Email verification for anonymous participants in Teams Meetings

Today, there is no verification for anonymous participants in Teams Meetings, Webinars and Town halls.
According to the documentation, anonymous meeting users are:

  • Users who aren’t logged in to Teams with a work or school account.
  • Users from non-trusted organizations and from organizations that you trust but which don’t trust your organization.
  • Users without a Microsoft account.

Microsoft is now introducing an optional email OTP verification for anonymous meeting participants.
Email OTP is known from SharePoint and OneDrive. A one-time password (OTP) is emailed to an external person. It is a multi-digit number. After entering the number, the person can access the shared content in SharePoint.

Microsoft is implementing the same feature in Teams. It is a Teams Premium feature, the organizer needs the license.
Microsoft notes that accounts without a Teams Premium license can also use the verification feature. However, anonymous, unverified participants are not possible in such events. Participants must log in with an account.

The experience for attendees to verify their email with OTP prior to joining meetings is available only for meetings created by organizers that have a Teams premium license. However, the new meeting option to require verification will be available to all meeting organizers without Teams Premium license as well, for these meetings, attendees can join meeting after verifying with their TFL account or Entra account.

 


Configuration

There are two noteworthy points for the configuration.

Enable / Disable Email OTP

In the Teams Admin Center, meeting policies now have a new option for “Anonymous users can join a meeting after verifying.” The configuration for “By email code” is enabled by default.

Teams administrators cannot disable the option in the Admin Center without at least one Teams Premium license in the tenant.

Neue Konfiguration für E-Mail OTP
New configuration for Email OTP

With PowerShell, administrators can also change the policy without a Teams Premium license.
It is the new property AnonymousUserAuthenticationMethod in a meeting policy.

AnonymousUserAuthenticationMethod
Determines how anonymous users will be authenticated when joining a meeting .
Possible values are:

  • OneTimePasscode, if you would like anonymous users to be sent a one time passcode to their email when joining a meeting. This is the default value.
  • None, if you would like to disable authentication for anonymous users joining a meeting.
PowerShell
PowerShell
# Check the global meeting policy
Get-CsTeamsMeetingPolicy -Identity Global | select AnonymousUserAuthenticationMethod | fl

# Change the global meeting policy
Set-CsTeamsMeetingPolicy -Identity Global -AnonymousUserAuthenticationMethod None


The meeting policy has been changed, even without a Teams Premium license.

E-Mail OTP ist global inaktiv
Email OTP is globally inactive
Tenants with no anonymous users

Microsoft notes in the announcement that the default configuration of Email OTP enables a new way to join for tenants who do not allow anonymous users. Teams administrators must proactively disable Email OTP in this situation.

Email OTP is enabled by default
Email OTP is enabled by default

Tenants where the Anonymous users can join a meeting setting is currently disabled will be affected by this update. In the Teams admin center, a meeting policy controls whether anonymous users can join meetings. If this setting is turned off, users without an MSA (Microsoft Account) or Microsoft Entra account are currently unable to join meetings. With the introduction of this new feature, we are enabling an additional option for unverified (anonymous) users to join meetings without requiring an MSA or Entra account.


Using verification for anonymous users

Microsoft notes that Email OTP is still in a limited public preview and is expected to be available by the end of March.

If the Email OTP configuration is enabled, the following option will be available in the settings of a meeting:

Verifizierung durch anonyme Teilnehmer anfordern
Require verification for anonymous users

For the summary, I prepared a table.

Meeting policy
for Email OTP
Default verification setting
in new meetings
Meeting participation for anonymous users
Anonymous users
can join meetings
YesDisabled, organizer can enable the meeting optionYes, with verification (if enabled)
NoNot availableYes, without verification
Anonymous users
cannot join meetings
YesEnabled, organizer cannot disable the meeting optionPartially, unconfirmed participation is only possible by logon with an account
NoNot availableNo
Email OTP is forced when anonymous users are not allowed
Email OTP is forced when anonymous users are not allowed
Organizers with no Teams Premium license

If the verification option is active in an event, an anonymous participant must sign in with an account.

Screenshot

 

Organizers with a Teams Premium license

Anonymous participants are prompted to provide an email address,

Angabe einer E-Mailadresse
Entering an email address

the system informs them that a code is being sent for confirmation…

Versand von OTP Code
Sending OTP code

…and they receive, as known from SharePoint, the multi-digit number valid for 30 minutes.

E-Mail OTP
Email OTP

After that, the verified person should be able to join the event.

Participants who verify the same email address that the meeting invitation was sent to will be allowed to join the meeting directly if the Lobby bypass setting permits invited participants. Conversely, participants verifying with a different email address will be placed in the lobby and labeled as Email verified.

The Email verified tag and the email address participants entered for verification will be shown on the profile card of the participant in the lobby, meeting roster, and meeting chat.

Today, Teams caused an error during my tests, and the person could not join a meeting or other events. This feature should not yet be used productively for meetings.

Keine Teilnahme möglich
No participation possible
Share
Avatar photo

Tobias Asböck

Tobias is a Senior System Engineer with around ten years of professional experience with Microsoft 365 products such as SharePoint Online, SharePoint Premium, OneDrive for Business, Teams Collaboration, Entra ID, Information Protection, Universal Print, and Microsoft 365 Licensing. He also has 15+ years of experience planning, administering, and operating SharePoint Server environments. Tobias is a PowerShell Scripter with certifications for Microsoft 365 products. In his spare time, Tobias is busy with updates in the Microsoft 365 world or on the road with his road bike and other sports activities. If you have additional questions, please contact me via LinkedIn or [email protected].

Leave a Reply

Your email address will not be published. Required fields are marked *