How do you set up Microsoft Teams for the first time? We’ve developed a step-by-step guide to help with a successful implementation. In this fourth edition of our series, we’re addressing security and compliance in Microsoft Teams. But first, let’s recap what we’ve covered previously.
The first and second editions of this series focused on Microsoft Teams Phone, both how to move to Microsoft Teams Phone and managing the user experience while transitioning to Teams Phone. In the third instalment, we unpacked the basics of governance and lifecycle. If you haven’t already read these posts, we encourage you to review them now.
How do I make Microsoft Teams secure?
With more companies adopting a move to modern work, along with a rise in cybercrime, securing your company’s collaboration platform is critical. Microsoft Teams security and compliance is built on the strong foundation of Microsoft 365 security. This allows Teams customers to benefit from the full Microsoft security stack and accompanying expertise to help secure your Teams environment.
Microsoft 365 integrated security and compliance
Microsoft 365 security and compliance takes a holistic approach to your organisational security. It’s integrated across the ecosystem by connecting identities, devices, apps and clouds to close gaps in coverage and reduce risk. This includes:
- Identity and Access Management (IAM) with Azure Active Directory enabling single sign-on, multi-factor authentication and conditional access policies
- Threat protection against cybersecurity attacks with Defender ATP, Azure ATP, Azure Sentinel and Cloud App Security
- Information protection and governance with Azure Information Protection, Data Loss Prevention and data classification in Microsoft 365
- Risk management, discovery and response with Insider Risk Management, information barriers, Customer Lockbox and eDiscovery.
How secure is Microsoft Teams?
Microsoft Teams leverages five different security and compliance capabilities. We’ll break down each one.
Privacy
Microsoft safeguards your privacy by design, ensuring it’s consistent across all their solutions. Microsoft does not:
- track participant attention or multitasking in Teams meetings
- sell customer data or share customer data with third parties for marketing, advertising or other commercial purposes.
Customer data belongs to you, not Microsoft. Your data is deleted after the termination or expiration of your subscription. Microsoft offers regular transparency reports on the Transparency Hub, detailing how they have responded to third-party requests for data.
Support for regulations and compliance
Teams customers benefit from Microsoft being a leader in compliance, not only supporting major national regulations but also offering advanced solutions that are integrated with Teams. A good example of this is the recently delivered Communication Compliance that enables customers to enforce internal communication policies. It’s instrumental to helping create an inclusive culture. Education organisations have found this capability very valuable.
Administrators control what happens with data in Microsoft Teams using tools to discover, monitor and manage information. There is support for more than 90 global, national, regional and industry-specific regulations. This approach to compliance fosters a culture of inclusion and safety by identifying and preventing negative behaviours with communication compliance. Retention policies allow organisations to meet legal requirements with eDiscovery that easily identify, hold and manage information.
Identity
Teams leverages security and unified access management features from Azure Active Directory and Intune to protect your employees and data. Teams identity capabilities include:
- single sign-on
- multi-factor authentication
- conditional access policies.
You can also provide external access and guest access to permit secure collaboration across company boundaries.
What does MFA security mean?
Studies have determined that your account is more than 99.9% less likely to be compromised if you use multi-factor authentication. Providing additional forms of verification to prove identity helps protect accounts from hacking attacks that take advantage of weak or stolen passwords.
Conditional access capabilities
Conditional access allows you to set risk-based policies for access based on signals like:
- user or group membership
- device
- IP location information.
In addition, Microsoft Endpoint Manager allows you to manage devices and apps.
External access capabilities
When you need to communicate and collaborate with people outside your organisation, Microsoft Teams gives you two different secure ways to make that happen:
- External access (federation) lets you find, call and chat with users in other domains with an authenticated connection. You can control what specific domains are allowed and which ones are blocked.
- Guest access lets you add individuals to your teams, as guests, using their email address. You can collaborate with guests as you would with any other users in your organisation while still controlling their access to organisational data. IT admins can set and manage guest user policies and permissions, and pull reports on guest user activity.
Protection
Building on Microsoft 365 security, information in Teams is protected against cybersecurity attacks with capabilities such as Azure ATP, Data Loss Prevention, as well as sensitivity labels and data classification for documents. These capabilities are now natively supported in Teams.
Microsoft processes more than eight trillion security signals every day and uses them to proactively protect you from security threats. Microsoft protects your data and defends against cybersecurity threats in the following ways:
- Microsoft Teams data is encrypted in transit and at rest
- Data Loss Prevention prevents accidental sharing
- Retention policies keep or delete data
- Sensitivity labels regulate team or sensitive document access using Microsoft Information Protection
- Users are protected from malicious software hidden in files
- Suspicious or malicious activity is identified and mitigate
- Private channels allow you to restrict conversations and content
- Expiration policies ensure you retire unused teams.
Meeting controls
Meeting controls build on Microsoft’s commitment to security. You can manage who participates in your meetings and who has access to meeting information from inside or outside your organisation. These controls allow you to:
- Specify participant permissions for guest meetings
- Manage the lobby experience for participants
- Specify who can present content with meeting roles
- Control who can record and display recording disclaimers
- Manage who has recording access
- Mask PSTN participant numbers from external users.
How Zetta can help with security and compliance for Microsoft Teams
Zetta has the Microsoft Advanced Specialisation for Teams Calling and Gold Competencies for Cloud Productivity, Security, Collaboration and Content. Our team has extensive experience and proven success designing, architecting, implementing and managing Microsoft security and compliance technologies. We have successfully assisted Perth customers with their Microsoft Teams solutions.
If you’d like to discuss security and compliance for Microsoft Teams or explore what it might look like for your organisation, please reach out to the team at Zetta.