How to secure your guest access in Teams?

In this post I point out what you can do to secure your Microsoft 365 guest access or guest identities for a secured collaboration experience. Guests in Microsoft 365 are external persons or identities which you can enabled to access defined Microsoft 365 resources, e.g. to work together in a project by using a Microsoft Teams Team. This is very beneficial for a more in-depth collaboration in project teams which include several external stakeholders from other companies like external project managers, subject matter experts, suppliers or others. By enabling guest access for specific scenarios and workloads you can easily work together across companies, if required. So, your employees do not need to find another way or a (#ShadowIT) workaround to do this which does not align with your company’s compliance.

I often have discussions regarding collaboration security on external (guest) access. So, what’s the answer to convince all from guest access? Well, let me put it that way, there is never an “one size fits all” answer, definitely not. Company A is not the same as company B. There might be similar processes, requirements, collaboration strategy goals or else but it’s still different, of course. The people, the services, the products, the vertical etc. are different. To keep it short, B2B collaboration with guest access is an excellent feature but usually requires a different implementation approach depending on the company. Sometimes a basic implementation is sufficient, sometimes you need to establish a new organizational process in varying complexity including B2B collaboration governance and so on.

Please note, that is is just one of many measures to secure your communication and collaboration in Microsoft 365. This is only a single part of a more holistic and required security architecture concept. Moreover, the below description, configuration etc. might change at anytime and is just an example, demo piece.

Source: https://pixabay.com/de/illustrations/sicherheit-sichern-gesperrt-2168233/
Source: https://pixabay.com/de/illustrations/sicherheit-sichern-gesperrt-2168233/

Limitations for guests

Guest are a “special” member type in Azure AD and M365. So, there are some limitations by design for guests you should know of. For more please read What are the default user permissions in Azure Active Directory? and Guest access in Microsoft Teams [links at the bottom].

  • Per licensed user you can add up to five guests (1:5 ratio)
  • Guest user permissions in Azure AD are limited by default*
    • cannot browse other tenant information
    • but can view their own profile
    • but can retrieve input on other users if he/she searches for a UPN or object ID
  • Guest user permissions in Office 365 groups are limited
  • Guest user permissions in Teams are limited
    • no One Drive for Business
    • no people search outside of Teams
    • no calendar
    • no meeting scheduling
    • no pstn/telephony
    • no org chart
    • no teams creation/revision
    • no teams browsing
    • no file upload in P2P chats

*unless you assign any admin role to a guest. So be cautions. Don’t.

What you can do to secure your Microsoft 365 guest identities?

Microsoft added a very good article in the documentation Create a secure guest sharing environment [link at the bottom] which describes the key elements you must take into account for your B2B collaboration and guest access configuration.

  • enforce multi-factor authentication for guests
  • provide terms which guests musts agree on
  • regularly review permission needs are still valid
  • restrict access for guest to web-only / browser-only
  • set session timeout to enforce regular/daily authentication by guests
  • classify content by using sensitivity labels
  • auto classify defined sensitive information to highly confidential
  • auto remove guests access from files labeled high confidential

Conclusion, opinion and summary

Guest access can be vital for your company and employees to easily work together with external stakeholders. If required. It must be secured.

To provide guest access, I think it is a good idea to establish a organizational process that internal employees must request guest access for an external person via an approval process. The latter could be accomplished by using Power Automate with Forms or Power Apps. Onboarding or adding a new guest should be based on the approach which Microsoft provides in Create a secure guest sharing environment [link at the bottom]. To complete the guest user life cycle the identity should be audited and monitored regarding permission needs and activities, so that either certain permissions can be removed or that an guest account gets disabled or even deleted depending on usage/activity/last logon or other criteria.

Additional resources

Microsoft Teams Telephony Licensing Notes [Update April 2020]

In this post I like to point out some updated licensing options for Microsoft Teams regarding telephony, common area phones and meeting rooms.

The hereinafter described license options might be subject to change. Moreover not all licenses or subscriptions are available in every country around the globe, especially calling plans and audio conferencing (shortened: Audioconf.).

