{"id":984,"date":"2025-04-22T01:34:58","date_gmt":"2025-04-21T23:34:58","guid":{"rendered":"https:\/\/sparrow365.de\/?p=984"},"modified":"2025-04-22T01:34:58","modified_gmt":"2025-04-21T23:34:58","slug":"custom-m365-terms-of-use-part-3-teams-bookings-viva-engage","status":"publish","type":"post","link":"https:\/\/sparrow365.de\/index.php\/en\/2025\/04\/22\/custom-m365-terms-of-use-part-3-teams-bookings-viva-engage\/","title":{"rendered":"Custom M365 Terms of Use Part 3: Teams, Bookings, Viva Engage"},"content":{"rendered":"

In this article series, I examine all places where data protection and compliance policies (hereinafter referred to as ToU<\/strong> \u2013 Terms of Use<\/em>) can be presented to end users – preferrably with enforced acknowledgment.<\/p>\n

In the first part<\/a>, I already covered tenant-wide settings<\/strong>, while the second part<\/a> introduced additional options within Entra ID applications<\/strong>.<\/p>\n

This installment of the series now explores initial settings from the broader M365 ecosystem<\/strong>, which either serve directly as ToUs or can be adapted for that purpose. Although my specialty is Entra, my established criteria are well-suited to creating a comprehensive overview<\/strong>. \ud83d\ude05<\/p>\n

I’m stepping outside my core focus area with an application whose predecessor I used to administer extensively and which I still occasionally support today: Microsoft Teams \u2014 complemented by two additional applications: Bookings, the successor to Teams Virtual Appointments<\/a>, and Viva Engage (formerly Yammer) as another collaboration platform.<\/p>\n


<\/p>\n

Teams<\/h2>\n

Microsoft Teams presents a unique challenge, as it is a platform designed to enable collaboration and interaction among a wide variety of participants. We often deal with many users from other Microsoft tenants (= guests)<\/strong> or even individuals who do not have a Microsoft account at all (= anonymous users)<\/strong>.<\/p>\n

As a reminder from Part 1<\/a>: Conditional Access only applies during authentication, which means it cannot be used to enforce ToUs for anonymous participants<\/strong>. This presents a compliance challenge, especially when communicating with private individuals or organizations that refuse to create Microsoft accounts.<\/p>\n

\n

Even though some may pretend that there\u2019s no such thing as an organization without Microsoft accounts \u2013 Business to Business (B2B)<\/a> means Microsoft tenant to Microsoft tenant collaboration, after all<\/em> \ud83d\ude09<\/p>\n<\/blockquote>\n

Since anonymous users are often a critical topic, here\u2019s an important note up front: There is currently no technical way<\/strong> to ensure that anonymous participants have accepted the ToU\u2014every available solution requires organizational measures<\/strong> at some point.<\/p>\n

So let\u2019s start with the most effective option:<\/p>\n


<\/p>\n

Webinars<\/h3>\n

In a webinar, a public "registration page" is shared, where additional information can be requested from participants. If the webinar organizer<\/strong> has configured the settings correctly, each participant<\/strong> must check a box to agree to the ToU before receiving a participation link (marked as "1" in the image)<\/em>.<\/p>\n

\"WebinarJoin\"<\/p>\n

\n

Bonus: Marker "2" again hides the tenant-wide Privacy Statement URL<\/a><\/em><\/p>\n<\/blockquote>\n


<\/p>\n

\n

To achieve this result, the webinar organizer<\/strong> must ensure that the settings follow the structure below every single time<\/strong> (or duplicate<\/strong> an existing, active webinar<\/a><\/em>).<\/p>\n\n\n\n\n\n\n\n
Step<\/th>\nDescription<\/th>\n<\/tr>\n<\/thead>\n
\"alt\"<\/td>\nThe organizer<\/strong> must create a new meeting from within the Teams app.
This requires clicking the small arrow<\/strong> next to the "New Meeting" button and selecting "Webinar<\/strong>".<\/td>\n<\/tr>\n
\"MeetingWebinarSettingsAddLegalTerms\"<\/td>\nIn the webinar settings, under "Registration > Configuration", the "Legal Terms<\/strong>" field must be added.
This is the only field that supports URLs\u2014all other fields accept plain text only!<\/strong><\/td>\n<\/tr>\n
\"\"<\/td>\nFinally, the URL<\/strong> pointing to the relevant ToU must be entered by the organizer \u2014 this must be done for each new webinar!<\/strong> (Don\u2019t forget to save and publish the webinar!)<\/em><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n


