September 15, 2020 5 tips for strengthening Microsoft Teams security Introduction As more businesses adopt Teams extensively to achieve their goals, there are certain security implications that need to be considered. Firstly, Teams’ architecture allows its structure to be responsive to changes, upgrades, or extensions. Secondly, it enables remote collaboration while ensuring greater engagement and productivity. Hence, security analysts need to scrutinize all possibilities of risks in Teams. Luckily, Microsoft Teams keeps your IT infrastructure tightly secured with industry-standard security applications and encryption mechanisms. Let’s have a quick look at some security and compliance features in Teams: Multi-factor authentication Multi-factor authentication uses more than one type of identifier to provide an additional level of security for sign-ins. It includes both a password and an additional verification method which may include your biometric attributes such as fingerprints or face. Encryption Office 365 offers an added layer of encryption at application level for your content. In Teams, data remains encrypted while in transit and at rest. Teams Files stored in SharePoint and Notes in OneNote are encrypted and can’t be read without the encryption code even if the data is stolen. Authentication Authentication services, in general, protect against data being viewed by unauthorized users or those who don’t have access to it. Authentication and signaling occurs natively in Microsoft Teams, for example, web-based authentication flow for tabs and the OAuthPrompt flow for conversational bots are used to authenticate and authorize users. Certification and compliance Microsoft Teams compliance features meet legal, regulatory or organizational policies and uses the compliance standards viz ISO 27001, ISO 27018, SSAE16 SOC 1 and SOC 2, HIPAA, and EU Model Clauses (EUMC). Microsoft has different tiers of compliance certifications to provide a strong privacy and security commitments to its Office 365 users. To allow industries gain control over their data, Microsoft offers compliance functionalities such as Retention Policy, Data Loss Prevention (DLP), Audit Logging, eDiscovery etc. Permissions Different types of permissions and access levels granted to different types of users in Teams ensures data protection. Permission management in Teams allows administrators to configure access settings for a team to prevent the exchange of data or resources by its users as well as encrypt the documents. Enhancing Teams security Now that we have understood the security mechanisms let us move ahead. According to an investigation report, about a third of data breaches, are caused by internal actors, i.e., employees! Understandably, an accidental sharing of sensitive information to malicious users is quite likely and can be hazardous for a business no matter what. With this regard, let us discuss some tips to know what you can do to secure collaboration at your end: Tip #1: Configure Teams with three tiers of protection Configuring teams in Microsoft Teams and their associated SharePoint sites for file protection balances security with ease of collaboration. Furthermore, it is good to use three tiers of protection for data, identities, and devices in Teams which are: Baseline protectionSensitive protectionHighly sensitive protection Baseline protection includes public and private teams. Public teams can be discovered and accessed by anybody in the organization. Private teams can only be discovered and accessed by members of the team. Both of these configurations restrict the sharing of the associated SharePoint site to team owners to assist in permissions management. Teams for sensitive and highly sensitive protection are private teams in which sharing and the requesting of access for the associated site is limited and sensitivity labels are used to set policies around guest sharing, device access, and content encryption. To know more about configuring Teams with three tiers of protection, click here. Tip #2: Control external access Teams admin center provides various settings to configure guest access based on your company’s policies. If data sharing is strictly restricted with users outside of your organization, you can disable guest access in Teams. On the other hand, if data sharing needs to be fully functional, you can manage guest access and security settings on several levels. Tip #3: Use multi-factor authentication If you are the global administrator, you can enable multi-factor authentication (MFA) for all privileged user accounts in your tenant. You can configure MFA for guest users as well. This will ensure an additional layer of security to prevent unauthorized users to gain access. Tip #4: Identify new or advanced threats quickly To combat cyberattacks, Microsoft has useful features to catch new and advanced threats before they can infect or corrupt the system. For this, you should use Advanced Threat Protection (ATP) subscription that encompasses many such security features that lock down the insecure files once identified. Additionally, you can use ATP Safe Links to check malicious links and ATP Safe Attachments to detect malicious attachments. Tip #5: Manage mobile devices and apps Rigorous use of mobile devices and the addition of a multitude of apps from third-party services by employees favorably opens the door for information leakage and other risks. Thankfully, with the device management feature, you can effectively track corporate data and keep it safe and separate at these endpoints. Also, by setting up an app management feature, you can restrict the usage of undesirable apps. Conclusion There are plenty of ways to improve Teams security. Following the aforementioned tips, you can facilitate collaboration without fear and let your organization win! If you have any concerns or queries about Teams security in your organization, contact us to learn more on how to offer a greater protection and governance over your Teams and Office 365 environment.