Blogger: Peter Rising, MVP Office Apps and Services, Principal Consultant at Softcat PLC
Speakers: John Gruszczyk | Microsoft, Rushmi Malaviarachchi | Microsoft, Mansoor Malik | Microsoft
As the author of two books that focus on Microsoft Teams, and Microsoft Security & Compliance administration, it’s safe to say that I was looking forward to this session, and it did not disappoint.
We get underway with our host John Gruszczyk, Product Manager for Microsoft Teams, who speaks passionately about what he has to share with us on the latest security and compliance innovations in Microsoft Teams. We will learn how Microsoft Teams will help us to collaborate with confidence, while meeting regulatory and business requirements.
John begins by explaining that we have seen online communication with Microsoft Teams evolve beyond just meetings and chat. Teams has kept us connected with friends and colleagues and enabled us to get our work done remotely. However, this increase in remote working has brought more challenges to IT and Security teams who are facing increasing cyber security threats such as malicious documents and attachments, and mounting compliance obligations to protect organizational data.
A recent Harvard Business Review study shows that 77% of organizations agree that an effective security, compliance, and risk strategy is essential for business success, while 82% also acknowledge increased risks and complexities have made an effective strategy significantly more challenging.
This has made Microsoft keenly aware that it is crucial to remain focused on helping organizations enable both secure and compliant collaboration without interrupting the ways in which end users are able to collaborate with each other.
The unique advantage that Microsoft Teams provides is the fact that it is a centralized platform for collaboration. This enables organizations reduce shadow IT and the use of fragmented collaboration services which can lead to data sprawl which in turn can lead to data leaks.
John goes on to share with us some key areas where Teams has been investing, and how these investments will help organizations achieve the correct Security & Compliance strategy.
Rushmi Malaviarachchi, Partner Director of Program Management for Microsoft Teams is introduced and talks with John about how Microsoft Teams has evolved to become a content generating platform; when users work together in chat, video calls, channels, collaborating on documents, or even within custom or third-party apps, these activities create valuable business content that needs to be protected. Rushi went on to highlight the following plans and announcements for Security and Compliance in Microsoft Teams:
Adaptive cards now in scope
Microsoft recently announced that Adaptive card content generated in Teams Apps is now in scope for compliance capabilities. More than 70% of Teams apps today generate card content in Teams conversation. When an app posts a card to a chat, the content of that card will be visible in eDiscovery, can be preserved with Legal Hold, covered by retention policies, and any actions people take on that card will be available in the audit log.
Also announced in relation to the critical subject of Data residency was that Microsoft have carefully listened to customer feedback, and they are extending Microsoft 365 Multi-Geo support to include Microsoft Teams so you can specify where your Teams data at rest will sit. You will be able to set the Geo-location for both individual users and teams. The roll out of Teams Multi-Geo is planned for the 2nd quarter of this year and this is going to be welcome news for many organizations with a global footprint who have very specific data residency obligations.
The Microsoft Secure Score helps to prevent unwanted incidents across Microsoft 365 services including - Exchange Online, Azure Active Directory, Microsoft Defender for Endpoint, Microsoft Defender for Identity, and Cloud App Security. Microsoft Teams has recently also been brought into scope for Secure Score and more configuration best practices will be coming soon so watch this space!
Beyond prevention, the correct systems to detect when an intrusion event is happening is of key importance. In Teams, Microsoft have been bolstering the events that are collected by the audit log, so that now the Microsoft Security Information & Event Management (SIEM) tool - Azure Sentinel, can analyze what is going on within Teams and be on the lookout for threats, and use playbooks to respond.
Also announced was that bring your own key for Microsoft Teams will be rolling out in the second quarter of this year.
A frictionless approach
The overall theme of aiming for secure organizational collaboration was that it needs to be frictionless. The balance between security and useability is an important consideration, but these principles should not be at odds with each other.
Fritctionless cross organization collaboration will be bolstered by the introduction of shared channels which was also announced at Ignite. In conjunction with the use of technologies such as Microsoft Information Protection across the collaboration space, a label driven approach using sensitivity labels and leveraging conditional access will help to break down traditional collaboration boundaries.
Next, Mansoor Malik, Principal Group Manager, Microsoft Teams discussed the hugely important subject of meeting safety in Microsoft Teams.
Meeting safety covers a wide range of criteria, which includes meeting participants, content being presented, who can present that content, what is being recorded, and who can record.
One of the big concerns that Microsoft are keenly aware of is uninvited attendees getting into meetings. Being able to control meeting intruders and disruptors, especially in the student and classroom space is crucially important, and if this subject is not correctly addressed, then mental health and wellbeing can be put at risk.
Microsoft have been working to provide brand new meeting controls, such as preventing anonymous attendees from being able to join meetings at an organization level through policy.
Restricting the ability to forward meeting invites is also a very welcome introduction.
In addition, new lobby bypass setting controls will provide the ability to allow only specific invitees to bypass the lobby.
And meeting safety does not stop there. There will also be options for allowing or not allowing attendees to present, chat or unmute, and it was also announced that the ability for meeting organizers to disable video for all attendees is coming soon.
Mansoor also talked about End-to-end encryption for Microsoft Teams. This is a new feature that is coming soon and will provide the ability in Teams to encrypt at the origin and decrypt at the destination. Initially this will only be supported in Teams 1:1 VOIP calls and only participating parties in the End-to-end encryption communication will be able to access the content. The announcement of End-to-end encryption is based on year-long feedback and Teams will be introducing the ability to use End-to-end encryption for 1:1 calls in the coming months.
Some important considerations for End-to-end encryption:
Microsoft will continue to talk to customers about widening the scope of this crucial new feature, and you can expect to see End-to-end encryption come to Microsoft Teams meetings next. Watch out for more details available soon.
This was a fast paced and engaging session that gave us a glimpse of what is to come for Security and Compliance in Microsoft Teams. I must say that I am hugely encouraged by what this session revealed. Microsoft customers have been asking the correct questions, and Microsoft are providing some very good answers in return.
I will surely be testing and reporting on these features as they become available and if you would like to discuss any of these with me then please feel free to reach out to me in the Microsoft Technical Community.
I hope you have enjoyed this Ignite as much as I have, and I wish you a frictionless experience in your Microsoft Teams journey moving forward!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.