Unsolicited messages are annoying at best. While we all have dealt with unwanted spam in emails frequently, recently I received a message in my Teams account which is part of my personal Office 365 tenant. I was surprised that spam is now starting to make its way in Teams so I started looking for how I can combat it effectively. I’m sharing my findings here.

With the latest release you get a notification when you receive a msg from someone external. I did get the experience. So if you don’t know an account and you receive a message from them we can decline the connection request. However, this is for admins to leave it up to the users what to do with unknown messages. This post addresses the administrative side of controlling the behavior.

Spam is a common problem in online communication platforms, and Teams is no exception. Spam messages can be annoying, distracting, and potentially harmful for your organization. They can also compromise your security and privacy, as some spam messages may contain phishing links, malware, or sensitive information.

Fortunately, Teams offers some features and settings that can help you combat spam in your chats and channels. In this blog post, we will show you how to use the teams admin center to control who can contact your organization, and how to report a security concern if you encounter any spam messages.

External users not managed by an organization

One of the sources of spam in Teams is external users who are not managed by an organization. These are users who have a personal Microsoft account that is not part of any organization’s directory. They can send you messages directly if you have enabled external access.

To prevent spam from external users, you can use the teams admin center to restrict who can contact your organization. Here are the steps to do so:

  • Sign in to the teams admin center with your global admin or teams service admin credentials.
  • Go to Users > External access.
  • Under “Teams accounts not managed by an organization” section, select one of the following options:
  • If you want to allow your users to contact unmanaged Teams users outside of your organization (i.e. a family member with personal Teams account), Turn on the “People in my organization can communicate with Teams users whose accounts aren’t managed by an organization” setting. Turn this setting off if you want to block all external communications with unmanaged Teams users.
  • If you allow outbound communications with unmanaged Teams users, another setting “external users with Teams accounts not managed by an organization can contact users in my organization” allows you to control the inbound messages. Uncheck this setting and it will block inbound messages from unmanaged Teams users.
  • Click Save.

Note that these settings apply to your entire organization, and you cannot configure them for individual users or teams. If you need more granular control, you can use the guest access settings instead.

As pointed out by Satish Upadhyaya on LinkedIn, I missed the fact that you can manage the external communications policies using the PowerShell for individual users.

Turn on user reporting to report a security concern

  • In the Teams admin center go to Messaging > Messaging policies.
  • On the Messaging policies page, verify that the Manage policies tab is selected, and do either of the following actions to edit either the Global (Org-wide) default policy or a custom policy
  • In the policy details page that opens, find the Report a security concern toggle. By default, it’s On.
  • Select Save.

This setting controls whether users are able to report messages from Teams. It works in combination with Microsoft Defender Portal. You can find more about Defender settings in this article: User reported message settings in Teams | Microsoft Learn

Once enabled, these settings work together to combat spam in Microsoft Teams. Hope it helps you as well. Cheers!