Skip to content

Commit

Permalink
Merge pull request #16069 from MicrosoftDocs/wlibebe-nov-freshness-2
Browse files Browse the repository at this point in the history 
Wlibebe nov freshness 2
  • Loading branch information
@padmagit77
padmagit77 authored Nov 19, 2024
2 parents 64b4f3e + 55609cc commit fed5833
Show file tree
Hide file tree
Showing 7 changed files with 95 additions and 116 deletions.
34 changes: 19 additions & 15 deletions Teams/configure-lobby-sensitive-meetings.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ manager: pamgreen
ms.topic: article
ms.service: msteams
ms.reviewer: vivek.mohan
ms.date: 12/11/2023
ms.date: 11/12/2024
audience: admin
ms.localizationpriority: medium
f1.keywords:
Expand All @@ -25,11 +25,11 @@ description: Learn how to configure the Teams meeting lobby to enhance security

[!INCLUDE[Teams Premium ECM](includes/teams-premium-ecm.md)]

The meeting lobby is a tool that you can use to help ensure that inappropriate people aren't admitted to meetings. By holding different types of participants in the lobby, meeting organizers can vet them and make sure it's appropriate for them to attend the meeting.
The meeting lobby is a tool that you can use to help ensure that inappropriate people aren't admitted to meetings. Holding different types of participants in the lobby allows meeting organizers to make sure it's appropriate for them to attend the meeting.

By default, people in your organization and [guests](guest-access.md) are admitted to meetings directly and participants from [trusted organizations](/microsoftteams/trusted-organizations-external-meetings-chat?tabs=organization-settings#specify-trusted-microsoft-365-organizations) and [anonymous participants](anonymous-users-in-meetings.md) must wait in the lobby to be admitted by a meeting organizer. Meeting organizers can change this default setting for each meeting they create.
By default, people in your organization and [guests](guest-access.md) are admitted to meetings directly. Participants from [trusted organizations](/microsoftteams/trusted-organizations-external-meetings-chat?tabs=organization-settings#specify-trusted-microsoft-365-organizations) and [anonymous participants](anonymous-users-in-meetings.md) must wait in the lobby until a meeting organizer admits them. Meeting organizers can change this default setting for each meeting they create.

The lobby and other related settings can be controlled by the Teams Administrator by using meeting policies, meeting templates, and sensitivity labels to customize the experience for different users and different types of meetings.
Meeting policies in the Teams admin center, meeting templates, and sensitivity labels to customize the lobby experience for different users and different types of meetings.

The following table lists features that you can use to help manage the lobby experience for your organization and where to configure them.

Expand All @@ -49,33 +49,37 @@ For information about how to use templates and sensitivity labels to configure m
## Lobby settings for different types of meetings

### Who can admit from lobby

The following settings are available for **Who can admit from lobby**:

- Organizers and presenters
- Organizers, co-organizers, and presenters
- Organizers and co-organizers

To manage who can bring participants from the lobby into the meeting or webinar, you should consider using this per-organizer policy for sensitive meetings. When set to it's default value of **Organizers and presenters**, only organizers and presenters can admit participants into the meeting from the lobby. This policy sets a default that your organizers can change through their **Meeting options**.
To manage who can bring participants from the lobby into the meeting or webinar, you should consider using this per-organizer policy for sensitive meetings. When set to the default value of **Organizers, co-organizers, and presenters**, only organizers, co-organizers, and presenters can admit participants into the meeting from the lobby. This policy sets a default that your organizers can change through their **Meeting options**.

### Who can bypass the lobby

The following settings are available for **Who can bypass the lobby**:

- Everyone
- People in my org, trusted orgs, and guests
- People in my org and guests
- People in my org, trusted orgs, and guests
- People in my org
- People who were invited
- Only organizers and co-organizers
- People who were invited

This per-organizer policy controls who can bring participants from the lobby into the meeting or webinar. When set to it's default value of **Organizers and presenters**, only organizers and presenters can admit participants into the meeting from the lobby. This policy sets a default that your organizers can change through their **Meeting options**.
This per-organizer policy controls who can bypass the lobby into the meeting or webinar. When set to the default value of **People in my org and guests**, only people in my org and guests can bypass lobby. This policy sets a default that your organizers can change through their **Meeting options**.