Teams Licensing Basics

  • Microsoft Teams is a single service of the massiv Microsoft 365 services stack which it tightly linked and integrated within this service stack.
  • Microsoft Teams is part of a “packaged” Microsoft Office 365 subscriptions by default.
  • Microsoft Teams “replaces” Skype for Business Online (SFB Online EOL date July 31, 2021). The Skype for Business Desktop Client within Office 365 ProPlus is also obsolete, meaning that new (full) Office 365 ProPlus installation will get a Teams instead of a Skype for Business Client.

The following slides and drawing are intended to provide you with an overview on licensing options. I also point out what you should take into account in case of Teams Direct Routing (TDR), in this post and following drawings I call a TDR scenario a “hybrid” scenario.

Telephony with Teams (for users)

Call Queues (CQ) and Auto Attendants (AA)

Resource accounts for CQ/AA need a license. Till 01.07.2019 you had to license these users with typical user licenses. Now you can buy and assign a free “Phone System Virtual User license”.

At the bottom I’ll add a link to a well-written how-to post “Add a free licence to Call Queues and Auto Attendants (Microsoft Teams)” from ucgeek.com which describes how to buy and assign the license.

Teams Common Area Phone (CAP)

Teams Meeting Room

Conclusion, opinion and summary

The above drawings quickly depict how you can license users, common area phones, meeting room devices and even call queues or auto attendants for Microsoft Teams.

Additional Resources

What’s new in Microsoft Teams in April 2020?

In this post I like to highlight some new and planned Microsoft Teams features based on the latest roadmap updates by Microsoft. The last few days many updates were made to the Microsoft Teams roadmap. There are several neat feature updates for Microsoft Teams which will be rolled out soon, are rolling out now or which are already available. Let me give you an overview on these.

Source: https://pixabay.com/illustrations/landscape-hill-sky-clouds-hilly-922581/
Source: https://pixabay.com/illustrations/landscape-hill-sky-clouds-hilly-922581/

Meetings and live events

  • end meetings | as an host you can now end meetings. So nobody can remain in the meeting to proceed or use the online meeting space.
  • audioconferening dialin user number masking | PSTN participant phone numbers will be masked from external users [~May 2020]
  • background effects in meetings | use background (pre-selected) images to enable other participants to focus on you and reduce distraction. later also custom background images.
  • raise hands in Teams meetings | attendees can rais their virtual hand to notify the presenter that there is a person who would like to speak
  • share system audio in a meeting
  • share system audio in a live event

Voice / telephony

Microsoft 365 Business Voice | Microsoft 365 phone system capabilities are available for SMB organizations with up to 300 seats as addon license for the smaller licensing bundles (business plan/s).

So, also business plans are enabled to go for calling plans and/or Direct Routing to enable (pstn) telephony to/from Microsoft Teams.

Chat

Multi window chat | Ability to pop out a chat in a separate chat window

Security

Microsoft adds Azure AD Premium Plan 1 to M365 Business plans which provides feature like

  • conditional access,
  • self-service password reset and
  • multi-factor authentication (MFA) to secure your identities.
  • Plus some more features like Cloud App Discovery (to discover used apps which you might were not aware that these are used within your company),
  • application proxy,
  • dynamic groups,
  • passwordless auth (Windows Hello for Business, Microsoft Authenticator app, FIDO 2).

All this helps to make your communication and collaboration for your business more secure. Especially for SMBs (up to 300 seats). This is really compelling due to price and feature set. Until know you had to get enterprise plans for this to get the option to add these features to your Microsoft 365 deployment.

Conclusion, opinion and summary

Microsoft now really pushes out these features and changes to enable small and medium sized business (SMBs) to securely communicate and collaborate at a reasonable price. To me, MFA (for all) was long awaited in this licensing segment because nowadays MFA should be the imperative anyway.

Additional resources

Microsoft Teams PSTN telephony licensing update for SMBs

This post highlights a new licensing option regarding (PSTN) telephony / calling / dial tone with Microsoft Teams for small and medium businesses (SMBs) or companies with up 300 seats. Now SMBs can benefit also from Microsoft Teams’ integrated telephony capabilities.

