Skip to content

The 25 Microsoft Teams security checks Black Cat runs

Black Cat SSPM evaluates 25 security policies against your Microsoft Teams configuration on every scan, classifies each finding by risk, and provides remediation steps. Below is the full list, grouped by category.

access control

mediumGuest Members in Team

Review Teams guest members and remove those who no longer require access

mediumExcessive Team Owners

Reduce Teams team owners to 2-3 by demoting unnecessary owners to member role

highAnonymous Meeting Join Enabled

Disable anonymous meeting join in Teams meeting policies to prevent unauthorized attendees

mediumLobby Bypass for Everyone

Restrict Teams meeting lobby bypass to organization members or organizer only

mediumGuest Access Overly Permissive

Restrict Teams guest access permissions by disabling calling, screen sharing, and video for guests

mediumMembers Can Delete Channels

Restrict channel deletion to team owners to prevent accidental or malicious data loss

mediumMembers Can Install Apps

Restrict app installation to team owners to maintain control over third-party integrations

highGuests Can Delete Channels

Disable guest channel deletion to prevent external users from removing team channels

mediumGuests Can Create and Update Channels

Disable guest channel creation and updates to limit external user impact on team structure

mediumSingle Team Owner

Add at least one additional owner to the team to ensure administrative redundancy

highMeeting Auto-Admits Everyone

Change the auto-admit setting to require lobby screening for external and anonymous participants

mediumExternal Consumer Teams Access

Disable communication with personal Microsoft Teams consumer accounts to limit external exposure

compliance

lowMeeting Recording Disabled

Enable cloud recording in Teams meeting policies and configure retention settings

configuration

lowArchived Team

Review archived Teams and delete them if no longer needed to reduce attack surface

lowSkype for Business Interop Enabled

Disable Skype for Business interop if not required to reduce external communication surface

data exposure

highPublic Team

Change Teams team visibility from Public to Private to restrict unauthorized membership

highExternal Shared Channel

Remove or restrict external sharing on Teams channels to approved organizations only

mediumExternal Messaging Enabled

Disable or restrict external messaging capabilities in Teams messaging policies

highUnrestricted External Federation

Restrict Teams external federation to an approved domain allow list instead of all external domains

governance

lowTeam Without Description

Add a meaningful description to Teams teams that lack one to improve governance visibility

mediumLarge Team Without Moderation

Enable channel moderation and assign moderators to large Teams teams without governance controls

mediumChannel Without Moderation

Enable channel moderation and configure posting restrictions for unmoderated Teams channels

lowMessage Edit Delete Unrestricted

Restrict message editing and deletion in Teams messaging policies to preserve audit trails

third party risk

highUnapproved Third-Party App

Block or submit unapproved third-party Teams apps for organizational review and approval

mediumCustom App Sideloading

Disable custom app sideloading in Teams app setup policies to prevent unauthorized apps

See these checks run on your stack

Start a free 14-day trial — no credit card required.

Start Free Trial