Microsoft Teams | How do you protect against threats?

As more and more employees are required to work from home during the coronavirus pandemic, online meeting and communication platforms have become much more critical.

Collaboration tools like Microsoft Teams are adopted by a lot of companies. Thanks to Microsoft Teams you can provide guest access and external access to collaborate with people outside your organization. Incredibly practical, but nonetheless IT staff generally aren’t without concerns about it either…

Security concerns with sharing

File and data access and sharing between (an unlimited number of) users… It’s not something to take lightly. It’s important to take the necessary measures against malicious files and links within Teams. If you are preoccupied with it, you are not alone. You’re right to be cautious.

To reassure you, Xylos offers many services but first and foremost we’d like to share some security best practices for Microsoft Teams you can get started with right away. We’ll also dive into the available Microsoft Defender for Office 365 features a little.

Some general security recommendations for Microsoft Teams:

  • Setup Teams Governance
  • Require multi-factor authentication
  • Enforce least privileged access across Teams
  • Classify sensitive data
  • Control access from managed and unmanaged devices
  • Audit external sharing
  • Audit guest accounts

Microsoft 365 Defender

Microsoft 365 Defender is part of Microsoft’s XDR solution. It leverages the Microsoft 365 security portfolio to automatically analyze threat data across identities, endpoints, data, apps, e-mail, and collaboration tools. It builds a complete picture of each attack in a single dashboard.

Microsoft Defender for Office 365 is part of Microsoft 365 Defender. It is a cloud-based e-mail filtering service that helps you protect your organization. More specifically, it counters threats to e-mail and collaboration tools. Some examples (probably well familiar to you)? Phishing, business e-mail compromise and malware attacks.

Defender for Office 365 also provides investigation, hunting, and remediation capabilities to help security teams efficiently identify, prioritize, investigate, and respond to threats.

Safe Links

Safe Links and Safe attachments are features of Microsoft Defender for Office 365, that will protect your Microsoft Teams environment against potential threats.

After you turn on Safe Links protection for Microsoft Teams, URLs in Teams are checked against a list of known malicious links when the protected user clicks the link (time-of-click protection). In case a link is found to be malicious, users will have the following experiences:

  • If the link was clicked in a Teams conversation, group chat, or from channels, a warning page will appear in the default web browser.
  • If the link was clicked from a pinned tab, a warning page will appear in the Teams interface within that tab.

So, how do Safe Links works in Teams at a high level? Simple:

  • A user starts the Teams app.
  • Microsoft 365 verifies that the user’s organization includes Microsoft Defender for Office 365, and that the user is included in an active Safe Links policy where protection for Microsoft Teams is enabled.
  • URLs are validated at the time of click for the user in chats, group chats, channels, and tabs.

Safe Attachments

Microsoft Defender for Office 365 for SharePoint, OneDrive, and Microsoft Teams protects your organization from malicious files.
Safe Attachments for SharePoint, OneDrive, and Microsoft Teams helps detect and block existing files that are identified as malicious in team sites and document libraries.

When Safe Attachments for SharePoint, OneDrive, and Microsoft Teams is enabled and identifies a file as malicious, the file is locked using direct integration with the file stores.

Although the blocked file is still listed in the document library and in web, mobile, or desktop applications, people can’t open, copy, move, or share the file. But they can delete the blocked file.

In a one of our next posts, we will dive deeper into other security recommendations for your Microsoft 365 environment. Interested in learning how Xylos can help you to secure your Microsoft 365? Get started today and schedule a call.

3 cloud management pitfalls you will avoid (if you read this)
Press release (Dutch) | Xylos lanceert Cloud Camp om de skill gap op de Belgische IT-markt te verkleinen.