The hereinafter described licensing might be subject to change. Moreover not all licenses or subscriptions are available in every country around the globe, especially calling plans and audio conferencing.

source: https://pixabay.com/illustrations/sound-wave-voice-listen-856770/

Microsoft extended its phone system offering to be a add-on license for Office 365 business premium, too. Until now you needed the following licenses for telephony in Microsoft Teams:

previously

  • Office 365 E1/E3 + phone system (+ calling plan) (+ optional audio conferencing)
  • Office 365 E5 (incl. phone system) (+ calling plan) (+ optional audio conferencing)

now [March 2020]

  • Office 365 Business Essentials / Premium + phone system (+ calling plan) (+ optional audio conferencing)
  • Office 365 E1/E3 + phone system (+ calling plan) (+ optional audio conferencing)
  • E5 (incl. phone system) (+ calling plan) (+ optional audio conferencing)

Conclusion, opinion and summary

The new licensing option for Microsoft 365 Phone System enables small and medium business (up to 300 seats) with Office 365 Business Premium licenses to consider to use Microsoft 365 Phone System instead of using a PBX or migrate to it to reduce costs, get telephony integrated to Teams and provide a seamless and unified user experience by using Microsoft Teams for communication and collaboration as the hub for teamwork and telephony as well.

Additional resources

Microsoft Ignite 2020 gets virtual, too

Microsoft announced that the annual tech event “Microsoft Ignite” will be a pure virtual event due to the current circumstances. The event was planned for September 2020 in New Orleans. Besides Ignite, other conferences were also announced to be virtual-only. E.g.

  • Microsoft Build | May, 2020 | developer conference
  • Microsoft Inspire | July, 2020 | partner conference
  • Microsoft Ignite | September 2020 | tech conference
https://erik365.blog/2019/11/08/microsoft-ignite-2019-recap/
A few attendees going to their next sessions @ Ignite 2019 OCC

Conclusion, opinion and summary

I’m looking forward to Ignite 2020 albeit it will take place online-only and although it is not the same as an in-person event. This is the only way to host any event anyway concerning the the current circumstances instead of canceling it completely. And of course this has also advantages compared to an in-person event, for instance,

+ no travel [time, cost, stress]
+ attend anywhere
+ attend anytime [or when it’s fits best for you].

Additional resources

Microsoft Teams online meetings and live events

In this post I explain which options you have to bring people in a virtual meeting space together using Microsoft Teams and how you can schedule these meeting types. I also describe some technical configuration options which you might want to adjust depending on your company’s user profiles and needs, if required.

Source: https://pixabay.com/de/illustrations/lernen-hinweis-schule-betreff-3245793/
Source: https://pixabay.com/de/illustrations/lernen-hinweis-schule-betreff-3245793/

Online meetings in Teams

Microsoft Teams online meetings can be scheduled or ad hoc and are for up to 250 people at max. To schedule it you must be assigned with the appropriate licenses. An audio conferencing license is complementary and not required but I’d recommend it in case you expect that some attendees might dial in using their phone (PSTN) instead of enjoying the online experience.

Schedule an online meeting (example)

In this section you can get a glance on organizing an online meeting by using Microsoft Teams on a Windows client. This is just one approach to organize an online meeting. You can also set up an online meeting using Outlook with the Teams add-in installed, your mobile device Teams app etc.

Teams Calendar

To schedule an online meeting you can start by opening the Teams Calendar in the left-hand navigation rail and click the button “New meeting” in the upper right corner of the desktop (or web client).

Teams Calendar Scheduler Form

You are now seeing the form for scheduling meeting and to enter all the input – as required – to get your online meeting ready.

