Microsoft Teams has been blowing up since everyone started working from home! 🏡It has over 280 million monthly active users, and it’s not slowing down. It is constantly updated with:
- New updates
- New licensing improvements
- New collaborative ways
But where there’s success, there’s trouble, too—security threats! ⚠️Recently, DarkGate malware operators exploited Teams’ group chat requests to spread malicious attachments.
The root cause? Microsoft allows external users to message internal users in other tenants by default, creating a vulnerability! Admins not managing external access settings in Teams properly led to severe phishing attacks.
That’s why it’s crucial to rightly configure Microsoft Teams security settings! 💯 Here are some key security settings in Teams you might have missed (don’t worry; it happens to the best of us!).
Microsoft Teams Security Configurations
When it comes to Microsoft Teams security settings, there’s a lot to cover. 😩From managing meetings to messaging & setting up guest access, it’s a multi-faceted process! You can’t just tweak a couple of settings overnight —it takes time to truly tighten up Teams’ security.
While there are many settings to consider, we’ve split our Microsoft Teams security guide into two parts to make it easier to digest. Part 1 will focus on two key areas:
- Set up security settings for secure Teams meetings.
- MS Teams security best practices for safer messaging.
Want a quick rundown of all the settings without reading into a wall of texts? Well, we have a solution for that too! We’ve prepared an awesome cheat sheet featuring all those essential Microsoft Teams security settings. Just flip through whenever you need and set things up!
Download Cheat Sheet: Microsoft Teams Security best practices.pdf
How to Configure Teams Meetings with High Protection?
Teams meetings are where everything gets discussed, whether it’s brainstorming new projects or a monthly summit; everything happens here! Keeping this info safe is critical! Here are some security settings that help better secure Microsoft Teams meetings.
- Customize your meeting invitations.
- Apply sensitivity labels to meeting invites.
- Restrict meeting chat access for anonymous users.
- End-to-end encryption for Teams meetings.
- Use custom watermarks in Teams meetings.
1. How to Customize Teams Meeting Invitations?
Did you know you can customize meeting invitations in Microsoft Teams? 🤔But it’s true, it is available. Every organization has its own unique identity, and branding your meeting invites is a fantastic way to build trust.
Admins can customize meeting invitations in the Teams admin center. They can add their organization’s logo, a disclaimer/legal document, a help document, and additional information in the footer.
What does it prevent?
Branding your meeting invites in Teams builds trust and assures the recipient that it’s coming from a legitimate. This helps admins prevent phishing attempts where attackers try to impersonate your organization.
More info: https://learn.microsoft.com/en-us/microsoftteams/customize-meeting-invitations
2. Apply Sensitivity Labels to Meeting Invites:
We know that we can apply sensitivity labels to files and emails in Microsoft 365. But little did we know that we can also apply sensitivity labels to meeting invites in Teams. 😉Yeah, the ability to apply sensitivity labels to meetings was rolled out in February 2023 as part of the Teams Premium license.
Admins can create different sensitivity labels, each with specific permissions, scope definitions, and tailored sensitivity protection settings for team meetings and chats. This way, users can apply sensitivity labels to meeting invites in Outlook.
What does it prevent?
- Only authorized individuals with the appropriate permissions within the label’s scope will be able to access the meeting content.
- This prevents unauthorized access and enforces stricter restrictions like copying content.
More info: https://o365reports.com/2023/01/10/add-microsoft-365-sensitivity-labels-to-meeting-invites/
3. Restrict Meeting Chat Access to Anonymous Users:
Basically, anonymous users are a huge security risk when joining our internal meetings. Allowing them access to meeting chats doubles that risk! 😩So, it’s best to block anonymous users from accessing the chats during Teams meetings.
Not just reading chats, but it’s also significant to disable chat write access in Teams meetings for anonymous participants.
What does it prevent?
- Moderating meeting chat settings ensures that only authorized participants can see meeting content. That means less risk of unauthorized access & fewer chances of data leaks.
More info: https://m365scripts.com/microsoft-teams/manage-anonymous-user-participation-in-teams-meetings/
4. End-to-End Encryptions for Teams Meetings:
Previously, Microsoft limited end-to-end encryption (E2E) to one-to-one calls and VoIP calls in Teams. However, Teams Premium users can use end-to-end encryption for Teams meetings! 🚀
When activated in the Microsoft Teams admin center, E2E encryption secures audio, video, and screen-sharing functionalities within meetings. Additionally, enabling E2E encryption restricts access to features like avatars in MS Teams, live captions, transcriptions, recording, and together mode during meetings.
What does it prevent?
- Requiring E2E for sensitive Teams meeting discussions ensures a higher level of privacy and confidentiality, and no outsiders can listen to it, not even Microsoft!
More info: https://o365reports.com/2023/11/21/secure-microsoft-teams-meetings-with-end-to-end-encryption/
5. Use Custom Watermarks in Teams Meetings:
Microsoft Teams Premium brought some awesome new features, and one of the coolest is custom watermarks for meetings! When enabled, a watermark will be added to everyone’s video, and anything shared on screen.
