On Day 9 of Cybersecurity Awareness Month, we’re excited to share 6 major Microsoft Teams recommendations that can boost your Microsoft Secure Score by 8 points. Stay tuned for the upcoming blogs in our M365 Cybersecurity blog series.
Microsoft Teams has become an integral part of modern workplaces, facilitating collaboration and communication. However, with increased remote Microsoft Team meetings and virtual interactions, it’s crucial to protect sensitive information, keep unauthorized users out, and define access controls clearly. A key approach for organization to securely connecting Teams meetings is by configuring meeting policies and settings that strengthen overall security posture. By making specific adjustments to how your Teams meetings are managed, you can boost your Microsoft Secure Score by up to 8 points.
Let’s dive into these configurations and explore how they can contribute to a safer and more secure Microsoft Teams environment.
6 High-Impact Teams Settings to Improve Your Microsoft Secure Score
To configure Teams meetings with high protection, you can prioritize the following secure score recommendations.
🔎 Where to Find Microsoft Secure Score Recommendations?
You can easily locate and act on these recommended Teams policies within the Microsoft 365 Defender portal. Use the following path to navigate and review the above recommendations:
Microsoft Defender –> Exposure Management –> Secure Score –> Recommended actions
1. Configure Which Users are Allowed to Present in Teams Meetings
✅ Microsoft Secure Score Points Gained: 2
By default, any participant can be a presenter in a Microsoft Teams meeting. This can create a security risk if the wrong user gains control. To prevent this, configure meeting policies to control who can present during Teams meetings, limiting it to specific roles like the meeting organizer.
How this improves security:
- It prevents unauthorized users from sharing content or taking over the meeting.
- It ensures sensitive information is only shared by trusted participants.
How to Limit Users Presenting in Microsoft Teams Meeting?
- In the Teams admin center, navigate to Settings & policies –> Meetings & events –> Meetings under the ‘Org-wide default settings’ tab.
- Under Who can present setting in the ‘Content sharing’ section, select Only organizers and co-organizers from the drop down.
- Click Save and confirm your selection.
Limiting presentation capabilities reduces the risk of sensitive information being shared inappropriately or unintentionally during Microsoft Teams meetings. If only trusted individuals are allowed to share their screens or files, the likelihood of unintentional data leaks decreases.
2. Only Invited Users Should be Automatically Admitted to Teams Meetings
✅ Microsoft Secure Score Points Gained: 2
Restricting meeting access to only invited users ensures that unauthorized attendees cannot join your meetings. This configuration automatically admits only invited users into meetings, reducing security breaches in the organization.
How this improves security:
- Limits access to the meeting to trusted users only.
- Prevents unauthorized external users from gaining access to sensitive discussions.
How to Automatically Admit Invited Users to Microsoft Teams Meetings?
- In the Teams admin center, navigate to Settings & policies –> Meetings & events –> Meetings under the ‘Org-wide default settings’ tab.
- Under Who can bypass the lobby setting in the ‘Meeting join & lobby’ section, select the People who were invited option from the drop-down.
- Click Save and confirm your selection.
To allow only invited users to bypass the lobby via PowerShell, run the following after connecting to the Microsoft Teams PowerShell.
1 |
Set-CsTeamsMeetingPolicy -Identity <policy name> -AutoAdmittedUsers InvitedUsers |
Replace <policy name> with the ‘Global’ for updating the org-wide default. This cmdlet allows you to fine-tune meeting access and control features.
Also, this configuration adds a layer of control by requiring unauthorized users to be manually admitted by the organizer.
3. Restrict Anonymous Users from Joining Meetings
✅ Microsoft Secure Score Points Gained: 1
Allowing anonymous users (those without Microsoft accounts) to join meetings can be a major security concern, as it opens the door for potential malicious threats. To strengthen security, it is essential to restrict anonymous access to Teams meetings, ensuring all attendees are authenticated.
How this improves security:
- Reduced the risk of uninvited participants joining and causing disruptions.
- Enhances overall meeting security by ensuring that only verified individuals attend.
Manage Anonymous Participant Access to Microsoft Teams Meetings
- In the Teams admin center, navigate to Settings & policies –> Meetings & events –> Meetings under the ‘Org-wide default settings’ tab.
