Microsoft Teams Security Policy Best Practices

Microsoft Teams is your hub for teamwork, which brings together everything your team needs with the power of Microsoft 365 applications.

Due to COVID-19 pandemic. Many people started work from home and many organization started using Collaboration and Communication tools. Thus, many security analyst and experts started researching the security aspect of communication and collaboration tools. So, companies started doing their research how to keep their sensitive data secure while using these tools.

However, Microsoft Teams is business essential for many organization. Check here for detailed understanding of Microsoft Teams Security Features.

Here are few points to look out for strengthen your Security of Microsoft Teams environment.

Control Guest and Anonymous Users in Teams

Guest User are outside of organization that were invited by sending email. Once they accept invitation credentials are stored in Azure AD.
As a native member Guest user have all the Team permissions so they can call, chat, meet and collaborate on files using Office 365 apps.

You can configure security settings on different levels for Guest access which is fully functional. Here is a checklist from Microsoft to manage Guest access in Teams:
Collaborate with guests in a team:
https://docs.microsoft.com/en-US/microsoft-365/solutions/collaborate-as-team?view=o365-worldwide

On the other-hand, Anonymous User have no insight into who they are and No credentials stored in Azure AD. So, if you want to restrict Anonymous user to join Teams meeting, just disable the “Anonymous users can join a meeting” option from the Teams Admin center.

Unique meeting IDs and links for every session

To secure Teams meeting need to ensure that each session has its own meeting created, with its own meeting ID.

Note that once you have unique meeting ID, be sure to share only users you want to join.

Use the Lobby

Concern about unauthorized users, Microsoft Teams offers Lobby feature, which allows you to authorize every users before they were able to access meeting.

Somehow, if unauthorized user got the meeting link and guessed the password, still they wont be able to join session without your express permission.

Participant Settings in Teams Meetings

Their are several meeting options in Microsoft Teams meeting. Its all on the hand of Organizer, he can choose or let them to bypass the lobby and let them to wait till someone let them in to join meeting.
There is an option in Teams meeting for Caller, you can let them automatically by pass the lobby and get the notification when they join or leave the meeting.
For Present, you can set for everyone or you can individually select who can present in the meeting.

Enforce Multi-Factor Authentication

Multi-Factor Authentication is must when we talk about security and unauthorized login attempts. Get in detailed here about why you should care about Multi-Factor Authentication.

By enabling MFA, you can increase the security of user login to Office 365. Note – you must be a Global Admin to setup MFA.

After entering their credentials to login page user must need to verify with multi-authentication factor i.e. by call, text message, app notification, etc.,

Microsoft Teams Usages Monitoring

You need to understand the usages through Microsoft Teams Monitoring.
This helps you to automate governance for Microsoft teams which include number of inactive Teams and average number of team per user.

Monitoring usages through Microsoft Teams helps you to address governance issue and also let you detailed information about collaboration security.

Advanced Threat Protection

The ATP helps organization to protect against malicious threats. By default, ATP scans malicious files in SharePoint Online, OneDrive for Business and Teams and exclude them.

You can utilize ATP features like ATP Safe Links and ATP Safe Attachments to provide more security. As name suggested, ATP safe links lets you to identify malicious links/URLs and ATP Safe attachments helps you to detect malicious attachments these features helps to strengthen Teams security while sharing links or file in chat or channel.

Azure AD Security Options

As we know that we can access chat and call from a desktop client app, mobile app, web browser, or phone. There is no restriction on where you can access Teams.

Azure AD Conditional Access, many cloud apps such as Exchange/SharePoint online, OneDrive for business take advantage of this feature to set conditions which must met by user to use Teams.

Mobile Application Management (MAM), this feature helps you to manage Teams app on various devices. Apply restrictions as per need.

Microsoft 365 Compliance Features

Microsoft Teams support office 365 compliance features like;

Data Loss Prevention (DLP) – DLP can be applied to Microsoft teams Chat, channel including private channel message.

Retention policies – You can manage your chat, channel, and files retention instead of keeping them for long and long.

eDiscovery and Legal Hold – You can search, analyze and preserve Microsoft Teams chats, files, meetings, and call summaries for legal purposes.

Auditing and Reporting –  Administrator can search event logs or search for specific activities to investigate incident. Admin can also set alerts on specific events.

Helpful Resource: How to Configure SharePoint Online Auditing

Educate your Team before they go live

User education is must when we talk about security, let them know about pros and cons of Microsoft teams and their security concern. Let them know about phishing email and malicious urls or attachments which may circulate during Teams meeting so they were aware about that.

Also give them hand-on experience on Teams Security feature like;

  • Lobby features
  • Chat features, including disabling private chat
  • Muting participants
  • Disabling video
  • Managing the Whiteboard
  • Managing screen sharing of fellow attendees
  • Removing participants

Conclusion

You want better security…Start with yourself.…

In this article, I have outlined many Microsoft Teams Security Policy Best Practices that you can use to protect your organization and sensitive data which is circulating through Microsoft Teams.