365tips.be

The best Microsoft 365 tips on the web

How to block download of Office 365 files on an unknown device

How to block download of Office 365 files on an unknown device
Jasper Microsoft SharePoint Microsoft Teams Office 365 Security

From 20 million to 44 million daily Microsoft Teams users in May 2020.

Used with video in 61% of all meetings in the Netherlands.

There is a growth from 560 million to 2.7 billion minutes per day with Microsoft Teams call. source

But we use Microsoft Teams unsafe... On your own computer, or our mobile devices.

We all use Microsoft Teams

Collaboration is very possible with Microsoft Teams. True collaboration, secure collaboration on files remains a huge challenge now that we are working more from home, or on our own computers.

Since the covid-19 crisis, several organizations have adapted to move away from corporate devices to private devices. In itself, this is a good move for people who prefer to work on their own devices.

Unfortunately, we've come to a point where organizational documents end up on every device. And as a company, you'd rather not do that. In this blog, I provide a practical guide to correct this behavior.

How to Safely Handle Files in Microsoft Teams?

How can you keep documents safe on organizational devices?

  • What you see in this screenshot is 2x a Microsoft Edge browser.
  • On the left, you'll see a browser that's 'connected' to a Windows 10 device. (condition)
  • On the right, a 'browser' that we don't trust. A device alien to the organization.

Short demo video of conditional access for documents in Teams

  • In the left side I work with your trusty web-browser in a word document. I am allowed to download this because the device is known. (conditional, conditional access)
  • If the device is not known, as in the right-hand view, then I can't download it – I can online edit.

Personalized display of the security alert in Teams

It's best to communicate clearly so that users understand what's going wrong when you want to activate new policies.

Users work on a device that is not protected by the organization. They can work on documents, they can collaborate. However, on the basis of the proposed framework.

Do not download. Can be an agreement you make to never be able to leak documents on devices foreign to the organization.

How does working with documents work with this secure device?

Users who log in to a system that is not managed by the organization get this view when they log in to Microsoft Teams via the web browser.

It is still possible to online edit, or share the document within the organization. But downloading is no longer possible.

For the IT Administrators, there are insights

Microsoft is good at bringing together the capabilities of the multiple platforms.

In the Microsoft Cloud App portalSecurity you'll see the attempts to download the document. You can link automatic actions to this later if desired.

License requirements for this document freeze download in Microsoft Teams

To use Conditional Access, you need at least one Azure AD Premium P1 license required.

Cloud App Security you need to gather the insights as depicted above.

Some licenses include Cloud App Security Discovery.

With Microsoft 365 E3, Microsoft 365 E5, you can't go wrong. It can also be done with fewer licenses.

On Android, install the Intune Company Portal

If you want to open a document in Android, your Android device will ask you to install the Intune Company Portal.

Gear and rollers

The 5-Step Document Security Roadmap

Multi-Factor Authentication – It makes no sense for users to have a secure device without using MFA. If a hacker or a colleague has the password, they can also log in to Office 365.

Conditional Access – based on conditions, you can automatically make decisions and additional security add layers as the safety risk increases.

Self-service password reset – to help users reset their password on their own. But also to make sure that you have the additional safeguards for Teams can use. Users can help themselves thanks to this feature. Users can log in passwordless (without entering a password) with their smartphone and they are happy with that.

Endpoint Security – protect your mobile devices and your Windows 11 devices. It's pretty easy to enable a PIN + data check (MAM) on BYOD. This does not affect the person and does not require any management of the device. However, from the organization application. Like Teams, OneDrive, SharePoint,..

Information protection – Of course, you may have noticed that you can still forward documents to colleagues or external contacts. If you want to solve that, you need to go for even more extra security. You can use information protection for this.

Tagged: , , , , , , , , , , , , , , ,

Related tips

Microsoft Teams

How to set up custom sound notifications in Microsoft Teams

Microsoft Copilot Microsoft Teams

New Features in Microsoft Teams: Managing Recordings, Transcriptions and AI

Microsoft Teams

How to use multiple accounts in Microsoft Teams on one computer?

Microsoft Teams

This is the best URL Shortener for Teams - MSTeams.link

Microsoft Teams

👪 Office 365 in education - Setting up a class - Starter Guide

Microsoft Teams

Microsoft Teams Content Camera will be available from February 2024

0 0 vote
Article review
Subscribe
Please let us know if there are
guest

0 Comments
Inline feedbacks
See all comments

Subscribe via email

Enter your email address to subscribe to this blog and receive email notifications of new posts.

0
Would love to know your thoughts, please leave a comment.x