How to prevent users from becoming Guests in an external Office 365 Tenant.
How to block your users from joining other external Tenants as Guests
Microsoft Teams is without any doubt a key asset for corporate communications at this time. To improve collaboration Microsoft offers the ability to add an external user as a guest in the external tenant.
This increases productivity but on the other hand can pose new risks especially when your users are guests in other tenants and at that point are not subjected to the policies of your company.
The guest option is actually a loophole in compliance and governance of a company that must be addressed.
Scenario: An internal user (let’s call him “employee”) joins an external Tenant (another company) as a Guest.
The risk associated with this scenario is enormous. For instance, as mentioned in this article Microsoft DLP policies won’t apply, which can mean data leaks without any prevention.
Another example is that companies might disable some capabilities in Teams for compliance reasons like file sharing. These policies will not apply when your users are guests in other tenants.
The problem was also reported in Microsoft Uservoice
How to solve it
SphereShield Ethical Wall for Microsoft Teams offers such ability as part of the Teams governance / Ethical wall capabilities. By setting a rule the administrator can just block all or a specific group of employees from communicating in any form with an external tenant.
In addition it can set unlimited rules controlling communications between users (or groups) and internal users, groups or external users (or domains).
SphereShield also offers the ability to prevent users joining meetings anonymously