  1. select time zone, e.g. +1 h UTC Berlin
  2. add a meeting subject, e.g. Teams User Adoption Planning (be specific!)
  3. add attendees
  4. specify the date and time for online meeting (using the scheduling assistant to check on free/busy for your colleagues)
  5. specify the date and time for online meeting (without the scheduling assistant)
  6. (optional) add a Teams Team channel if you want to use one (e.g. if it is related to an project – regular project status update calls or all-hands meetings)
  7. (optional) add a room or address, e.g. add a room with a Microsoft Teams Meeting Room device or a Surface Hub
  8. write an invitation (I recommend to include a meeting purpose and defined meeting goal/s and outcome/s!)
  9. save it (to send it out)
Teams Calendar Scheduler Form (example)

If the online meeting invitation is saved and sent you can modify it, review it to see the join link and the meeting details you entered. In case you have to cancel the meeting you can do this on this view, too.

Online meeting configuration [admin]

To provide and adjust the online meetings you (as an Teams admin) can set up policies depending on your requirements via the Teams Admin Center (admin.teams.microsoft.com). The next illustrations show where you can find and modify these settings.

Teams meeting settings

You can modify the Teams meetings settings. Please note that these settings are global (org-wide/tenant-wide) for all users enabled for Teams (meetings).

  1. Teams Admin Center –> Meetings –> Meeting settings
  2. Enable/disable if anonymous users (anyone) can attend the meeting
  3. (optional) insert a URL to a publicly available (Internet) logo file (jpg/png, < 188 w x 30 h pixels), e.g. on your company’s website
  4. (optional) insert a URL to a publicly available (Internet) legal page
  5. (optional) insert a URL to a publicly available (Internet) help or support page
  6. (optional) write a footer, e.g. “All meeting contents are confidential if not otherwise stated. Contents must not by shared with third parties without explicit authorization by the meeting host. …” or what fits best for your meetings.
  7. save it to enable your customized meeting settings

I don’t describe the network part in the meeting settings section. This is intended to configure quality of service (QoS) for Teams clients.

Teams meeting policies

To set different “permissions”, enable/disable certain meeting experiences or features there are some pre-defined meeting policies which you can assign per user. Additionally, custom policies can be created and assigned to users. You can find this also in the Teams Admin Center underneath the meeting category in the left navigation rail.

Teams meeting policies
  1. Teams Admin Center –> Meetings –> Meeting policies
  2. Check the available policies and what’s allowed within each
  3. (optional) create a new custom policy
  4. assign the policy to user/s [option 1]
  5. assign the policy to user/s [option 2] in the user section (recommended)

Live events in Teams

Are you looking for or planning a large virtual communication event? You might want to use Teams live meetings. It’s no meeting although you can produce and attend a live event with Microsoft Teams. Live events are for up 10.000 attendees, up to 4 hours en block and you can have up to 15 concurrent live events in your Office 365 tenant. Live events are broadcasts and no meetings, i.e. you provide content (like audio/video/desktop or app shared…) in a more advanced way in one direction towards the attendees. The attendees can only interact with the hosts (producers, presenters) via a Q & A chat. Producers are the live event hosts and “manager” and presenters can support in delivering content to the attendees. Producers supervise and run the live event.

To schedule or run (producer, presenter) a live event you need to have the correct licenses, e.g. Office 365 E1/E3/E5/A3/A5 with Teams and Stream license assigned.

Schedule a live event using Yammer

With the right permissions you can schedule a live event using Yammer from within a group as the next screenshot shows.

Yammer group –> schedule live event [de]
Yammer live event options –> Microsoft Teams [de]

Afterward selecting Microsoft Teams and “Next” the scheduling wizards guides you through the live event scheduling process.

Schedule a live event using Teams

In Teams the procedure is similar to scheduling an online meeting.

Teams Calendar

Instead of “New meeting” and “Schedule meeting” you need to click on “Live event” to schedule it.

Invite attendees to a live event

To distribute the join link after you have scheduled the live event you need distribute it manually, e.g. via your SharePoint Online intranet, Yammer, internal or public website, mail, social media or else.

Teams live event settings [admin]

Teams Admin Center – Live event settings

There are global (org-wide/tenant-wide) settings for live events.

  1. Teams Admin Center –> Meetings –> Live events settings
  2. (optional) attach a support URL
  3. – 6. (optional) third party provider use for video distribution, if needed
  7. save it

Teams live event policies [admin]

Same as with meeting policies, to set different “permissions” and enable/disable features there are some pre-defined live event policies which you can assign per user. Additionally, custom policies can be created and assigned to users. You can find this also in the Teams Admin Center underneath the meeting category in the left navigation rail.

