TEAMS.TC.5019 - Email into channel should be disabled
Email into channel should be disabled
Description
This test checks if email into channel is disabled in Microsoft Teams.
Policy Statement
Contoso's company policy requires that email into channel must be disabled to prevent bypassing email security controls. Email into channel can bypass anti-phishing, anti-malware, and Data Loss Prevention (DLP) policies, creating a potential security gap for malicious content delivery.
Why This Matters
Security Risks:
Email into channel can bypass:
- Anti-phishing protection
- Anti-malware scanning
- Data Loss Prevention (DLP) policies
- Email encryption requirements
- External sender warnings
- Attachment filtering rules
This creates a potential security gap where malicious content could be delivered directly into Teams channels without proper security scrutiny.
Email into channel bypasses organizational email security controls, creating an unprotected pathway for malicious content delivery.
How to fix
Disable Email into Channel in Teams Admin Center
- Navigate to the Teams admin center - Teams settings
- Expand Email integration
- Locate Allow users to send emails to a channel email address
- Set this option to Off
- Click Save
Verify via PowerShell
# Connect to Teams
Connect-MicrosoftTeams
# Check current email into channel setting
Get-CsTeamsClientConfiguration | Select-Object AllowEmailIntoChannel
# Disable email into channel
Set-CsTeamsClientConfiguration -AllowEmailIntoChannel $false
# Verify the change
Get-CsTeamsClientConfiguration | Select-Object AllowEmailIntoChannel
Impact
Disabling email into channel will:
- ✅ Force all email to go through organizational security controls
- ✅ Ensure consistent application of DLP policies
- ✅ Maintain anti-phishing and anti-malware protection
- ⚠️ Users can no longer email content directly to channels
Users can still share email content by forwarding emails to their own inbox and then sharing in Teams, ensuring security controls are applied.