Teams会議の制御とセキュリティの強化

We are pleased to announce the following updates to provide additional controls on how Teams meetings are accessed and experienced as well as additional administration and security enhancements:

• Update default policy to enforce lobby in meetings, Roadmap ID 63388
  • Rolling out mid-April
• Assign a policy package to a batch of Teams users, Roadmap ID 63390
  • Rolling out mid-April
• Control profile picture settings in Teams, Roadmap ID 63389
  • Rolling out mid-April
• Set a default policy for “Who can present” in Teams meetings, Roadmap ID 63206
  • Rolling out early May
• Change in meeting join experience, Roadmap ID 63355
  • Rolling out end of April
• Providing privacy for participants who call in to a meeting via PSTN, Roadmap ID 63309
  • Rolling out early May

How does this affect me?

Admin options available:

1. Update default policy to enforce lobby in meetings: All existing users who are assigned the “Global” Teams meeting policy will have the lobby policy “AutoAdmittedUsers” changed to “everyoneInCompany” and “AllowPSTNUsersToBypassLobby” changed to “False”. That means, by default, a Teams meeting will have a lobby for external users joining via the Teams client or PSTN.

Previous policy settings:

New policy settings:

Meeting organizers will see the lobby enforced for their existing meetings if they have default policies and have not set the meeting options explicitly for a given meeting. Additionally, meeting organizers have the ability to define/fine-tune the lobby experience via the Meeting options feature.

1. Assign a policy package to a batch of Teams users: With batch policy package assignment, Teams admins can us the “New-CsBatchPolicyPackageAssignmentOperation” cmdlet to submit a batch of users and the policy package that they want assigned to the group.
   They can use the “Get-CsBatchPolicyAssignmentOperation” cmdlet to track the progress and status of the assignments in a batch. The assignments are processed as a background operation and an operation ID is generated for each batch.
2. Control profile picture settings in Teams: Teams Web and Desktop experience now recognizes the Outlook on the web mailbox policy setting that controls whether users can change their profile pictures. Configured by tenant admin, this policy setting helps tenants promote a safer work or school environment by preventing inappropriate content from being used in profile pictures. If the -setPhotoEnabled parameter is turned off (set to $false) in the policy, users can’t add, change, or remove their profile pictures. If users attempt to change their profile picture they will receive a message indicating that they are not allowed to.

1. Set a default policy for “Who can present” in Teams meetings: Tenant admins will be able to set a new default policy for who can present. When organizers schedule a Teams meeting, the default tenant setting is honored, unless modified in the Meeting options. The default value is se to “everyone” and can be updated via PowerShell:
   • Set-CsTeamsMeetingPolicy -Identity Global -DesignatedPresenterRoleMode”Insert Value“
   • Values: OrganizerOnlyUSerOverride, EveryoneInCompanyUserOverride, EveryoneUserOverride

User experience improvements:

1. Updated Meeting join experience for users who don’t have a meeting creation policy assigned: We are making a configuration change to better manage users joining Teams meetings. After the change is implemented:
   • Users who don’t have a meeting creation policy assigned will see a pre-join screen indicating that the meeting hasn’t started. These individuals will be automatically admitted into the meeting once a user with proper permissions joins and starts the meeting.
   • Users who have both meeting creation and meeting chat policies set as disabled can’t start a scheduled meeting and can’t chat before or after the meeting. Once the meeting has started, the user will be allowed to join and chat in the meeting.
2. Providing privacy for participants who call in to a meeting via Audio Conferencing (PSTN): In the Teams client, internal users (part of the tenant) will continue seeing full phone numbers of meeting attendees joining via Audio Conferencing. In the Teams client, external users (anonymous, federated and non-federated) will see only the first 2 and last 2 digits of the phone number of a dialed-in participant. The remaining digits will be masked.

What do I need to do to prepare?

Review the changes and assess the impact for your organization. Additionally, you may consider updating your training and documentation as appropriate.

Learn more about assigning policies to users in Microsoft Teams.