How does security work in MS Teams – and where are the gaps? That question is important not just because of its sky rocketing growth this year but also because:
- Teams is a new product and new products always, always have security holes and gotchas
- Teams is in the hand of users – it’s unsupervised – that makes it fast and flexible but users are normally more focused on getting things done than being secure
In this real training for free session I will show you how security works in Teams and pull back the covers to show you its many integrations and security dependencies on SharePoint, Exchange and Azure Active Directory.
What I show will probably be sobering when you see the Rube Goldberg-esque guts of Teams security. Every time a user creates a new Team, adds users to a Channel or shares files with associates outside the organization, Teams is silently proliferating new objects in Exchange, SharePoint, OneDrive and Azure Active Directory at a furious rate along with groups, permissions, accounts and other entitlements.
We will show you what’s happening under the hood when users perform common operations in Teams such as:
- Creating a new Team
- Adding inside and outside users to the Team
- Creating a Channel within the Team
- Sharing individual files
Once you see it you will understand why the next thing we talk about is how to manage the risks. In no time at all, an organization has no idea of what information is out there in Teams, let alone who has access to it and what they are doing with it. You will see situations where access to sensitive information is – well – hidden – or at least not visible without tedious drill down.
At the risk of sounding strident, Teams is a lot like connecting a file server to the internet, making all your users admins and hoping for the best. That being said, it’s not like Microsoft ignored security when they built Teams. I will show you what’s available out of the box with Office 365 and Azure AD for trying to manage security beyond just leaving it in the hands of users. I’ll show you the various places where you can view:
- shared resources
- permissions
- group memberships
- place holder accounts for external users
And we’ll look at the Office 365 Audit Log to see what it provides in terms of monitoring security changes and end-user access to sensitive data.
Then we will pivot to our sponsor, Varonis, and Brian Vecci will briefly show you how their classification, access reporting and monitoring technology enables large-scale data protection & compliance in O365.
Please join us for this real training for free session.