Securing Guests in Teams

Share on linkedin
LinkedIn
Share on twitter
Twitter
Share on facebook
Facebook

Teams Guests

Teams Data

So you are using Teams and SharePoint to store your data. Sharing this data with users that are external to your organisation needs to be secure. Here is a quick overview of how to secure your data.

What can be done

If you have enabled guest access to the data you store in Teams, you need to have data access policies in place to protect that data.   Teams and SharePoint provide several mechanisms to align this external access to your security policy.   Here are the settings we recommend are enabled for external user access.

  • Multi-Factor Authentication (MFA) for guests
  • “Terms of Use” for guests
  • Guest access reviews
  • Restricting guests to web-only access for unmanaged devices
  • Session timeout policy to ensure guests authenticate daily

Teams Guests 01

Why?

When you add a guest to Teams, you are providing someone external to your organisation with access to your data. Typically, this means your data is being accessed from outside of your organisation, is available 24 x 7, from anywhere in the world and you do not have control of the device they are using.

If you want to ensure your data is only being accessed by those who should have access, certain things need to be done.   Read on.

Collaborate

MFA

Multi-Factor Authentication greatly reduces the chances of an account being compromised.   Since guests may be using personal email accounts that don’t adhere to any governance policies or best practices, it’s especially important to enable MFA for guests.  If a guest’s username and password is stolen, requiring a second factor of authentication greatly reduces the chances of unknown parties gaining access to your sites and files.

Terms of Use

In some situations guests may not have signed non-disclosure agreements or other legal agreements with your organisation.  You can require guests to agree to a terms of use before accessing files that are shared with them. The terms of use can be displayed the first time they attempt to access a shared file or site.

This is simply best practice for an organisation to implement and very easy to do.

Guest Access Reviews

An automated periodic review of user access to various teams and groups can easily be setup. By enabling an access review for guests specifically, you can help ensure guests do not retain access to your organisation’s sensitive information for longer than is necessary.

Again, this is simply best practice for an organisation to implement and very easy to do.

Restricting Devices

Typically, you do not have control of the device your guests are using to access your data with.    Their PC may be compromised, not have any antivirus installed or not have any security updates or patches applied.   Restricting access to only a Web Browser significantly reduces your attack surface and eases administration. Guest access to your teams, sites, and files will only be available by using a web browser.

Session Timeout

Requiring guests to authenticate on a regular basis can reduce the possibility of unknown users accessing your organisation’s content.  Once a session timeout is configured, it will require the guest to re-authenticate to access your data.    They will not be able to leave a permanent connection open to your data.

Other Teams Articles

You may be interested in some of the other articles we have written on getting the best out of Microsoft Teams.  

Or use the buttons below to see more articles for each topic.

Want to stay up to date with useful tech-tips?  

Follow us on LinkedIn, Facebook or Twitter to be notified when we post new content. Or, even better, scroll down to the very bottom of this page to sign up for our Newsletter. We only send them once a month and you can always unsubscribe.