An additional setting, **People dialing in can bypass the lobby**, controls if people calling in by phone can bypass the lobby.
Another setting, **People dialing in can bypass the lobby**, controls if people calling in by phone can bypass the lobby.

While the meeting organizer normally chooses which setting to use for each meeting, you can enforce a particular setting using either a meeting template or a sensitivity label.

If your organization requires that certain types of meetings not be attended by people outside the organization, consider a meeting template that only allows people in your organization to bypass the lobby. This ensures that people outside the organization who were accidentally invited or sent a meeting link can't join the meeting directly.
If your organization needs to restrict certain meetings to internal participants only, you could use a meeting template that allows only people in your organization to bypass the lobby. This option ensures that people outside the organization who were accidentally invited or sent a meeting link can't join the meeting directly.

If your organization has meetings where highly sensitive information is shared and you need to be sure that only certain people attend, consider using a meeting template or sensitivity label that only allows meeting organizers to bypass the lobby. This ensures that organizers can vet each incoming participant to make sure they should be in the meeting. This also prevents the meeting from starting until an organizer joins.
For meetings with highly sensitive information, you could use a meeting template or sensitivity label that allows only meeting organizers to bypass the lobby. This option allows organizers to vet participants and ensures the meeting doesn't start until an organizer joins.

For sensitive meetings in general, consider using the **People who were invited** option. This ensures that people who don't have either a direct or forwarded meeting invite go through the lobby. (The meeting organizer can also prevent forwarding when they create the meeting.)
For sensitive meetings in general, consider using the **People who were invited** option. This option ensures that people who don't have either a direct or forwarded meeting invite go through the lobby. (The meeting organizer can also prevent forwarding when they create the meeting.)

For more information about the meeting lobby, see [Control who can bypass the meeting lobby in Microsoft Teams](who-can-bypass-meeting-lobby.md).

Expand All @@ -85,7 +89,7 @@ For information about using meeting templates and sensitivity labels together, s

By default, attendees who are dialing in by phone go through the lobby. Administrators can change this default with the **People dialing in can bypass the lobby** admin meeting policy. If you want to enforce this setting to be on or off, you must use a meeting template or sensitivity label.

If there are circumstances where you want to allow callers to bypass the lobby, meeting organizers can control this setting, or you can enforce it through a meeting template or sensitivity label.
If you want to allow callers to bypass the lobby, meeting organizers can control this setting, or you can enforce it through a meeting template or sensitivity label.

#### Join and leave notifications

Expand All @@ -95,7 +99,7 @@ Meeting organizers have the option of having attendees calling in by phone annou

Unless you allow everyone to bypass the lobby, anonymous participants must go through the lobby to attend the meeting. Meeting organizers can then decide if these participants should be admitted.

If your organization doesn't allow anonymous participants to join meetings at all, you can turn off the **Anonymous users can join a meeting** policy in the Teams admin center. If you have certain groups in your organization - such as marketing - who need to organize meetings with anonymous participants and others - such as research - who shouldn't, you can use Teams meeting policies to configure anonymous meeting join for different groups. For more information, see [Manage anonymous participant access to Teams meetings, webinars, and town halls](anonymous-users-in-meetings.md).
If your organization doesn't allow anonymous participants in meetings, turn off the **Anonymous users can join a meeting** policy in the Teams admin center. For groups like marketing that need anonymous participants to join meetings, and others like research that don't, use Teams meeting policies to configure anonymous meeting join for different groups. For more information, see [Manage anonymous participant access to Teams meetings, webinars, and town halls](anonymous-users-in-meetings.md).