Teams Admin Center – Live events policies

You can create a new custom live event policy and assign it to users which need the capability. In this example I created a “Allow-All” custom policy which can be assigned to users via the “Manage users” button or within the users administration pane.

Teams Admin Center – Live events policy – Allow-All
  1. Teams Admin Center –> Meetings
  2. Live events policies
  3. Enter a name for the policy
  4. Enable/disable scheduling
  5. Enable/disable transcriptions for attendees
  6. Choose scale (internal <-> public)
  7. Enable/disable recording
  8. Save your policy

I would recommend to test live events thoroughly to really understand how it works with the roles (producer, presenter) and getting the content “live”.

When to use what?

Online meetings are suited for a interactive and collaborative kind of meeting whereas live events are for larger uni-directional broadcasts, e.g. company management announcements or external-facing events/webinars.

Conclusion, summary and opinion

Depending on the size and virtual “gathering’s” purpose you can bring together people virtually either in Microsoft Teams online meetings or live events. However, the latter is as mentioned above more a one-way communication. As soon as you want to share and collaborate you can initiate an online meeting. Online meetings are straightforward and provide key online conferencing capabilities (audio/video/sharing) for company-internal as well as external people.

Additional resources

Work from home checklist

This post provides a short checklist on things you might need to work from home #WFH and remote to your default office location. These days we face more and more constraints in our day-to-day life and at work due to COVID-19. I like to answer the common question “What do I need to work remotely?” or “What do I have to provide my employees that they can work from home?”. Independently of the current situation nevertheless due to the situation and many request regarding this question.

For sure, not all jobs and tasks can be done remotely, but most jobs where people usually work in offices could be done remotely instead of a certain Office location.

Source: https://www.pexels.com/de-de/foto/arbeit-architektur-drinnen-fenster-2764182/

Basic technical requirements to work remote

  • Internet connection with
    • sufficient bandwidth (I’d propose > 16 mbits)
    • and low latency for real-time communication (audio & video conferencing)
  • Mobile devices
    • laptop, mac, tablet or similar
    • smart phone | especially for security reasons to enable multi-factor authentication (MFA)
  • Headset or speaker (mic + speaker)
  • Webcam (for video chat or conferencing)
  • (optional) additional (power) extension lead with protection of over voltage
  • suited plugs, cables etc. for all devices
  • Secured corporate app services to being access remotely by remote workers, for instance
    • chat communication
    • audio / video conferencing
    • application / desktop sharing
    • e-mail
    • telephony (PSTN)
      • soft phone for phone calls to/from PSTN
      • and/or smartphone for phone calls to/from PSTN
    • files, e.g. PDFs, Word, Excel, PowerPoints etc.
    • co-authoring to edit files by multiple users the same time
    • line of business (LOB) apps (as needed), e.g. CRM, CAD, …

Advanced technical requirements to work remote

In certain cases and depending on how often and long you work remote it might make sense to level up your remote equipment, let’s say from a occasional mobile remote worker to a more regular home office remote worker. For example, I could not and don’t want to work remotely only having my laptop all the time it’s to small and uncomfortable on the long term. That’s why I’d like to add some advanced technical requirements for working remote for the long term.

  • docking station for laptops and periphere devices (headset, webcam, displays…)
  • USB hub (in case more devices need to be connected via usb as available usb ports in the docking station)
  • > 1x larger screen, e.g. 1x 27″ or 2x 24″ display/s attached to the laptop docking station via HDMI or else with sufficient quality
  • (optional) USB printer (in case there is some legacy paper work to print out, fill out and send out via (physical) mail (distribution)
  • (optional) USB scanner (I’d recommend Office Lense instead however to complete the list I’d say a scanner could be helpful if you cope with legacy paper work and you must scan many paper pages a day)

Other (optional/recommended) requirements to work remote

I think the above hardware, equipment and services should enable you and/or your users to work from home or anywhere else in a comfortable way. Thus you should also consider the following to work productively from remote. Environmental variables.

