Information Security Fundamentals at Microsoft Teams

Microsoft Teams is the cornerstone of the Office 365 portfolio. It is designed to connect other products together, helping users work together and providing several types of communication (including between Microsoft cloud products) in a single interface.
In this article, we will describe Teams, talk about the basic functionality and explain how you can secure access and protect organization data, leaving users with all the possibilities of using the collaboration platform.

You can read more on this topic in a joint publication between Microsoft and Varonis – eBook Cybersecurity from the Inside Out

Top Level Summary:

• Teams is a communication platform fully integrated in Office 365 (although, more strictly, from a technical point of view, it is rather a client working with all Microsoft cloud products);
• Microsoft includes Teams in most Office 365 offerings and now allows guest access to Teams channels for collaboration between organizations;
• Varonis monitors Teams, Azure AD, SharePoint Online, Exchange Online, and OneDrive for full cross-platform visibility of access rights, understanding which content is stored and where, and also for tracking user activity both in the cloud and in the hybrid environment. This allows you to identify impending attacks and prevent data leaks in the early stages of their preparation.

How to use Microsoft Teams

Before we look at usage scenarios, there are a few Teams tweaks to be aware of. When you create a new “team” in Teams, the corresponding SharePoint Online site, OneDrive section, and Azure AD security groups are also created. Thus, you can take Teams as a kind of external interface for all these systems behind him in Office 365. It will also help to understand how to use Teams as such an interface.

What the Teams client allows you to do:

• To organize interaction between employees, with support for all the functions of modern messengers, and use the entire functionality of the collaboration platform;
• Easily transfer and edit documents and calendars;
• Switch between voice, text and video communication in the Teams interface;
• Connectors allow integration with Salesforce, SuccessFactors, Zendesk, Mailchimp, Evernote and other services;
• Each Team has different channels where they can communicate with the rest of its members.

For example, our Marketing team contains the channels General, Budget, Inbound, Not Work, and Reading List. Users can hide channels they don’t want to see on the list. You can allow users to create new channels within the team, as we did with the Not Work channel.
Each channel has its own interaction history. You can use @% username% to allocate an entry for a specific user, and then Teams uses the built-in Windows notification system to display pop-up alerts if they are needed.
Each channel also has tabs:

Posts, where you can see the history of correspondence, Files is a SharePoint site, and you can also add your own:

New tabs can make Teams the central communications hub for the entire organization. You can connect SalesForce, SuccessFactors, Zendesk, and other more than 180 services currently available for integration.
Files on the Files tab are automatically available to all team members. In all other respects, this display works like any other folder in the Windows environment. You can create links to these files in this interface, based on the rules of your organization for providing access.

If you click on the file, the editing interface opens directly in the Teams window. You can also open the file in the appropriate editor, in this case, in Word.
The Chat option on the left allows you to go to group chats or to one-on-one correspondence:

In this display, you can chat, make audio and video calls or show your screen, as well as add other people to the chat, share files within the resulting group through the Files tab. All this almost completely repeats the functionality of Skype for Business, and prepares users for the transition from it in the future.

Installation

Teams requires Microsoft KM and an Office 365 license. However, Microsoft added guest access to Teams in November 2019. Now Teams users with Enterprise licenses can invite external users to their channels.
Install Teams You can use it on many devices with supported platforms – for example, Windows, MacOS, iOS, Android, Linux distributions that support RPM or DEB packages.

For corporate customers who need to distribute Teams across all user devices of the organization, Microsoft has prepared relevant instructions.

What is the concept of collaboration in Teams?

In general, Teams works the same on all platforms. The following 5 sections are used to navigate the interface, display messages and appointments:

• Activity – displays messages from all connected channels. The most recent and unread – located at the top and in bold;
• Chat – here are all the dialogs and group chat conversations;
• Teams – here you can see all the connected channels and click on the mouse to go to the necessary one;
• Calendar – if integration with Outlook Calendar is enabled, it will be presented here
  your calendar
• Calls – this section contains the call history and you can immediately listen to voice messages.

Benefits and risks of using Microsoft Teams

Of course, such a platform increases the risks of data leakage. For example, here is a scenario: users make the most out of Teams, which is great. They create new cross-functional teams and share documents with each other, which, in general, helps them do their job perfectly. They invite guest users to join channels to discuss work tasks, and create links to documents so that anyone who needs them can access them when necessary.
On the one hand, it sounds great.
On the other hand, and especially for information security experts, this is an incredible amount of new and unorganized risk to which you consciously expose your network and data.

Microsoft Teams – Pros and Cons

• PROS: Easy to deploy and customize Office 365 customers
• PROS: Integrated with Azure AD for security and ease of configuration
• PROS: Included in most Office 365 offerings
• PROS: Improves collaboration opportunities in the organization

• CON: Does not work outside the Microsoft environment with fully deployed necessary functionality
• CON: Some functionality was slowly added (for example, a common calendar for teams, secure private channels)
• CONS: The Office 365 security model is quite complicated, and an undetected compromise of assets can be much easier than in the classic structure.
• CON: It is possible to easily limit collaboration by changing configuration or security settings

We at Varonis have deployed Office 365 and Teams. At the heart of our data security strategy is activity monitoring and threat analysis with own decisions.

Ongoing monitoring and analysis of what is happening in Teams and Office 365 is the best choice to ensure that no fraud occurs that puts the data at risk.

Microsoft Security Best Practices

Are common

• Create additional channels in Teams for direct interactions
• Allow users to create new teams, but maintain observability and quickly correct incorrectly granted access
• Benefit from integrating Teams with other software and services
• Use chatbots to notify about events and tasks
• Use PowerShell to Manage Teams

File Access and Security

• Deploy and claim multifactor authentication
• Implement and maintain the principle of minimum privileges in Teams and Office 365
• Classify critical data and use Varonis Data Classification Engine for additional protection
• Prohibit downloading files to devices that you do not control
• Provide an audit of the exchange of data through links with external users

Microsoft Teams Frequently Asked Questions

Q: Does Teams work outside the organization?

ABOUT: Yes and at the same time – no. Microsoft has offered Guest access to Teams, so technically you can invite people from outside your organization to chat within your channels.
However, due to the fact that this was done recently, it is still difficult to say how well it will work in practice. After some time, we can already say that the functionality similar to Skype for Business works identically.

Q: How to prevent Microsoft Teams autorun?

ABOUT: In the Settings menu, uncheck “Auto-Start application”

Q: How to use Microsoft Team Meeting?

ABOUT: You can start a private meeting or schedule a meeting from the Calendar tab in Teams. This functionality repeats that in Skype for Business. The end of the life cycle of Skype for Business software is scheduled for 2021, and this functionality, like all the other duplicates in both clients, will go completely to Teams.

For technical security information for Teams and Office 365, we suggest you study an English-language training course lasting 1 hour from one of the recognized authorities in the field of SharePoint, Office 365 and hybrid solutions, as well as managing them using PowerShell: Office 365 Sharing Security Audit.