Microsoft Teams is one of the most used online communication and collaboration platforms in enterprise environments. Microsoft boasts that the software has 270 million users currently, however, this also makes Teams an attractive attack surface for malicious actors. As such, the Redmond tech firm has now announced a range of advanced security features for certain Teams customers through Microsoft Defender 365.
Microsoft has dubbed these security features "Collaboration Security" and launched a public preview for it. This toolset is only available for customers with Microsoft E5, Microsoft E5 Security, or Microsoft Defender for Office 365 licenses.
Since many people share sensitive and business-critical information through files and messages across Teams, Microsoft has decided to bring the security mechanisms which protect your email environments to Teams too. All of these capabilities related to detection and response to security threats in Teams will be available in a unified manner on Microsoft 365 Defender to enable correlation with security signals from other endpoints too.
Teams users will also have the ability to report suspicious messages directly in Teams, and they will be surfaced to security teams in Microsoft Defender 365. Microsoft will be enhancing this process down the line by collating user reports so cybersecurity teams can review them efficiently.
In the same vein, zero auto purge (ZAP) is being brought to Teams. It scans messages after delivery for indicators of malicious content and immediately quarantines the messages if it detects something problematic. It then initiates a full scan of the Teams environment to determine if it is compromised and performs quarantine at scale. Security teams can customize this behavior according to their preferences.
In order to further improve resiliency to cyberattacks, Microsoft is also introducing advanced hunting queries and attack simulations, as described below:
To enable SecOps with proactive tools to hunt for threats Microsoft is also adding to the existing advanced hunting features in Microsoft 365 Defender to support security for Teams. Advanced hunting is a query-based threat hunting tool that lets you explore up to 30 days of raw data. You can proactively inspect events within Teams to locate threat indicators and entities with custom queries using KQL, or by using the query builder for a guided hunting experience. Flexible access to data enables SecOps teams to hunt across and correlate data from email, endpoints, identities, SaaS apps, and DLP, enabling unconstrained hunting for both known and potential threats in a single, unified query.
At Microsoft, we know firsthand that an effective security strategy requires active engagement from end-users from day one. That’s why we are including attack simulation and training tools to promote education, awareness, and risk assessment for users of Microsoft Teams. To further enhance the effectiveness of these tools, security teams are provided with advanced analytics and insights on the most common types of attacks seen in your organization’s Microsoft Teams environment and can customize simulations and training to address specific knowledge gaps.
Finally, it is important to understand that Collaboration Security is an extension of Microsoft Defender 365, not Teams. As such, it will be available to the extent that customers with the appropriate license want to utilize it, as explained in the various detection and response techniques described above. Although Collaboration Security is now available in public preview but timelines for general availability have not been announced yet.