365tips.be

Blogs about: Microsoft Teams, backgrounds, Intune, OneDrive, Exchange, Azure AD, Windows 10, Security, Tenant, Exchange, best-practice, tips and & tricks

How to make Microsoft Teams safer for users in 4 steps?

In 4 steps a baseline security setup for every Microsoft Teams rollout? Microsoft tells us what to do - unfortunately few organizations manage to set it up. Too bad, because Teams uses Azure AD. Azure AD uses your on-premises environment and so there you are at the core of your organization. Your Active-Directory environment. We often think that the cloud solution such as Teams are not deeply integrated into the core of your orgasanition. Unfortunately, this is untrue.

To use Microsoft Teams securely, there are 2 key issues to address: identity protection & Data protection.

1

1. MFA + Azure AD Conditional Access Policies.

1

2. Azure AD Identity Protection user risk policy

  • To ensure that the compromised accounts of high-risk users are forced to perform a password change at login, it is best to implement a user risk policy.
  • If you do not have an MFA, you cannot let users change their passwords. They will be blocked. And a sign-in risk will appear in Azure Active Directory. It's an added value for users to have MFA enabled because they are able to change their password themselves in the event of a risk. Where before they had to contact their IT department.
  • A policy must also be created to make this setting active after activation. Useful here is that IT admins can also use these "conditions" on other identity-based Azure AD integrations.
1
  • Remember to turn password change requirements ON.
1

3. Intune App Protection policies.

  • App security policies (APP) define which apps are allowed and what actions they can perform with your organization's data. 
  • More easily expressed. Organizations often don't know where to start.
  • Compliance policies provide a starting point for getting the organization "better under control.
  • The APP data protection framework is divided into three different configuration levels, with each level including the previous level:
  • (Level 1) Enterprise Basic Data Protection.
  • (Level 2) Enterprise enhanced data protection.
  • (Level 3) Enterprise high data protection.

4. Intune Device Compliance policy

  • Device compliance policies define the requirements that devices must meet to be marked as compliance. 
  • If you want to create your own policy you can get started via: intune device compliance policy from the Microsoft Endpoint Manager management center. https://endpoint.microsoft.com
  • Create a policy for each platform:
  • Android
  • Android Enterprise
  • iOS/iPadOS
  • Macos
  • Windows Phone 8.1
  • Windows 8.1 and above
  • Windows 10 and above

More information can be found about these policies at Microsoft's Docs: https://docs.microsoft.com/nl-nl/microsoft-365/enterprise/identity-access-policies#define-device-compliance-policies

About the author

Tagged: , , , , , , , , , Microsoft Admin Center, , , , ,
0 0 vote
Article review
Subscribe
Please let us know if there are
guest

0 Comments
Inline feedbacks
See all comments
0
Would love to know your thoughts, please leave a comment.x