## Related topics

Expand Down
54 changes: 15 additions & 39 deletions Teams/configure-meetings-baseline-protection.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ manager: pamgreen
ms.topic: article
ms.service: msteams
ms.reviewer: vivek.mohan
ms.date: 12/11/2023
ms.date: 11/14/2024
audience: admin
ms.localizationpriority: medium
f1.keywords:
Expand All @@ -25,7 +25,7 @@ description: Learn how to configure Teams meetings for a baseline level of prote

[!INCLUDE[Teams Premium ECM](includes/teams-premium-ecm.md)]

For the *baseline* level of protection, we restrict who can bypass the lobby by using a sensitivity label and set a default value for who can present with a Teams admin policy. You can restrict additional actions as well if your organization requires it.
For the *baseline* level of protection, we restrict **Who can bypass the lobby** by using a sensitivity label and set a default value for **Who can present** with a Teams admin policy. You can restrict other actions as well if your organization requires it.

> [!NOTE]
> Meeting options in sensitivity labels and custom meeting templates require Teams Premium.
Expand All @@ -49,7 +49,7 @@ The following table describes which actions we restrict for baseline meetings an
|Who can present|**People in my org and guests**|Teams admin center|No|
|Who can record|**Organizers, co-organizers, and presenters**|Template|No|

Options that are listed as enforced are enforced by the sensitivity label or meeting template. Options that aren't enforced can be changed by the meeting organizer.
The sensitivity label or meeting template enforces options that are listed as enforced. The meeting organizer can change Options that aren't enforced.

## Default values for **Who can present**

Expand Down Expand Up @@ -77,69 +77,45 @@ To configure who can admit from lobby:

## Watermarks and end-to-end encryption

In the *baseline* level of protection, we disable watermarks and end-to-end encryption by using a sensitivity label. This will prevent meeting organizers from using these features. Watermarks and end-to-end encryption are more applicable to sensitive meetings.
In the *baseline* level of protection, we turn off watermarks and end-to-end encryption by using a sensitivity label. This setting prevents meeting organizers from using these features. Watermarks and end-to-end encryption are more applicable to sensitive meetings.

End-to-end encryption and watermarks disable some other features such as PowerPoint Live. Turning them off for the *baseline* level of protection can avert instances where meeting organizers use these features without realizing the limits they impose.
End-to-end encryption and watermarks turn off some other features such as PowerPoint Live. Turning them off for the *baseline* level of protection can avert instances where meeting organizers use these features without realizing the limits they impose.

If you work in a highly regulated industry, you may want to keep these features available even in the *baseline* level of protection.
If you work in a highly regulated industry, you might want to keep these features available even in the *baseline* level of protection.

## Sensitivity labels

For the *baseline* level of protection, we use a sensitivity label that you can use directly in a meeting or as part of a meeting template. Depending on the configuration you choose, this label can also be used to classify teams and individual files.

If you already have sensitivity labels deployed in your organization, consider how this label fits with your overall label strategy. You can change the name or settings shown below if needed to meet the needs of your organization. If you already have a label that you use for baseline or general protection, you can edit the label and add Teams meetings to it.
If you already have sensitivity labels deployed in your organization, consider how this label fits with your overall label strategy. You can change the name or settings if needed to meet the needs of your organization. If you already have a label that you use for baseline or general protection, you can edit the label and add Teams meetings to it.

To create a sensitivity label:

1. Open the [Microsoft Purview compliance portal](https://compliance.microsoft.com).
1. Under **Solutions**, expand **Information protection** and then select **Labels**.
1. Select **Create a label**.
1. Give the label a name. We suggest **Sensitive**, but you can choose a different name if that one is already in use.
1. Add a display name and description, and then select **Next**.
1. On the **Define the scope for this label** page, make sure **Items**, **Files**, **Emails**, and **Meetings** are selected. (Note that you can select other options if you want to use this label for other purposes.)
1. Select **Next**.
1. On the **Choose protection settings for labeled items** page, select **Protect Teams meetings and chats** and then select **Next**
1. On the **Settings for Teams meetings and chats** page, choose the following values:
1. Select **Control end-to-end encryption for meeting video and audio** and set **Apply end-to-end encryption** to **Don't apply end-to-end encryption**.
1. Select **Control watermarks** and select **Don't apply watermark to shared content** and **Don't apply watermark to everyone's video feed**.
1. Configure any other settings that you need for your organization.