- Locate the Anonymous users can join a meeting under ‘Meeting join & lobby’ section and toggle it off.
- Click Save and confirm your selection.
You can also block anonymous users from joining meetings using PowerShell.
1 |
Set-CsTeamsMeetingConfiguration -DisableAnonymousJoin $false |
The -DisableAnonymousJoin parameter in the Set-CsTeamsMeetingConfiguration command decides anonymous joining at the organizational level.
This simple configuration helps block unverified users from entering the meeting, increasing security and control.
4. Restrict Dial-in Users from Bypassing a Meeting Lobby
✅ Microsoft Secure Score Points Gained: 1
Dial-in allows users to connect to Microsoft Teams meetings using a phone rather than Teams app or web. While this provides flexibility for participants, it can pose security risks, as dial-in users may bypass security checks, creating a loophole for unauthorized participants. Configuring settings so that dial-in users cannot bypass the meeting lobby ensures that they go through the same security protocol as online attendees.
How this improves security:
- Ensures that all participants, including those dialing in, are examined before being allowed into the meeting.
- Provides meeting organizers with full control over who enters the meeting.
Control Dial-in Users from Bypassing Meeting Lobby in Microsoft Teams
- Go to Settings & policies –> Meetings & events –> Meetings under the ‘Org-wide default settings’ tab in the Teams admin center.
- In the ‘Meeting join & lobby’ section, toggle off the setting for People dialing in can bypass the lobby.
To restrict PSTN (Public Switched Telephone Network) users to bypass the lobby using PowerShell,
1 |
Set-CsTeamsMeetingPolicy -Identity Global -AllowPSTNUsersToBypassLobby $false |
The -AllowPSTNUsersToBypassLobby parameter controls whether users dialing in by phone (PSTN) can bypass the lobby.
With this policy in place, dial-in users must wait in the lobby until approved by the organizer.
5. Limit External Participants from Having Control in a Teams Meeting
✅ Microsoft Secure Score Points Gained: 1
Allowing external participants to take control of a Teams meeting (e.g., adding users, sharing their screen or taking over as a presenter) can lead to exposure of sensitive information. Limiting this ability to internal users ensures that sensitive data or presentations aren’t exposed to external entities.
How this improves security:
- The risk of external users gaining unauthorized access to shared content will be reduced.
- Gives admins the relief of only trusted, internal participants are allowed to present or control the meeting.
Restrict External Participant Access in Microsoft Teams Meetings
- In the Org-wide default settings tab of the Teams Admin Center, navigate to Settings & policies > Meetings & events > Meetings.
- Set External participants can give or request control to off under the ‘Content sharing’ section.
- Click Save and confirm the selection.
To block external participants from being granted control, giving control, or requesting control in meetings and webinars, use the following script:
1 |
Set-CsTeamsMeetingPolicy -Identity Global -AllowExternalParticipantGiveRequestControl $False |
The -AllowExternalParticipantGiveRequestControl parameter manages whether external participants can give, receive, or request control.
By limiting control, you ensure that external participants cannot interfere with meetings or access sensitive controls, boosting overall security.
6. Restrict Anonymous Users from Starting Teams Meetings
✅ Microsoft Secure Score Points Gained: 1
Anonymous users starting meetings can create an open gateway for unauthorized access, especially if sensitive topics are being discussed. By preventing anonymous users from initiating meetings, you add another security layer, ensuring that only authenticated users can start meetings.
How this improves security:
- Stops unknown users from initiating meetings in the organization.
- Ensures meetings are only started by authenticated, authorized users within your organization.
Stop Anonymous Users from Start Microsoft Teams Meetings
- Head to Settings & policies > Meetings & events > Meetings located in the Org-wide default settings tab within the Teams Admin Center.
- Turn off the setting for Anonymous users and dial-in callers can start a meeting under ‘Meeting join & lobby’ section.
- Click Save and confirm the selection.
This prevents unverified users from initiating meetings, which safeguard against security vulnerabilities.
Using secure score recommended actions and following these steps, you can build your organization’s security that upholds Microsoft Teams security best practices. By continuously optimizing your Teams policies, your organization can achieve a higher secure score and enhance the safety of all interactions.