Got Teams Premium? Then, admins can enable watermarks in the Microsoft Teams admin center. Later, an organizer with Teams Premium can use it for their respective meetings. Basically, the watermark will be just the participants’ email addresses.
What does it prevent?
- While watermarks don’t prevent users from taking screenshots, they do make it much easier to identify the source if unauthorized sharing occurs.
More info: https://learn.microsoft.com/en-us/microsoftteams/watermark-meeting-content-video
Microsoft Teams Security Best Practices for Safer Messaging:
Microsoft Teams is all about connecting and collaborating, even if miles apart. 🌍But what’s the point of bringing them together – if we’re not keeping them secure? 😕We don’t want all that hard work going up in smoke because of a security lapse, right? That’s why implementing secure messaging in Microsoft Teams is so vital.
To kickstart this initiative, admins can implement the below configurations to improve chat security in Microsoft Teams:
- Report messages in Microsoft Teams
- End-to-end encryption for 1:1 Calls
- Use Zero-hour auto purge (ZAP) in Microsoft Teams
- Configure priority account chat control in the Teams admin center
1. Report Messages in Microsoft Teams:
Hackers love targeting Teams chats with phishing messages, just like they do emails! 📧 Not to worry! Microsoft brought report a message in Teams so you can report inappropriate content if found. ⚠️This is accessible for both personal and group chats when enabled in the Teams messaging policy.
See something suspicious? Right-click the message, go to “More Actions” and select report this message. Users can report messages, images, or even files directly from Microsoft Teams.
Admins can review user report messages in Communication compliance within Microsoft Purview and take required actions against those messages.
What does it prevent?
- By promptly reporting suspicious activity, users contribute to the early detection and remediation of security threats.
- It reduces the attack surface in Teams by identifying and mitigating potential phishing attacks or malicious content immediately.
More info: https://blog.admindroid.com/report-suspicious-messages-in-microsoft-teams/
2. End-to-End Encryption for Teams Calls:
End-to-end encryption for Teams calls has been around for a while, but how many of us have actually given it a whirl? 🤔If the hands are slowly coming down, you’re not alone—many users haven’t fully tapped into this feature. 😕
It’s not too late, though! Start to experience a secure calling experience with the E2E call encryption feature! Admins can enable this feature in the “enhanced encryption policy” section of the Microsoft Teams admin center or through PowerShell using the Set-CsTeamsEnhancedEncryptionPolicy cmdlet.
What does it prevent?
- End-to-end encryption for 1:1 calling secures audio, video, and screen-shared contents. However, it’s important to note that certain features, such as recording, live captions & transcriptions, and adding new participants, are restricted while encryption is enabled.
More info: https://blog.admindroid.com/make-sure-your-confidential-teams-calls-are-end-to-end-encrypted/
3. Use Zero-hour Auto Purge for Microsoft Teams Security:
We’re all familiar with zero-hour auto purge in Microsoft Defender, a longstanding real-time email protection feature for Exchange Online. 📧But did you know that starting in 2023, zero-hour auto purge (ZAP) became available for Microsoft Teams, too? 💯
Zero-hour auto purge (ZAP) in Microsoft Teams scans personal chats and meetings to see if any malicious messages got into your workspace despite Advanced Threat Protection (ATP) policies. When detected, they’re promptly blocked for both sender and recipients and moved to the quarantine folder.
What does it prevent?
- Remember, ZAP works only for personal chats and meetings, it doesn’t cover channel messages/posts.
- ZAP catches the malware even before users click on harmful links or download malware attachments. This keeps your sensitive data safe and protects you from phishing attacks, malware intrusions, and other security threats.
More info: https://o365reports.com/2023/09/07/configure-zero-hour-auto-purge-in-microsoft-teams/
4. Block Internal Messages by Priority in Microsoft Teams
Ever feel bombarded by chats from users you don’t know asking for the most random stuff? Stressful, right? But what if you could take control?
Yeah, Microsoft introduced a new feature named Priority Account Chat Control for Teams Premium users last November 2023. Admins can set up policies to give specific users (like CEOs and CFOs) the power to block unwanted communications. This means if someone new tries to message them, they’ll get a notification to accept or block the conversation.
So, if you’re a Teams Premium user, ask your admin about Priority Account Chat Control. It’s time to reclaim your inbox and work peacefully!
What does it prevent?
This means:
- No more unwanted interruptions.
- Increased focus and productivity for VIPs.
- Extra security for sensitive communications.
And there you have it! Now that you’re equipped with a fresh set of underrated Microsoft Teams security settings, it’s time to act fast and configure them ASAP to secure your tenants. 🔐
Stay tuned for more exclusive security guides by following us on social media. Got questions or suggestions? Drop them in the comments below. We’re always happy to chat (securely, of course).
