By Need

By Industry

By Function

Cybersecurity & Risk Management

Protecting the Digital Break Room: Collaboration Security for Microsoft Teams

While the debate about employee productivity gains in an office versus remote workplaces still rages on, it’s not just nostalgia to point out that some very important conversations were had around the office water cooler, in the break room, or in the hallway. Once those conversations were over, however, that information lived only in our minds as we moved on to our desks to continue working on whatever tasks were next on the list.

In the last four years, so-called “cooler talk” has transitioned from spoken conversations to text messages exchanged across corporate collaboration platforms. For the vast majority of companies, big and small, Microsoft Teams is the break room of choice for intra-office conversations. Around 71% of companies admit that sensitive and business-critical data is regularly shared via collaboration tools like Microsoft Teams, presenting a new set of concerns around protecting that data. Conversations that were privy only to those within earshot are now stored in the cloud where they live for as long as your administrator allows. Microsoft Teams is an extremely convenient form of communication, as you can instantly search your conversations to recall what was said (or to screenshot something your coworker said six months ago to deliver with a steaming hot cup of “I told you so!”). 

Is Microsoft Teams Secure?

Microsoft Teams security is good but it is not 100% secure out of the box. For example, the convenience of searching conversations in Microsoft Teams can also be used by malicious threat actors who, with the right amount of access, can scour those text-based conversations from months ago to gather loads of information. According to researchers at Proofpoint, Microsoft Teams is in the top ten of the most targeted sign-in applications. Nearly 40% of targeted organizations had at least one unauthorized login attempt trying to gain access to Teams—which can lead to “lateral” access to other cloud-based corporate assets.

Microsoft is aware of these challenges and has been putting considerable resources towards protecting the business-critical data (and Grandma’s cornbread recipe you shared with Tim from Accounting) exchanged between co-workers. In March 2023, Microsoft took a big step towards protecting collaboration content, by launching Collaboration Security for Microsoft Teams! Collaboration Security for Microsoft Teams is a comprehensive suite of Defender for Office 365 tools and Teams integrations.

Collaboration Security for Microsoft Teams Key Features:

  1. End-user threat reporting
  2. End-to-end encryption
  3. Zero Hour Auto Purge (ZAP)
  4. Attack simulation and training tools
  5. Added visibility and control around Microsoft Teams unified into one security operations (SecOps) experience

End-user Threat Reporting

Understanding the critical role IT managers play in safeguarding organizational data, Microsoft introduced the “Safe Links for Teams” feature in 2021 to enhance Microsoft Teams security. This feature actively scans URLs shared within Teams conversations, group chats, and channels. Its primary function is to identify and block potentially harmful content in real-time, ensuring that end users are shielded from phishing threats. Safe Links are a key component in the Cybersecurity & Infrastructure Security Agency (CISA) guidance for organizations to establish a baseline for secure digital collaboration.

Collaboration Security for Microsoft Teams builds on this baseline and enables users to seamlessly report dubious messages directly within Teams. This mirrors the familiar reporting mechanism in Microsoft Outlook. Once a user flags a message using the “Report This Message” option, an immediate alert is sent to their IT security team. These alerts can be conveniently accessed and analyzed in the Microsoft 365 Defender portal. All user-reported submissions are aggregated into an automatically generated investigation of suspicious URL interactions. This not only centralizes the data but also empowers IT security teams to swiftly review and act on potential threats.

End-to-end Encryption

As mentioned above, Collaboration Security for Microsoft Teams introduces end-to-end encryption for Teams. This includes conversations, files, and other data, which are all protected from unauthorized access while in flight. The new offering also streamlines reporting and investigation, allowing users to report suspicious messages directly within Microsoft Teams. When a message is reported, the company’s security team is immediately alerted. To help with investigation efforts, all reported incidents are logged into the Microsoft 365 Defender portal, making it easy for security teams to respond rapidly and efficiently.

Zero Hour Auto Purge

As of late, malicious threats have taken the form of malware-laden messages or attachments in Teams. As part of Collaboration Security for Microsoft Teams, Zero Hour Auto Purge (ZAP) will now automatically scan content for signs of compromise across the Teams platform, significantly enhancing the protection of critical data.