  • Room / space / noise / door | It’s more comfortable and less distracting to a have a dedicated room or space (or have at least very good headsets with active noise cancelation (ANC) built-in, which filters out most of the noise).
  • Ergonomic chair | If you work the whole day sitting on your sofa or dining table it might not be the right place and you end up with headaches or a back and neck which hurts.
  • Desk / table | A suited desk also keeps your posture ok and in shape in conjunction with the suited chair.
  • Light | To see something on your screen to much and to little light can be disadvantageous on the long term, so you should have a good lamp.
  • (optional) Box | Depending on where you work (e.g. a home office space) it might supporting to have a box or bag where you can put everything together after your business hours to really enjoy after-work life if you cannot just close a room’s door.

Conclusion, opinion and summary

To work from home or remotely and be productive can be comfortable if the requirements and prerequisites for a modern workplace are given. If not it’s not much fun and you might be not very productive. It’s also important to have some small talk with your co-workers and team mates because it’s different to work remote if you are used to work almost up to five days in an office. So, don’t forget about some basic “small / coffee talk” to keep in sync with your co-workers.

Additional resources

Safe attachments and links to protect your Office 365 collaboration

In this post I describe how you can configure safe attachments and safe links in Microsoft Office 365 Advanced Threat Protection (ATP) to make your communication and collaboration a more secure. It is for your Office 365 workloads (SharePoint Online, OneDrive for Business, Exchange Online and Microsoft Teams).

Please note, that is is just one of many measures to secure your communication and collaboration in Microsoft Office 365. This is only a single part – well, two capabilities – of a more holistic and required security architecture concept. Moreover, the below description, configuration etc. might change anytime and is just an example, demo piece.

Source: https://pixabay.com/de/illustrations/sicherheit-sichern-gesperrt-2168233/

Basics

Let me describe it as follows short and simplified:

What are Safe Links?

Safe Links are (hyper)links/urls which are pre-checked (in a sandbox) before a user opens the link. This “pre-check” is built to check if the website behind the link is ok or might be bad, start to download malware or something else which might harm your system/s.

What are Safe Attachments?

Safe Attachment[s] is a feature which checks attachments and tries to detect if it is malicious.

Requirements

You need a subscription which includes Microsoft [Office] 365 Advanced Threat Protection (ATP).

To configure this your administrative Office 365 account must have the global admin, security admin or Exchange Online Organization Management role assigned.

Configuration overview and walk-through

For both, you can start at https://security.microsoft.com/securitypolicies in the Microsoft 365 Security portal.
The following screenshots depict what I configured, so you can of course configure it another way depending on your needs and requirements.

1 Open https://security.microsoft.com/securitypolicies
2 Policies
3 + 4 Configure each (ATP safe attachments + ATP safe links)

ATP Safe Attachments

1 Enable ATP for SharePoint, OneDrive and Teams
2 Save it, to enable it
3 Protect attachments – create a new safe attachments policy

1 + 2 Give it a name + description
3 Configure handling
4 + 5 Enable redirect of potentially maliciouse attachements to another mail [don’t use a usual mailbox, create a “dumpster mailbox” just for that purpose]
6 Configure condition/s / exception/s
7 Save it

Validate input and check if the policy is enabled and the priority fits in case you create several policies.

ATP Safe Links

1 Configure the default Safe Links organization policy
2 Create Safe Link policies for specific recipients

1 Enable it for all Office 365 Apps, … iOS and Android
2 Configure “reporting” + handling

1 + 2 Give it a name + description
3 Turn it on
4 Enable real-time scanning for URLs including content for download
5 Enable it internally, too
6 Configure “reporting”
7 Enable – disables users to click the original URL from the warning page if it is blocked

1 Configure condition/s / exception/s

Validate input and check if the policy is enabled and the priority fits in case you create several policies.

Finally, test and verify your configuration. Regularly take a look into your security reports to enhance your configurations. Plus, don’t forget from time to time to check out what has changed to keep your security configurations always at a current level.

