Welcome back to our back-to-basics blog series, a glossary for Microsoft 365. In the last installment of this series, we discussed Entra ID – Microsoft’s identity and access management solution – and how to secure it with Conditional Access.
This article aims to cover Microsoft’s primary collaboration tool, Microsoft Teams, including:
Your users use Entra ID SSO to access Outlook and Teams. Teams is one of the most widely used services in Microsoft 365, as it enables users to instantly communicate and collaborate with each other. However, if not set up, secured, and used correctly, Teams can become cumbersome and even pose security risks. Today we will be covering what Microsoft Teams is, how to use it, and secure it. Microsoft Teams is Microsoft’s instant collaboration platform that allows users to chat, meet, share files, and integrate apps all in one.
To get started, you need a Microsoft 365 license. All Microsoft 265 licenses include Teams. Once your organization is licensed to use Teams, you can access Teams in the browser by going to teams.microsoft.com or download the Teams desktop app, select sign in with work or school account, and then you can sign in with your Entra ID SSO (e.g., david.nevins@coreview.com).
Note: The Teams desktop app includes all of the latest functionality, so this is the recommended option if you will be regularly using Teams. While the Teams web application includes most functionality, it is generally recommended to use the desktop app for the best experience.
A team is a collection of users, content, and tools, typically divided into projects or groups (or teams). For example, you might have a marketing team, a support team, a research and development team, and a company announcements team.
Each of these teams has a corresponding channel where chats, files, and tools like Microsoft To Do can be used.
You can create a Team from scratch, from template, from another team, or from a group to create a team. By using a template, Teams will automatically create channels for you and include apps that are relevant to the type of template you chose.
You can define whether the Team is private or public – private requires permission for users to join and public allows anyone in the organization to join.
Once you have created your Team, you will see it listed with its channels. Channels allow you to organize content and conversations into specific topics. For example, in your marketing Team you might have channels for General, Announcements, Training, and Release that all have their dedicated purposes.
While Teams are useful for organizing your greater Teams environment, you need to be careful and intentional when creating Teams to avoid Teams sprawl.
Teams sprawl is the idea that your Teams environment can grow so complex that it's too difficult (and unproductive) to use effectively.
Here are 6 quick tips to help you avoid sprawl in Microsoft Teams:
For organizations using Microsoft 365, Teams is your primary collaboration tool. In fact, 58% of sensitive data is stored in Teams, meaning you likely have sensitive data flowing through your Teams environment.
That's why it is important to take steps to secure your Teams environment. Here are some best practices for securing your Teams environment, based on best practices from the Center for Internet Security (CIS).
To avoid losing sensitive data, it is important to have a Teams retention policy that prevents users from permanently deleting data that is less than one year old. You can change the timeframe to suit your specific needs. This concept is also known as Data Loss Prevention (DLP).
For data loss prevention, it is also critical to block third-party file storage options within Teams. You’ll want to make sure that users are only able to use Teams, SharePoint, and OneDrive for file storage—not Dropbox or other unmanaged file storage services.
By default, Microsoft has a Teams App Permission Policy that restricts users from using unapproved Teams apps. In other words, users may use only those Teams apps allowed by admins.
Users can request to use an unapproved app and the admin in your organization can grant or deny their request. App permission policies are critical for security so you can prevent users from giving potentially harmful third-party apps to your organization’s data.
By default, Microsoft allows your organization to communicate with all external domains. This can be used from an attacker's standpoint for reconnaissance or phishing by reaching out to your users. The recommendation here to allow only specific external domains and whitelist domains you wish to collaborate with as they come up.
It is important to restrict who can bypass the lobby to prevent anonymous users from joining the meeting without being specifically admitted by a member of your organization. As a best practice, you’ll want to require that you explicitly grant access to anonymous users to join the meeting.
Using private Teams ensures that only the users that should have access to specific data in your organization are the ones with access. This can avoid data breaches.
By default, anyone in the organization can create a team. Restricting this will avoid Teams sprawl. You can implement an approval process or workflow to not entirely prohibit Teams creation, but to ensure that it is done systematically.
When you click on a link in teams, it often will show a page “Verifying link...” right before displaying the page of the URL that you clicked on. This is the Teams Safe Links policy which prevents phishing links and other malicious URLs. The same applies with attachments – scanning files in Teams to ensure that there is nothing malicious included.
For more technical guidance on securing Teams, read Microsoft Teams Security Best Practices.
Microsoft Teams is an incredibly powerful productivity tool that over a million companies use worldwide for instant messaging, meetings, and file sharing. Getting set up with Teams is easy, but it’s just as easy to over-customize your Teams environment leading to Teams sprawl and a decline in productivity.
To make sure you’re getting the most out of Teams, take a look at these Microsoft Teams resources below:
