Teams Real Simple with Pictures: Setting up Supervised Chat in Microsoft Teams

Written: 09/05/2021 | Updated: N/A

Many years ago when I did my teacher training here in the UK one of the things I was taught is the concept of ‘in loco parentis’ – latin for ‘in the place of the parent’. Legally, whilst not bound by parental responsibility, teachers are expected to behave as any reasonable parent would in promoting the welfare and safety of children in their care. The term dates back to the 19th century when courts were first identifying and constituting teachers’ responsibilities. It was during this period where case law established that a teacher should act “as a prudent father” – language which may not be so fit today, yet the idea of safeguarding transcends this vernacular typical of it’s time. Supervised chat – a feature I didn’t know even existed in Teams until a few days ago, is predicated on this idea of safeguarding. As outlined in the notes ‘Supervised chat allows designated educators to initiate chats with students and blocks students from starting new chats unless an appropriate educator is present. When chat supervision is enabled, supervisors aren’t allowed to leave chats and other participants aren’t allowed to remove them, ensuring that chats involving students are properly supervised’. In other words, it’s removes the conundrum of having private chat on or off in an education environment. On? Many teachers, parents and stakeholders would consider it dangerous in that it opens up a number of risks including harassment, bullying and non-educational content. Off? This blocks teachers, or learning support from reaching out to students privately for personalized learning, or for pastoral matters. Now, whilst you may think this blog concerns a Teams for Education functionality, supervised chat is also in business tenants. That is where I found it. Whilst education is no doubt the de facto use case and probably was the reason why it was developed it may also be useful in business environments too to limit private chats being between specific individuals. It is a functionality which could be used very well alongside communications compliance and DLP. Let’s go set it up.

This blog will cover

  • Enabling Private Chat in the Messaging Policy
  • Enabling Supervised Chat
  • Setting Roles in the Messaging Policy
  • FAQ

PREREQUISITES

  • Teams Administrator (Or Global Administrator Permissions)
  • Latest Teams PowerShell Module Installed (if using Powershell)
  • Teams licence for testing (usually within Microsoft/Office 365 subscription)

ENABLING PRIVATE CHAT IN THE MESSAGING POLICY

We must first ensure that private chat is on within the global org wide default Messaging Policy, or on within custom messaging policies should multiple policies be used

1.) Login to https://login.microsoftonline.com with admin credentials

2.) Select Admin on the app launcher (left rail)

3.) In the Microsoft 365 admin centre, on the left navigation select Show All then select Teams

4.) In the Teams Admin Centre select Messaging Policies then Global (Org Wide Default)

5.) Make sure Chat is turned on (Slider) and select Save

Rinse and repeat for all custom messaging policies as required. To do this with PowerShell, you can use such a command

Set-CsTeamsMessagingPolicy -Identity [Policy] -AllowUserChat $True

Where Get-CsTeamsMessagingPolicy should return the policies you currently have in your environment

ENABLING SUPERVISED CHAT

Now that private chat has been enabled, we are ready to enable supervised chat

1.) In the Teams Admin Centre select Org Wide Settings and then Teams Settings

2.) Scroll to the bottom of the page and under section ‘Safety and Communications’ set Role Based Chat Permissions to On and then select Save. Role Based Chat Permissions is off by default

Supervised chat is now enabled. This is done in PowerShell by using the command

CsTeamsClientConfiguration -AllowRoleBasedChatPermissions $True

You will notice at this point that supervised chat, once enabled as an org wide setting, applies to all users in the tenant. There is no possibility to apply it to only a specific proportion of users in the tenant purely through policies

SETTING ROLES IN THE MESSAGING POLICY

Now that supervised chat has been enabled, it is time to return to the messaging policies. Again, this will use the global org wide default

1.) In the Teams Admin Centre select Messaging Policies then Global (Org Wide Default)

This image has an empty alt attribute; its file name is image-47.png

2.) Down the bottom of the messaging policy the option Chat Permission Role appears

You can select from 3 roles

  • Full permissions – Can start chats with any user within your environment. Users with full permissions are expected to supervise the chats they participate in. They can’t leave or be removed from chats that they start or chats that they’re supervising in federated tenants
  • Limited permissions – Can start chats with any full or limited users but can’t start chats with restricted users. If a user with full permissions begins a chat with a restricted user, limited users can be brought into the conversation. This access happens because a user with full permissions is present to supervise collaboration between limited and restricted users
  • Restricted permissions – Can only start chats with users who have full permissions. They can participate in any conversation that a user with full permissions invites them to. In federated chat cases, restricted users can only be added to chats by a user with full permissions who is from the restricted user’s tenant

Select the role and then Save

Once you have enabled supervised chat, if you have multiple custom messaging policies on top of the global org wide default amend as required for every messaging policy in your TAC otherwise role permissions within those policies will be set to restricted by default.

From a PowerShell perspective, the command would be Set-CsTeamsMessagingPolicy -ChatPermissionRole with an ending of Full, Limited or Restricted depending on the permissions you choose

Our job here is done. Note, policy changes can take a few hours – and possibly up to 24 – to apply

Supervised chat is straightforward to set up. However, one must be aware of, and set it in the context of applying policies to users. There are several different ways to assign policies to users including direct, batch, group and via policy packages. The administrator should have an understanding of policy precedence, especially given that the enabling of supervised chat sets all messaging policies to have a role of restricted by default. Caution also has to be given to when users are onboarded to set them with the right messaging policy otherwise their chat permissions may be too restrictive for what they are permitted to do

FAQ

1.) How does Supervised Chat impact Guests?

Guests will have the limited permissions role and this cannot be changed. They will not be able to initiate a private chat with a restricted user unless invited one by someone with full permissions

2.) Does Supervised Chat apply to all historical private chats?

No, it only applies once it has been enabled in the Teams Admin Centre. It will not apply to historical chats

3.) Can restricted users talk with others outside the organisation

As per role permissions, in federated chat cases restricted users can only be added to chats by a user with full permissions who is from the restricted user’s tenant. In other words, they can’t initiate a chat on their own with someone outside their organisation, and neither can someone from outside the organisation initiate a conversation with them even with open federation

4.) What happens if a supervisor leaves the organisation?

If a user with full permissions leaves or is removed from a tenant, the chats they were supervising will be left unattended. Before you remove the original user, ensure that another user with full permissions is added to these conversations so that the chat can remain supervised

One thought on “Teams Real Simple with Pictures: Setting up Supervised Chat in Microsoft Teams

Comments are closed.