Given our growing reliance on cloud-based collaboration apps, it’s vital to double down on security. In the last few weeks, Zoom made the headlines for all the wrong reasons as suers discovered numerous flaws in the app’s security posture. Teams UC’s Moshe Beauford asked a critical question: is Zoom video conferencing secure?
Meanwhile, other online communication giants like Amazon Chime are adding new security features to inspire trust in this volatile environment.
So, we were pleased to find out that Microsoft has truly gone the extra mile when it comes to enforcing security and compliance checks for the Teams app. Microsoft Teams has millions of users around the world, with CEO Satya Nadella announcing the 75 million DAU milestone at the close of Q1. To keep this massive community safe from cyber threats, Microsoft Teams Security covers the following:
- 2FA, SSO, and data encryption – Access to the app is protected by team-wide and organisation-wide authentication. You can use single sign-on through Active Directory, and there is also encryption of data both in-transit and at rest. Note that private channels on Teams is yet to receive the full set of security features – Microsoft is reportedly working on it.
- Advanced threat protection (ATP) – ATP applies to any business/productivity app that deals with content. You can determine if any content is malicious, blocking access immediately. Microsoft recommends that you consider as many apps as possible when configuring Teams ATP.
- Safe attachments – Similar to ATP, the safe attachments feature lets selected administrators create policies for tackling suspected malicious attachments. Microsoft is also working on something called Safe Links, where you can share ATP-verified safe links on Teams. This feature is currently in public preview through Microsoft Technology Adoption Program.
In addition to these security measures, Microsoft pays special attention to compliance as well. It offers users and administrators myriad ways of staying compliant when using the app – for instance, you can set barriers to prevent two individuals/groups from communicating with each other if necessary. You can configure Teams’ data retention policies to store information for a regulation-mandated period of time, and retire data that’s not required.
Other highlights from Microsoft Teams compliance capabilities include:
- Communication compliance – Scan internal communication to ensure compliance with internal policies
- Data loss prevention (DLP) – Prevent users from sharing sensitive data with inappropriate parties
- e-Discovery (standard and advanced) – Surface historical data in response to the regulatory summons
- Legal-hold – Preserve data as immutable during ongoing litigations
- Compliance content search – Export searched and filtered data to a container for compliance support
- Auditing and reporting Set alerts and report on audit events through audit log search
Apart from security and compliance, Microsoft Teams Security addresses your company’s data privacy concerns. The company is fully transparent about the ingestion flow of Teams data, and you can view the physical location of your hosted data from the Teams admin centre.
Finally, Teams follows the ISO 27001, ISO 27018, SSAE16 SOC 1 and SOC 2, HIPAA, and EU Model Clauses (EUMC) compliance standards, with the stringent internal classification of services and offerings.