Conclusion, opinion and summary

Safe Links and Safe Attachments are very helpful features in Microsoft Office 365 to make your communication and collaboration more secure regarding sending/receiving links and attachments. These two features are options to increase your security setup with Office 365. I think it might be a good idea to enable it if you do not yet have something like this in place already.

Although it makes links and attachments safe[r] there are more and more advanced/intelligent threats and approaches available to trick and compromise users and systems. So, admin and user security awareness is also essential although you can get rid of many threats with a holistic security architecture and technical solution or service implementations.

Additional resources

Microsoft Office App for Mobile

Microsoft released its Office app for mobile. It’s available in the respective app stores for Android and iOS. It’s a single app which covers Word, Excel and PowerPoint. So three single apps become one.

Source: https://products.office.com/de-de/mobile/office-mobile-apps-for-android

Conclusion, opinion and summary

A single app is definitely a good idea in case no functional is cut off due to consolidation into one app. I just tested the app a little bit and its very straightforward and easy to use. In case your are already using Outlook, Teams, OneDrive for Business on your mobile or your connected with your Office 365 account the new app signs in directly, shows a start splash screen and a short intro and you are ready to go.

On the home screen you can seen your recent documents and the navigation drop down offers you to go to Word, Excel, PowerPoint, PDF, Media or Notes.

In the Office apps settings you can enable/disable “Download most recent and recommended files”. By default it’s enabled so it downloads files to your mobile so that you can directly start to work on recent documents. Also by default, download via mobile network/data is disable if the above feature is on but of course you can enable it in case you roam a lot.

Office app setings –> Download most recent and recommended files

Nice app to access your files within a single app, no need for a app switch between Excel, Word and PowerPoint anymore. Some nice and new features are convert a picture to (Excel) table, convert images to files and sign PDFs. More features and improvements are already planned and announced.

Additional resources

How to secure Microsoft Teams? Some thoughts.

In this post I give you an architectural overview on thoughts, ideas and options to a more secure communication and collaboration experience with Microsoft Teams.

It’s inevitable to provide a secure, modern and usable (!) solution for your users, your company and keep identities and [information] assets secure. I want to emphasize usable because you can surely set up a highly secure service, however, if you do so, nobody might be able to use it because you locked it too restrictively. So, this will probably cause other headaches, first of all users need to get work done and might workaround that highly secured service [just using anything else which they find online]. No adoption. Hence, the added value of the communication and collaboration solution and the ROI will never be achieved. That’s why you need to figure out a suited balance between security and collaboration.

Source: https://pixabay.com/de/illustrations/lernen-hinweis-schule-betreff-3245793/
Source: https://pixabay.com/de/illustrations/lernen-hinweis-schule-betreff-3245793/

Microsoft Teams as part of the Microsoft 365 cloud services can leverage these comprehensive security features to enable a secured communication and collaboration. Besides the fact that Microsoft encrypts data in transit as well as at rest.

The following slides contain what you could do to secure your Microsoft Teams communication and collaboration experience by not giving up usability and a modern teamwork experience.

Beyond these basic security considerations in the slides you could, of course , also make further and more granular optimizations, for example …

  • in the Microsoft Office 365 Admin Center
  • in the Microsoft Teams Admin Center
  • in the Microsoft SharePoint Online Admin Center
  • in the Microsoft One Drive for Business Admin Center
  • in the Microsoft Exchange Online Admin Center
  • as well as in other Microsoft Admin Centers

as needed.

Conclusion, opinion and summary

Microsoft 365 enables you to secure Microsoft Teams and Office 365 with the eligible licenses. There are many aspects around securing your modern teamwork experience. It starts with general identity and information protection and goes ahead with fine tuning Microsoft Office 365, Teams, SharePoint Online, Exchange Online, Yammer etc. There are some bigger and some smaller switches to be aware of and to configure modern teamwork secure. E.g. guest access, external access (federation), message policies, meeting/conferencing policies, app setup policies, app permission policies and many more. At least but not at last you also should think about monitoring and auditing so that you’ll be able to trace things in case it is required.

Additional resources