Implementing Security Policy for Contractors in Microsoft Teams

BE.

To meet the security policy requirement of preventing external contractors from creating and updating channels in Microsoft Teams, the following two actions can be taken:

B. Configure the Guest Access settings in the Microsoft Teams admin center: The first action that needs to be taken is to configure the guest access settings in the Microsoft Teams admin center. This can be done by following these steps:

1. Log in to the Microsoft Teams admin center using an account that has admin rights.
2. In the left navigation pane, select "Org-wide settings" and then "Guest access."
3. In the Guest access pane, you will find the option to control the ability of guests to create, update, and delete channels. Set the "Create and update channels" option to "Only owners can create and update channels" to prevent external contractors from creating and updating channels.

E. Run the Get-Team and Set-Team PowerShell cmdlets: The second action that needs to be taken is to run the Get-Team and Set-Team PowerShell cmdlets. These cmdlets can be used to modify the settings of the Teams created for each department. Specifically, the following steps can be taken:

1. Open PowerShell and connect to your Microsoft 365 tenant using the Connect-MicrosoftTeams cmdlet.
2. Use the Get-Team cmdlet to retrieve the settings for the Teams created for each department.
3. Use the Set-Team cmdlet to modify the settings for each Team to prevent external contractors from creating and updating channels. Specifically, set the "AllowCreateUpdateChannels" parameter to $false for each Team.

A, C, and D are not relevant actions to meet the security policy requirement. The Get-AzureADGroup and Set-AzureADGroup PowerShell cmdlets are used to manage Azure Active Directory groups and are not relevant to Teams security settings. Modifying the default Meeting policy and Meeting settings will not affect the ability of external contractors to create or update channels.