(Originally published May 2022)

90% of Fortune 500 today use Teams. This overwhelming reliance on Microsoft Teams has turned it into a goldmine of sensitive data. For CISOs, that means addressing Teams security issues and following Teams security best practices are a #1 priority.  

This article covers:

1. Microsoft Teams Access Control Issues
2. MS Teams Collaboration Security Challenges
3. Free Templates for Microsoft Teams Security and Governance

Microsoft Teams Access Control Issues

Unauthorized Devices and Data Leaks

In any given organization, two categories of devices are typically used to access the Microsoft Teams environment: authorized devices, which are managed and monitored by IT staff, and unauthorized devices, which are not. The latter poses a significant risk for data leaks. Microsoft 365 provides administrators with tools to limit access from unauthorized devices, enabling users to view documents but preventing them from editing or downloading sensitive information.

Best Practices:

• Implement device management solutions, such as Microsoft Intune, to monitor and manage device access.
• Enable conditional access policies that assess the risk level of each device trying to access Teams and apply the necessary access controls.

Guest Users with Elevated Privileges

Incorporating external vendors, contractors, and guests into Teams for their expertise is common. However, it's crucial to limit their access to prevent the exposure of business-critical information. Teams allows granular control over guest access, but it requires the creation of private channels or careful management of access permissions.

Best Practices:

• Utilize Azure Active Directory (Azure AD) to manage guest access securely, including setting up multi-factor authentication (MFA) for an additional layer of security.
• Regularly audit guest permissions and access to ensure they are granted only the necessary level of access.

Available on-demand:  Microsoft experts covered how to manage personnel changes and external users in M365 in this 45-minute webinar.

Unnecessary Channel Access

With the shift from email to instant messaging for work communications, controlling access to specific channels in Teams has become more critical. Channel moderators can help manage this by controlling who can start new posts, add or remove members, and oversee bot activity within the channel.

Best Practices:

• Educate users on the importance of disabling notifications and closing unnecessary applications before screen sharing.
• Explore third-party tools that provide more granular control over what can be shared on the screen.

MS Teams Collaboration Security Challenges

Unsafe Screen Sharing

Screen sharing during video conferencing is a common practice but can lead to unintentional data exposure if notifications are not turned off. Mismanaged screen sharing settings can display private conversations or sensitive information to unauthorized viewers.

Best Practices:

• Educate users on the importance of disabling notifications and closing unnecessary applications before screen sharing.
• Explore third-party tools that provide more granular control over what can be shared on the screen.

Secure File Sharing Challenges

The necessity of sharing documents remotely introduces security concerns, especially since Teams inherits security settings from SharePoint and OneDrive. Microsoft 365's Sensitivity Labels help mitigate this by maintaining specific access rules with documents as they are shared.

Best Practices:

• Implement and enforce the use of Sensitivity Labels to secure documents shared within Teams.
• Train users on the importance of classifying documents correctly and understanding the implications of document sharing.

Phishing Issues in Microsoft Teams

Phishing remains a prevalent threat, adapting to target Teams users with malicious links. Microsoft 365 combats this with Safe Links, which scans URLs before redirecting users, but constant vigilance and education are crucial.

Best Practices:

• Enable Safe Links and other advanced threat protection features available in Microsoft 365.
• Conduct regular security awareness training that includes recognizing and responding to phishing attempts within Teams.

Compliance and Data Residency Challenges

Organizations must also navigate compliance and data residency regulations, which can vary significantly across jurisdictions. Microsoft 365 Multi-Geo capabilities allow for data storage across different locations, facilitating compliance with various data protection regulations.

Best Practices:

• Use Microsoft 365 Multi-Geo to manage data residency requirements efficiently.
• Keep abreast of changing regulations and adjust your data residency practices accordingly.

Additional Best Practices to Secure Microsoft Teams

Beyond addressing specific security issues, several overarching best practices can fortify your Teams environment:

• Implement Sensitivity Labels for Enhanced Data Protection
  Use sensitivity labels to control access more granularly, conducting periodic audits and removing unnecessary access as needed.
• Regularly Review Guest Users in Teams Groups
  Mandate routine checks of guest user permissions to align access with current collaboration needs.
• Control Access to Public Teams Groups and Ensure Multiple Team Owners
  Public groups and groups with a single owner pose risks. Implement validation processes for public groups and ensure each team has multiple owners for resilience.‍
• Archive or Remove Inactive and Empty Teams Groups
  Inactivity can lead to security vulnerabilities. Define what 'inactivity' means for your organization and monitor Teams groups accordingly, using automation to help manage these processes.
• Automate Microsoft 365 Configurations
• Automate M365 Policy Adherence

Free Templates: Microsoft Teams Security and Governance

By integrating these best practices into your Microsoft Teams strategy, you can significantly enhance the security and compliance posture of your Teams environment. To codify these best practices, use them to create a robust M365 governance framework.  

Or, if you aren’t sure how to get started, use the Microsoft 365 Governance Starter Kit complete with an assessment checklist, strategy template, and plan template.

Just interested in Microsoft Teams governance? Establish crucial Teams creation and management policies with the free Microsoft Teams Governance Plan Template.

Alternative Ways to Secure Microsoft Teams

Securing Teams is not a one-time process but a continuous effort that requires vigilance, adaptation to new threats, and regular review of access controls and policies.

The easiest way to close the door on these M365 security threats? End-to-end Microsoft Teams security, governance, and automation tools from CoreView.

Learn how a Canadian utility company assessed (and remediated) insider threats in minutes with CoreView, finding and fixing key collaboration and identity risks.

‍