Microsoft Teams. Making it a safe environment to collaborate

Image: Teams meeting remote user in a cafe
By Neil Hobson on

Microsoft Teams. Making it a safe environment to collaborate

Microsoft Teams supports the day-to-day collaboration activities for users across many organisations. These collaboration activities can involve users both within and outside of the organisation. Many organisations are unaware of the measures available to help ensure the environment remains safe and secure. Below are just some of the areas an organisation can consider for helping to make Teams a safe and secure environment to collaborate.

Controlling access to Microsoft Teams

Thinking about Microsoft Teams in a safe and secure environment can sometimes start with needing to define how to grant and control access to Teams.
Users will probably want to access Teams on a variety of devices from different locations. An organisation will typically need to consider under what conditions it will grant access to Teams. Will it grant access from unmanaged personal devices, for example? To prevent access from such devices, an organisation could use Conditional Access policies. Then, when a user attempts to access Teams from an unmanaged personal device, they are presented with a notification such as this:

Image: Contoso Demo alert

What about guest user access to Microsoft Teams? An organisation can consider using Conditional Access policies to enhance the security of the environment for guest user access. For example, it can consider prompting guest users with a multi-factor authentication request. Conditional Access policies also support a Terms of Use feature. In the example below, a guest user must review and accept an organisation’s terms of use before they can access its Teams environment.

Image: Contoso Terms of Use message

These are just two examples of how Conditional Access policies can help control access to Microsoft Teams.

Data Loss Prevention and Microsoft Teams

Controlling access into Microsoft Teams is one consideration. Controlling information within Teams is another. Office 365 Data Loss Prevention (DLP) policies help prevent sensitive information from being carelessly shared or otherwise leaked. Applied to Teams, DLP policies help protect sensitive information in chats and channel messages. Let us look at an example scenario. A company adds guest users to a team. It also applies a DLP policy to that team. The policy blocks the sharing of financial data in Teams with anyone outside the company. When a user posts credit card details in a chat message, they are informed that the message was blocked:

Image: Microsoft Teams Blocked message

The user is also informed why the message was blocked:

Image: Why blocked message

In the example above, the company allows users to override the policy with a justification. This is optional. The company also applies DLP policies to SharePoint Online to help protect sensitive information in documents shared in Teams.

Threat protection in Microsoft Teams

Office 365 Advanced Threat Protection (ATP) policies help prevent against threats via emails, links, and collaboration tools. Applied to Microsoft Teams, ATP policies help protect against threats found in documents shared in Teams.
Here is an example of how ATP could help protect against threats in files stored in Teams. An attacker successfully compromises a guest user account via a phishing attack and uploads a malicious file into the team’s file storage area. The attacker may even impersonate the guest and create a post in the team asking other team members to open and review the file. ATP helps protect the file stored in SharePoint Online used by Teams. For example, when a user views the team files in SharePoint Online, they might see a screen like this:

Image: Malicious file notiication

In the example above, the red icon indicates the malicious file. When a user tries to open the malicious file, ATP prevents them from doing so:

Image: Malicious file message when try to open

This is just one example of ATP helping protect Microsoft Teams.

Microsoft Cloud App Security. Monitoring access to Microsoft Teams


Imagine a user is using a personal device at home to access Teams through a web browser. The company does not manage this device. Can the company prevent the user from downloading documents to this device? Yes, with Microsoft Cloud App Security. For example, an organisation configures a Microsoft Cloud App Security session policy to monitor Teams access through a browser. It configures the policy to prevent file download in certain situations. Users in scope of this policy are shown this screen:

Image: Microsoft Teams access is monitored message

Microsoft Cloud App Security is monitoring the user’s access to Microsoft Teams. In this example, the user attempts to download content containing sensitive information but the Microsoft Cloud App Security policy prevents this. Note the custom message displayed to the user. The company can change the policy to block all file downloads if this is desired.

Image: Microsoft Cloud App Security MCAS Download blocked message

Office 365 retention policies. Governing Microsoft Teams data

As an organisation starts to adopt Teams, users will create content. This can include content such as chats, channel messages and files. If an organisation needs to retain and/or delete Microsoft Teams data, it can consider using Office 365 retention policies. Office 365 retention policies support  Teams chat and channel message locations. They also support SharePoint Online and OneDrive for Business locations too.

Image: Choose Office 365 locations screen

There are limitations to be aware of though. For example, Microsoft states that retention policies for Microsoft Teams do not yet apply to private channel messages. Also, it is a requirement to create a separate retention policy that applies only to Microsoft Teams locations. For additional information, please see the Microsoft documentation here.
These are just some of the areas that an organisation can consider when deploying and adopting Microsoft Teams. Other areas for consideration include:
• Putting Microsoft Teams data on hold
• Information barriers
• Communication compliance such as monitoring for violations involving offensive language, for example.

Want to know more?

Please feel free to use the form below to contact us if you wish to speak to one of our experts

We host regular events so please do check our schedule of current seminars, webinars and events.  We also post regular blogs on the latest updates and expert advice on Microsoft 365, Cloud and Hybrid IT, User Adoption and the Power Platform, so please do follow us.

Contact us

  • This field is for validation purposes and should be left unchanged.

We have the expertise and the experience to provide specialist solutions and drive your business forward

Get in touch

How can we help you?

Get in touch

What updates would you like?