Teams Data
So you are using Teams and SharePoint to store your data. Sharing this data with users that are external to your organisation needs to be secure. Here is a quick overview of how to secure your data.
What can be done
If you have enabled guest access to the data you store in Teams, you need to have data access policies in place to protect that data. Teams and SharePoint provide several mechanisms to align this external access to your security policy. Here are the settings we recommend are enabled for external user access.
- Multi-Factor Authentication (MFA) for guests
- “Terms of Use” for guests
- Guest access reviews
- Restricting guests to web-only access for unmanaged devices
- Session timeout policy to ensure guests authenticate daily
Why?
When you add a guest to Teams, you are providing someone external to your organisation with access to your data. Typically, this means your data is being accessed from outside of your organisation, is available 24 x 7, from anywhere in the world and you do not have control of the device they are using.
If you want to ensure your data is only being accessed by those who should have access, certain things need to be done. Read on.
MFA
Multi-Factor Authentication greatly reduces the chances of an account being compromised. Since guests may be using personal email accounts that don’t adhere to any governance policies or best practices, it’s especially important to enable MFA for guests. If a guest’s username and password is stolen, requiring a second factor of authentication greatly reduces the chances of unknown parties gaining access to your sites and files.
Terms of Use
In some situations guests may not have signed non-disclosure agreements or other legal agreements with your organisation. You can require guests to agree to a terms of use before accessing files that are shared with them. The terms of use can be displayed the first time they attempt to access a shared file or site.
This is simply best practice for an organisation to implement and very easy to do.
Guest Access Reviews
An automated periodic review of user access to various teams and groups can easily be setup. By enabling an access review for guests specifically, you can help ensure guests do not retain access to your organisation’s sensitive information for longer than is necessary.
Again, this is simply best practice for an organisation to implement and very easy to do.
Restricting Devices
Typically, you do not have control of the device your guests are using to access your data with. Their PC may be compromised, not have any antivirus installed or not have any security updates or patches applied. Restricting access to only a Web Browser significantly reduces your attack surface and eases administration. Guest access to your teams, sites, and files will only be available by using a web browser.
Session Timeout
Requiring guests to authenticate on a regular basis can reduce the possibility of unknown users accessing your organisation’s content. Once a session timeout is configured, it will require the guest to re-authenticate to access your data. They will not be able to leave a permanent connection open to your data.
Related Content
You may be interested in some of the other articles we have written on getting the best out of Microsoft Teams.
- Recover a file in Microsoft Teams
- How to share files in Microsoft Teams
- Teams and SharePoint data on your local PC
- How to open Microsoft Teams and SharePoint files in Windows Explorer
- Stop Microsoft Teams Clutter
- Microsoft Teams Video Conferencing
- How to install Microsoft Teams
Or use the buttons below to see more articles for each topic.