<\/p>\n

\u203c\ufe0f These settings cannot be enforced administratively<\/strong> \u203c\ufe0f<\/p>\n

Therefore, organizers must receive clear instructions and training.<\/p>\n

\n

Whether an anonymous user can join a webinar depends on whether the organizer’s meeting policy under "Meeting scheduling > Who can register"<\/strong> is set to "Everyone"<\/strong>. Otherwise, only users from the same tenant can participate.<\/em><\/p>\n<\/blockquote>\n

\n

Meeting Invite<\/h3>\n

A significantly weaker option is customizing the meeting invite<\/strong>. The invitation to a Teams meeting is largely identical across all tenants, and only a few customizable elements are available. These are limited to the text in the invitation and do not include any form of enforcement or confirmation<\/strong>.<\/p>\n

It\u2019s also important to remember that meeting invites are often accepted without reading the message body, let alone any links contained within. In Outlook, users can even join a Teams meeting without ever opening the invitation.<\/p>\n

Nevertheless, there are two places where important information for participants, including ToU, can be placed: the "Footer<\/strong>" and the "Privacy and Security URL<\/strong>", both found in the Meeting Settings<\/a> of the Teams Admin Center.<\/p>\n

\n

\u26a0\ufe0f The invitation customization applies tenant-wide<\/strong> \u2014 this method is therefore unsuitable for department- or team-specific notices.<\/em><\/p>\n<\/blockquote>\n\n\n\n\n\n
Admin Center Setting<\/th>\nResult<\/th>\n<\/tr>\n<\/thead>\n
\"Meeting<\/td>\n\"Meeting<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n


<\/p>\n

\n

Reminder: When joining<\/strong> a Teams meeting, the tenant-wide privacy URL<\/a> is displayed under "Privacy and cookies<\/strong>".<\/em><\/p>\n<\/blockquote>\n


<\/p>\n

Handling Anonymous Users<\/h3>\n


<\/p>\n

Why anonymous users are a problem<\/strong><\/u><\/p>\n

As should now be clear: anonymous users do not provide any information to our tenant \u2014 they simply enter a freely chosen name and join the meeting to which they were invited. That\u2019s why Teams meetings display the status "unverified" next to their names.<\/p>\n

This results in a significant loss of control and governance capabilities, especially the inability to enforce Conditional Access ToUs.<\/p>\n

\n

\u26a0\ufe0f Note: There are many granular configurations for anonymous users, guests, and B2B governance \u2014 these go beyond the scope of this article, which focuses strictly on ToU-relevant settings.<\/em><\/p>\n<\/blockquote>\n


<\/p>\n

Clearly Separating Webinars from Regular Meetings<\/strong><\/u><\/p>\n

The good news: if you need webinars but want to prevent anonymous users<\/strong> from joining regular Teams meetings<\/strong>, you can already exclude a large portion of otherwise "unverified" participants.<\/p>\n

Webinars are controlled via the Meeting Policy setting \u201cMeeting scheduling > Who can register.\u201d This setting is managed separately<\/a> from the general configuration for anonymous users.<\/p>\n


<\/p>\n

When should you block anonymous users?<\/strong><\/u><\/p>\n

Ask yourself the following questions:<\/p>\n

    \n
  1. Do my employees interact almost exclusively with known organizations?<\/li>\n
  2. Are meetings with unknown organizations\/individuals primarily conducted via webinars?<\/li>\n
  3. Can exceptions be handled through targeted policies?<\/li>\n<\/ol>\n

    \u27a1\ufe0f If the answer is mostly \u201cYes,\u201d anonymous user participation should be disabled<\/strong>.<\/p>\n


    <\/p>\n

    Used Meeting Policies<\/strong><\/u><\/p>\n

    In the global Meeting Policy<\/strong>, anonymous participation can be disabled via:<\/p>\n

    \u201cMeeting join & lobby > Anonymous users can join a meeting unverified\u201d<\/strong><\/p>\n

    Since this is a Meeting Policy<\/strong>, you can later assign an exception policy to specific organizers who need to work with anonymous users.<\/p>\n

    Disabling anonymous access often quickly reveals where B2B tenant configurations are missing or where external users haven\u2019t been invited as guests. However, guest account setup and governance go beyond this article\u2019s scope.<\/p>\n

    A preview: You\u2019ll find many organizations that enforce strict B2B trust requirements.<\/em><\/p>\n

    \n

    \ud83d\udccc Important Notes on Teams Policies<\/em><\/p>\n