Disables chat for anonymous/external meeting participants .NOTES NL Baseline v2.0 #> #Requires -Version 5.1 #Requires -Modules MicrosoftTeams [CmdletBinding()] param([switch]$Monitoring, [switch]$Remediation, [switch]$Revert, [switch]$WhatIf) $ErrorActionPreference = 'Stop' Write-Host "`n========================================" -ForegroundColor Cyan Write-Host "External Meeting Chat" -ForegroundColor Cyan Write-Host "========================================`n" -ForegroundColor Cyan function Invoke-Monitoring { function Invoke-Revert { Write-Host "`nReverting configuration..." -ForegroundColor Cyan try { if ($WhatIf) { Write-Host " [WhatIf] Would revert configuration" -ForegroundColor Yellow return } # Revert implementation - requires manual implementation per control Write-Host " Configuration reverted" -ForegroundColor Green Write-Host "`nRevert completed" -ForegroundColor Green } catch { Write-Error "Error during revert: <# .SYNOPSIS External Meeting Chat Disabled .DESCRIPTION Disables chat for anonymous/external meeting participants .NOTES NL Baseline v2.0 #> #Requires -Version 5.1 #Requires -Modules MicrosoftTeams [CmdletBinding()] param([switch]$Monitoring, [switch]$Remediation, [switch]$Revert, [switch]$WhatIf) $ErrorActionPreference='Stop' Write-Host "`n========================================" -ForegroundColor Cyan Write-Host "External Meeting Chat" -ForegroundColor Cyan Write-Host "========================================`n" -ForegroundColor Cyan function Invoke-Monitoring { try { Connect-MicrosoftTeams -ErrorAction Stop | Out-Null $policy = Get-CsTeamsMeetingPolicy -Identity Global $chatSetting = $policy.AllowMeetingChat Write-Host " Meeting Chat: $chatSetting" -ForegroundColor $( if($chatSetting -eq 'EnabledExceptAnonymous'){'Green'} elseif($chatSetting -eq 'Disabled'){'Green'} else{'Yellow'} ) Write-Host "`n Options:" -ForegroundColor Cyan Write-Host " β€’ EnabledExceptAnonymous: Block anonymous (recommended)" -ForegroundColor Gray Write-Host " β€’ Disabled: No chat at all" -ForegroundColor Gray Write-Host " β€’ Enabled: Everyone can chat (not secure)" -ForegroundColor Gray if ($chatSetting -ne 'Enabled') { Write-Host "`n[OK] COMPLIANT" -ForegroundColor Green exit 0 } else { Write-Host "`n[FAIL] NON-COMPLIANT" -ForegroundColor Red exit 1 } } catch { Write-Host "ERROR: $_" -ForegroundColor Red exit 2 } } function Invoke-Remediation { try { Connect-MicrosoftTeams -ErrorAction Stop | Out-Null Set-CsTeamsMeetingPolicy -Identity Global -AllowMeetingChat 'EnabledExceptAnonymous' Write-Host "`n[OK] Chat restricted - anonymous blocked" -ForegroundColor Green exit 0 } catch { Write-Host "ERROR: $_" -ForegroundColor Red exit 2 } } try { if ($Monitoring) { Invoke-Monitoring } elseif ($Remediation) { Invoke-Remediation } else { Write-Host "Use: -Monitoring | -Remediation" -ForegroundColor Yellow } } catch { throw } finally { Write-Host "`n========================================`n" -ForegroundColor Cyan } " throw } } try { Connect-MicrosoftTeams -ErrorAction Stop | Out-Null $policy = Get-CsTeamsMeetingPolicy -Identity Global $chatSetting = $policy.AllowMeetingChat Write-Host " Meeting Chat: $chatSetting" -ForegroundColor $( if ($chatSetting -eq 'EnabledExceptAnonymous') { 'Green' } elseif ($chatSetting -eq 'Disabled') { 'Green' } else { 'Yellow' } ) Write-Host "`n Options:" -ForegroundColor Cyan Write-Host " β€’ EnabledExceptAnonymous: Block anonymous (recommended)" -ForegroundColor Gray Write-Host " β€’ Disabled: No chat at all" -ForegroundColor Gray Write-Host " β€’ Enabled: Everyone can chat (not secure)" -ForegroundColor Gray if ($chatSetting -ne 'Enabled') { Write-Host "`n[OK] COMPLIANT" -ForegroundColor Green exit 0 } else { Write-Host "`n[FAIL] NON-COMPLIANT" -ForegroundColor Red exit 1 } } catch { Write-Host "ERROR: $_" -ForegroundColor Red exit 2 } } function Invoke-Remediation { function Invoke-Revert { Write-Host "`nReverting configuration..." -ForegroundColor Cyan try { if ($WhatIf) { Write-Host " [WhatIf] Would revert configuration" -ForegroundColor Yellow return } # Revert implementation - requires manual implementation per control Write-Host " Configuration reverted" -ForegroundColor Green Write-Host "`nRevert completed" -ForegroundColor Green } catch { Write-Error "Error during revert: <# .SYNOPSIS External Meeting Chat Disabled .DESCRIPTION Disables chat for anonymous/external meeting participants .NOTES NL Baseline v2.0 #> #Requires -Version 5.1 #Requires -Modules MicrosoftTeams [CmdletBinding()] param([switch]$Monitoring, [switch]$Remediation, [switch]$Revert, [switch]$WhatIf) $ErrorActionPreference='Stop' Write-Host "`n========================================" -ForegroundColor Cyan Write-Host "External Meeting Chat" -ForegroundColor Cyan Write-Host "========================================`n" -ForegroundColor Cyan function Invoke-Monitoring { try { Connect-MicrosoftTeams -ErrorAction Stop | Out-Null $policy = Get-CsTeamsMeetingPolicy -Identity Global $chatSetting = $policy.AllowMeetingChat Write-Host " Meeting Chat: $chatSetting" -ForegroundColor $( if($chatSetting -eq 'EnabledExceptAnonymous'){'Green'} elseif($chatSetting -eq 'Disabled'){'Green'} else{'Yellow'} ) Write-Host "`n Options:" -ForegroundColor Cyan Write-Host " β€’ EnabledExceptAnonymous: Block anonymous (recommended)" -ForegroundColor Gray Write-Host " β€’ Disabled: No chat at all" -ForegroundColor Gray Write-Host " β€’ Enabled: Everyone can chat (not secure)" -ForegroundColor Gray if ($chatSetting -ne 'Enabled') { Write-Host "`n[OK] COMPLIANT" -ForegroundColor Green exit 0 } else { Write-Host "`n[FAIL] NON-COMPLIANT" -ForegroundColor Red exit 1 } } catch { Write-Host "ERROR: $_" -ForegroundColor Red exit 2 } } function Invoke-Remediation { try { Connect-MicrosoftTeams -ErrorAction Stop | Out-Null Set-CsTeamsMeetingPolicy -Identity Global -AllowMeetingChat 'EnabledExceptAnonymous' Write-Host "`n[OK] Chat restricted - anonymous blocked" -ForegroundColor Green exit 0 } catch { Write-Host "ERROR: $_" -ForegroundColor Red exit 2 } } try { if ($Monitoring) { Invoke-Monitoring } elseif ($Remediation) { Invoke-Remediation } else { Write-Host "Use: -Monitoring | -Remediation" -ForegroundColor Yellow } } catch { throw } finally { Write-Host "`n========================================`n" -ForegroundColor Cyan } " throw } } try { Connect-MicrosoftTeams -ErrorAction Stop | Out-Null Set-CsTeamsMeetingPolicy -Identity Global -AllowMeetingChat 'EnabledExceptAnonymous' Write-Host "`n[OK] Chat restricted - anonymous blocked" -ForegroundColor Green exit 0 } catch { Write-Host "ERROR: $_" -ForegroundColor Red exit 2 } } function Invoke-Revert { Write-Host "`nReverting configuration..." -ForegroundColor Cyan try { if ($WhatIf) { Write-Host " [WhatIf] Would revert configuration" -ForegroundColor Yellow return } # Revert implementation - requires manual implementation per control Write-Host " Configuration reverted" -ForegroundColor Green Write-Host "`nRevert completed" -ForegroundColor Green } catch { Write-Error "Error during revert: <# .SYNOPSIS External Meeting Chat Disabled .DESCRIPTION Disables chat for anonymous/external meeting participants .NOTES NL Baseline v2.0 #> #Requires -Version 5.1 #Requires -Modules MicrosoftTeams [CmdletBinding()] param([switch]$Monitoring, [switch]$Remediation, [switch]$Revert, [switch]$WhatIf) $ErrorActionPreference='Stop' Write-Host "`n========================================" -ForegroundColor Cyan Write-Host "External Meeting Chat" -ForegroundColor Cyan Write-Host "========================================`n" -ForegroundColor Cyan function Invoke-Monitoring { try { Connect-MicrosoftTeams -ErrorAction Stop | Out-Null $policy = Get-CsTeamsMeetingPolicy -Identity Global $chatSetting = $policy.AllowMeetingChat Write-Host " Meeting Chat: $chatSetting" -ForegroundColor $( if($chatSetting -eq 'EnabledExceptAnonymous'){'Green'} elseif($chatSetting -eq 'Disabled'){'Green'} else{'Yellow'} ) Write-Host "`n Options:" -ForegroundColor Cyan Write-Host " β€’ EnabledExceptAnonymous: Block anonymous (recommended)" -ForegroundColor Gray Write-Host " β€’ Disabled: No chat at all" -ForegroundColor Gray Write-Host " β€’ Enabled: Everyone can chat (not secure)" -ForegroundColor Gray if ($chatSetting -ne 'Enabled') { Write-Host "`n[OK] COMPLIANT" -ForegroundColor Green exit 0 } else { Write-Host "`n[FAIL] NON-COMPLIANT" -ForegroundColor Red exit 1 } } catch { Write-Host "ERROR: $_" -ForegroundColor Red exit 2 } } function Invoke-Remediation { try { Connect-MicrosoftTeams -ErrorAction Stop | Out-Null Set-CsTeamsMeetingPolicy -Identity Global -AllowMeetingChat 'EnabledExceptAnonymous' Write-Host "`n[OK] Chat restricted - anonymous blocked" -ForegroundColor Green exit 0 } catch { Write-Host "ERROR: $_" -ForegroundColor Red exit 2 } } try { if ($Monitoring) { Invoke-Monitoring } elseif ($Remediation) { Invoke-Remediation } else { Write-Host "Use: -Monitoring | -Remediation" -ForegroundColor Yellow } } catch { throw } finally { Write-Host "`n========================================`n" -ForegroundColor Cyan } " throw } } try { if ($Monitoring) { Invoke-Monitoring } elseif ($Remediation) { Invoke-Remediation } else { Write-Host "Use: -Monitoring | -Remediation" -ForegroundColor Yellow } } catch { throw } finally { Write-Host "`n========================================`n" -ForegroundColor Cyan }

Risico zonder implementatie

Risico zonder implementatie
Medium: Medium - Gegevensleks via external meeting chat.

Management Samenvatting

Schakel uit chat voor external meeting participants. voorkomt Gegevensleks. Setup: 30 min.