May 23, 2022 5 important tips to MS Teams security and governance Introduction Microsoft Teams is has become linchpin of organization’s productivity. As organizations extend commitments to remote collaboration, strategies for data integrity and security must be effectuated. Many organizations that chiefly launch MS Teams to connect dispersed teams easily overlook cybersecurity and compliance. In this article, we will talk about five essential security recommendations for your Teams implementation – 1. Controlled environment To avoid creation of new teams by all users which makes the platform unruly, you can choose to delegate this permission to specific users. You can create Azure AD security group which is commonly a group of admins of an organization. However, if you want all users to create teams by themselves, it is better to configure governance policies such as naming convention and expiration policies. Naming convention allows you to add prefix and suffix to a team or group name and other Azure AD attributes to help clarify the purpose of that team. Secondly, it helps blocking unwanted or irrelevant terms from a team name to keep it ethically correct. Next, setting expiration policies for teams creates a lifespan for their existence in the environment. In this case, when a team is no longer required, it sends email notifications to owners asking them to take an action. Owners may then either delete or archive it. Remember, that deletion and archival process in Teams has certain pitfalls. If you delete a team, you delete all data objects at its background simultaneously. Also, you can’t retrieve it after 30-day period. Secondly, manually archiving teams one by one is an inefficient and arduous job for admins. Automation can completely revive lifecycle and management issues of teams by streamlining governance in MS Teams. Using our automation software TeamsHub.io, you can configure the most critical governance features of Microsoft 365 workloads including site provisioning, lifecycle management of teams with auto-archive and auto-delete options and more – all from a single interface and in just a few clicks! 2. Secure access to Teams Identity theft is a cybercrime where a hacker obtains someone’s identity through phishing, social engineering, and malware to gain access to the network. User identity in Microsoft Teams pivotal which gives them access to various applications, services, and valuable resources. To protect user’s identity in Teams platform, one must follow certain rules as given – Use MFA (Multi Factor Authentication) to protect identity and accessUse Microsoft Authenticator app to generate time-based codes during sign-inUse Azure AD Identity Protection to identify and address identity risks in your organizationUse Azure AD Identity Governance to ensure right people have right accessDo not create more than 2-4 global admin accounts 3. Device management Users may use both, managed and unmanaged devices to connect and collaborate using Teams platform. Sadly, unmanaged devices lack control and pose significant risks to an organization, especially if they are lost or stolen or when employees leave their organizations. This way, unauthorized users may easily gain entry point to company’s network and exploit sensitive data. To resolve this, you must integrate MDM (Mobile Device Management) with Azure Active Directory and enforce Microsoft 365 Conditional Access Policy to restrict access in unmanaged devices. Additionally, using MAM (Mobile Application Management), you can remotely control, encrypt and remove corporate applications and other content from employee’s personal device. To learn more about MDM and MAM, please click here. 4. External collaboration While working on complex projects, sometimes teams may want to collaborate with experts, business partners or clients to receive their invaluable insights, suggestions, or requirements. Such users who don’t belong to your organization but are called to collaborate on your platform are termed as guest or external users. Guest users have greater privileges than external users such as they can invite other people to teams, participate in chats and conversations, access channels, work on shared files and use other functionalities. To learn about the difference between guest user and external user, and their capabilities in detail, please click here. When enabling external access, one must be cautious about granting controls to guest users. Allowing them to participate freely and access Teams resources can overexpose corporate data and put the organization at risk. Hence, guest user management is one of the most crucial aspects of Teams governance. Depending on business mandates, admins can limit guest user activities for enhanced security. For example, guests can be disallowed to become group owner or access a group content. Other than that, external access from specific domains can be blocked or it can be restricted to specific users only within your organization. In contrary, some default restrictions for guest users in Teams can also be lifted if desired, such as adding apps to channel, creating, or discovering new teams, etc. MS Teams offers multiple admin panels with wide range of policies and configuration options to manage external access. However, multi-step navigation and customization of controls repeatedly across dissipated interfaces negatively impact user experience. You can easily outrun this challenge using TeamsHub.io which provides a centralized governance console to manage external access at both, team and organization level. With all controls and settings at one place, TeamsHub.io ensures that your admins can manage and monitor guest users undauntedly. 5. Protection to confidential data Data that resides in Teams can be highly important or sensitive. Hence, it is better to devise protection strategies to mitigate potential data leakages. To do this, you can configure DLP (Data Loss Prevention) policies to prevent unauthorized users from sharing or exchanging confidential information over chat, conversations, and channels. DLP policies block such messages automatically and send notifications to compliance officers. Additionally, you can use sensitivity labels to classify your data based on its sensitivity or confidentiality. Sensitivity labels encrypt the data and protect it from illegitimate access throughout its existence in various ways. You can prohibit editing in shared documents, block printing or downloading of documents by specific departments, disallow certain users such as the ones outside of your organization from opening a document, etc. To learn more about sensitivity labels, please click here. Conclusion Governance cannot be separated from Microsoft Teams. For organizations to let team collaboration flourish, it is imperative to turn on governance in Teams. Governance provides a secured environment to users, protects company’s digital assets, and elevates platform usage. Consequently, if governance is overtaxing your admins, you can use third-party governance software such as TeamsHub.io and automate entire Teams platform to boost security, engagement, adoption and experience altogether. To learn more about TeamsHub.io, please visit https://teamshub.io or contact sales@cyclotrongroup.com to request a demo