Teams: Can you do private chat only?

When I was young, I had MSN Instant Messenger. I used it a lot. Some of my friends used AOL. Others used Yahoo and ICQ.

Let’s be honest – chat has always worked – and in many ways, we can be defined as the instant messaging generation as opposed to the email generation – and I get the point that there is a real beauty about an app that focuses on chat – forget for a moment about all the bells and whistles. Remember back in time. Why did that chat app work? Why does WhatsApp work? And Twitter? And Skype?

So it was of real interest when a Microsoft Tech Community post asked if Teams could be used for Private Chat only and only for the organisation itself. Chat only. That’s right – no apps, no meetings, no calling. Now, this is completely missing the point of Teams – but I was generally interested if you can actually restrict Teams to such a degree that you can have it just for private chat.

A thought experiment as you will.

So it was a great opportunity to test it. Just for fun – and in advance I want to be clear that I would never, ever, advocate this (see conclusion).

Disable Apps

First, I disabled all the apps in the Microsoft 365 Control Panel under Services and Add-ins

TeamsLock1

Disable External Access

Second, I disabled the external access settings in the Teams Admin Centre as well as the guest access (this should be off by default)

TeamsLock2

TeamsLock3

Disable everything in the Meeting Policy applied to the user

Third, I applied an AllOff Meetings policy and an AllOff Live Events policy to users (had to create the AllOff LE Policy as there seems to only be a global policy)

TeamsLock5

This locks down apps, external access and meetings – but I needed to go further so I took the following actions –

1.) Disabling the following services on the licence

  • Skype for Business
  • Office Online
  • SharePoint
  • Stream
  • StaffHub

2.) Locked down the ability for users to create Office 365 groups

3.) Disable OneDrive per article: http://jerryitguy.com/index.php/2017/12/05/disable-onedrive-business-office-365/

4.) Block users signing up for trials such as Stream which could ‘reactivate’ the service per article https://syscloudpro.com/2018/03/31/avoid-users-from-signing-up-for-office-365-services-trials/

5.) Disable calling for all users using the following Powershell command

Set-CsTeamsCallingPolicy -Identity Global -AllowCalling $false -AllowPrivateCalling $false

End result 

When I create a new user in Teams –

No ability to create meetings (See Screenshot below)

TeamsLock7.PNG

No ability to make calls – video disabled and calls cut out immediately saying sorry we could not connect you when trying to call another user in the organisation

tEAMSLock15

No ability to add apps – all apps have disappeared except a few which cannot be used

TeamsLock8

No ability to create Teams – locked down to only administrators of the account

No ability to upload files from OneDrive – You don’t have access to these files

TeamsLock16

No ability to see Stream Videos – session expired

TeamsLock13

All of this is consistent in the mobile app.

Conclusion

The outcome is that you can get Teams very close to only doing Private chat. But some challenges remain

  • At the current time, it doesn’t appear that you can get rid of the personal wiki in the Teams Desktop App – it seems to persist even whilst preventing access to OneDrive for Business. It doesn’t appear to work on the mobile device
  • At the current time, you can still currently book meetings in the Teams mobile app even though the meetings policy prevents meetings. This can be controlled via Intune and  blocking the app on the mobile device.

All in all, I would never personally recommend Teams for private chat only: taking into account the idea that Teams is designed for collaborative features, the degree of configuration needed for it work – and I’ll use that term loosely, you have to practically maim the Office 365 experience to achieve it. There is no business case which could ever justify it: all the hundreds of benefits of Teams are lost, TCO would rise, and Day to day administration should not really involve things such as changing users OneDrive permissions within the SharePoint admin centre or running Powershell commands to block all users to making calls. Whilst it has been proven that Teams can ‘kind of’ operate for Personal Chat this is a cautionary tale and a case of because you can, doesn’t mean you should. It’s really a great example of the worst use of Technology. I would even go so far as to recommend Microsoft to consider limiting the ability to do this.

Hope it helps you to challenge this kind of configuration in the future.

Don’t be stuck or beholden to the past. Most of the time it’s better left there.

Best, Chris