ZAP has been a part of Exchange Online for a while. In the context of Microsoft Teams security, ZAP analyzes messages post-delivery and automatically quarantines messages with malicious content. This helps prevent malware, spam, and phishing messages from compromising accounts. Once a malicious message in a private or group chat is identified by the ZAP feature, the entire Teams environment is scanned for similar indicators of compromise, quarantining relevant messages for more effective protection. 

Attack Simulation and Training Tools

With any security offering, one fact remains: social engineering attacks that target end users remain the #1 attack vector for threat actors. To help offset this, Collaboration Security for Microsoft Teams includes new attack simulation and training tools that IT teams can leverage to help educate Teams users on how to identify and respond to security threats.

Enhanced Visibility for SecOps

Uniting all these tools into a single-pane-of-glass, Collaboration Security for Microsoft Teams seamlessly integrates with Microsoft 365 Defender. All alerts triggered from endpoints, identities, email, Data Loss Prevention (DLP), and SaaS (software as a service) apps, along with the new Collaboration Security offering, are accessible within one unified security operations experience. Up to 30 days of raw data is available for examination, enabling SecOps teams to effectively identify and mitigate potential threats. 

While this new security offering from Microsoft is a big step towards keeping your company’s data safe, no solution is perfect. In addition to cost considerations, security requires balance between protecting important business information and ensuring a seamless user experience. Below is a list of factors to consider around implementing Microsoft’s Collaboration Security offering.

Positives and Negatives of Collaboration Security for Microsoft Teams

PositivesIt enhances the visibility into the attack landscape by allowing users to report suspicious messages and files directly in Teams. Security teams can then view and investigate reported items in the Microsoft 365 Defender portal.

It prevents phishing and malware attacks by scanning URLs and attachments shared in Teams for potentially malicious content. It also blocks unsafe links and files from being accessed by users. 

It detects and responds to advanced threats by using behavioral analysis, machine learning, and threat intelligence to identify and stop malicious activities in Teams. It also provides rich investigation and remediation tools for security analysts to quickly contain and resolve incidents using either the Microsoft 365 admin center or Microsoft Intune

It helps build cybersecurity awareness and resilience for end users by providing them with feedback and guidance on how to avoid falling victim to cyber-attacks. It also educates them on best practices and policies for secure collaboration.
NegativesIt requires a subscription to Microsoft E5, Microsoft E5 Security, or Microsoft Defender for Office 365 which are the most expensive plans in Microsoft 365. Organizations with lower-tier plans may not be able to afford or justify the cost of upgrading. 

It may not be compatible with some third-party applications or integrations that are used in Teams. For example, some bots or connectors may not work properly with Collaboration Security features or may introduce new vulnerabilities. 

It may not cover all the security risks associated with Teams. For example, it does not prevent unauthorized or accidental sharing of sensitive data which can be done by users or guests through chat messages, channel posts, or file uploads.

In conclusion, security features to protect collaboration platforms are more needed than ever. With work-from-home now mainstream, whispering over the water cooler is no longer enough to keep company secrets from landing in the wrong hands. That information now lives on within collaboration platforms and is an ever-growing target for those with malicious intent. Blue Mantis can help your organization embrace Collaboration Security for Microsoft Teams and empower you with unparalleled cybersecurity resilience. As a certified Microsoft Partner, our experts can design and deploy safeguards to your business communications, protect your sensitive data, and help you gain peace of mind in an increasingly threat-filled digital landscape.   

Contact us to schedule a consultation about how Blue Mantis can increase Microsoft Teams security at your organization and ensure that every aspect of your cloud-based IT infrastructure empowers your employees to be productive anywhere they choose to work. 

Jeremy Bello

Senior Solutions Architect, Microsoft

As a Senior Solutions Architect specializing in Microsoft technologies, Jeremy leverages his extensive background in virtual desktop infrastructure, data center virtualization, cloud architecture, and networking to devise creative solutions for intricate business challenges that are practical, effective, within budget, and that meet client goals.

Jeremy began his career in IT as a printer technician, then worked his way up to server administration, and then later moved on to consulting roles, applying his business and technology acumen to client business challenges. 

Most recently, he spent eight years expanding a Managed Technology Services provider, playing a key role in strategic planning across the organization. Under his direction and the direction of his leadership peers, the company grew both organically and through multiple acquisitions.