:::image type="content" alt-text="Screenshot of meeting sensitivity label settings showing configuration in this procedure." source="media/teams-meeting-sensitivity-label-baseline-small.png":::

1. Select **Next**.
1. Complete the wizard with any additional settings you want to use, select **Create label**, and then select **Done**.

Once you've created the label, you need to publish it to the users who will use it. For baseline protection, we make the label available to all users. You publish the label in the Microsoft Purview compliance portal, on the **Label policies** page under **Information protection**. If you have an existing policy that applies to all users, add this label to that policy. If you need to create a new policy, see [Publish sensitivity labels by creating a label policy](/purview/create-sensitivity-labels#publish-sensitivity-labels-by-creating-a-label-policy).

For additional information about using sensitivity labels with meetings, see [Use sensitivity labels to protect calendar items, Teams meetings and chat](/microsoft-365/compliance/sensitivity-labels-meetings).
To learn how to create and manage a sensitivity label, see [Use sensitivity labels to protect calendar items, Teams meetings and chat](/purview/sensitivity-labels-meetings#how-to-configure-a-sensitivity-label-to-protect-calendar-items-teams-meetings-and-chats).

## Meeting templates

In the *baseline* level of protection, we use the template to set a default value for who can bypass the lobby that includes external participants from trusted organizations.

We also prevent people dialing in by phone from bypassing the lobby. You can omit this setting if your organization frequently holds meetings where dial-in participants should be able to join directly. If there are certain types of meetings where this is true, consider using a separate template for those meetings.

If you've chosen to disable watermarks and end-to-end encryption in the sensitivity label, you can also use the template to hide those options from the meeting organizer.
If you turned off watermarks and end-to-end encryption in the sensitivity label, you can also use the template to hide those options from the meeting organizer.

To create a custom meeting template

1. In the Teams admin center, expand **Meetings** and select **Meeting templates**.
1. Select **Add**
1. Type a name and description for the template.
1. In the **Apply sensitivity label** section, choose the label you created above.
1. In the **Apply sensitivity label** section, choose the label you created.
1. Select **Apply sensitivity label**, and then select **Lock**.
1. In the **Lobby** dropdown, select **People in my org, trusted orgs, and guests**.
1. Make sure **People dialing in can bypass the lobby** is set to **Off**, then select it and select **Lock**.
1. If you've disabled watermarks and end-to-end encryption with the sensitivity label, consider selecting those options here and selecting **Hide** so meeting organizers won't see them.
1. Change any additional options if desired.
1. If you turned off watermarks and end-to-end encryption with the sensitivity label, consider selecting those options here and selecting **Hide** so meeting organizers doesn't see them.
1. Change any other options if desired.
1. To prevent the meeting organizer from changing an option, select the option and then select **lock**.
1. To prevent the meeting organizer from seeing an option, select the option and then select **Hide**.
1. Select **Save**.

## Related topics

[Configure Teams meetings with three tiers of protection](configure-meetings-three-tiers-protection.md)

[Overview of custom meeting templates in Microsoft Teams](custom-meeting-templates-overview.md)

[Use Teams meeting templates, sensitivity labels, and admin policies together for sensitive meetings](meeting-templates-sensitivity-labels-policies.md)
- [Configure Teams meetings with three tiers of protection](configure-meetings-three-tiers-protection.md)
- [Overview of custom meeting templates in Microsoft Teams](custom-meeting-templates-overview.md)
- [Use Teams meeting templates, sensitivity labels, and admin policies together for sensitive meetings](meeting-templates-sensitivity-labels-policies.md)
Loading

0 comments on commit fed5833

Please sign in to comment.