by Contributed | Oct 7, 2020 | Business, Security, Technology
This article is contributed. See the original author and article here.
Interview with Nolene LaNeve, Teams Engineering Senior Technical PM around Security in Teams
This past summer was extremely busy for the Microsoft Teams Engineering team, especially in the US Government space. They helped customers with a record number of net new deployments in the M365 US Gov Clouds; GCC, GCC High and DoD. End users wanted to collaborate with outside agencies but in a way that meant their data was secure. IT Admins wanted to know which configuration options best fit their organization’s security posture. CIO‘s wanted to lean in and give their workforce the best in class technology, all while following US Government accreditation standards. The common theme in most questions asked by our customers was around security. We recently sat down with @NoleneSLaNeve , a Senior Technical Program Manager and all-around security expert from Microsoft Teams Engineering and asked her what are the top 5 security questions asked by our US Government customers for Microsoft Teams. After all, Nolene helped some of our larger Federal Agencies successfully deploy Teams and is known to many as the call quality expert. Interview by Rima Reyes.
1. File Sharing in a Team
Question: “How can I securely collaborate and share files with other trusted organizations inside of a Team?”
Answer: “The best and fullest collaboration experience in Teams is called Guest Access. Essentially, Guest Access allows your organization’s users to collaborate with trusted people outside of your organization on documents, tasks, channels, conversations, and other resources within a Team. When someone outside of your organization is added to a Team, this person is called a Guest. Guest users even have a richer experience in Teams chat! Before anyone can add a Guest to a Team, your IT Admins will need to configure a few things first in Azure Active Directory, the M365 Admin Center, the SharePoint Admin Center and finally the Teams Admin Center. (Everything for Guest Access is off by default.) What’s great about these configuration options is that it really gives IT Admins the power to ‘dial things up or down’ based upon how much you want (or don’t want) to share and with whom exactly your organization wants to share with. A great example of when Guest Access is appropriate is during mission focused activities, like coordinating with local authorities during a natural disaster or when multiple agencies need to be involved for a policy review. Another thing to note is that Guests in Teams are covered by the same compliance and auditing protection as the rest of Microsoft 365 and come with the added benefit of being centrally managed in Azure Active Directory.”
US Gov Cloud Caveats: “Guest Access for Azure AD and Teams is available in GCC. GCC High and DOD will have Azure AD and Teams Guest Access capabilities in the future (allowable only per the accreditation guidelines).
Resources/Screenshots:
2. External Access with Whitelisted Domains
Question: What is the best way to chat with another trusted organization in Teams without having to share files?
Answer: “If your organization just wants to chat with people outside of the organization, then configuring External Access would be key. External access is a way for your users to find, call, chat, and set up meetings with external domains in Teams. You can also use External Access to communicate with outside users who are still using Skype for Business (online and on-premises). External Access is a great way to start figuring out what cross-government agency collaboration looks like. It’s so lightweight and easy since no file sharing is at play here. IT Admins have the power to configure who they want their organization to talk to (or not talk to) all through the Teams Admin Center. External Access is also useful for government agencies with a small subset of users who happen to be in a location that has extremely low bandwidth (think being in the middle of a forest somewhere) and must still use Skype on Prem. External Access allows for these two entities to talk to one another even while in the same organization.”
US Gov Cloud Caveats: “GCC & GCC High users can setup External Access with each other and with organizations in Commercial. DOD agencies can setup External Access with each other only.”
Resources/Screenshots:
3.Teams Encryption
Question: How is content encrypted in Teams?
Answer: “Teams data is encrypted in transit and at rest. Microsoft also encrypts all of the data going between a user’s device and when it finally lands in a Microsoft datacenter. (Even between datacenters too!) Compliance data is also encrypted at rest in Microsoft datacenters, but it is done so in a way that allows organizations to decrypt the content if needed for compliance reasons, like running an eDiscovery case. The type of encryption that Teams uses for all chat messages are TLS (Transport Layer Security) and MTLS (Mutual Transport Layer Security). FYI, TLS and MTLS protocols provide encrypted communications and endpoint authentication on the internet. Teams media content uses a type of network protocol used for delivering audio and video called RTP (Real-time Transport Protocol) and SRTP (Secure RTP) to encrypt media traffic. When it comes to how other content in Teams is encrypted, remember that files are stored in SharePoint and are backed by SharePoint encryption. Notes are stored in OneNote and are backed by OneNote encryption. The OneNote data is stored in the team’s SharePoint site. IT Admins should become really comfortable with managing the other services in M365 as well since Teams works in partnership with SharePoint, OneNote, Exchange, and more…”
Resources/Screenshots:
4. VPN Split Tunneling
Question: Why is VPN split tunneling important for just Teams media traffic? How can US Gov organizations champion for this change?
Answer: “This is the question asked the most by our US Government customers. Most organizations we talk to think that they have to be the ones encrypting all traffic and content over the VPN but in actuality that’s not the case, especially when Microsoft is already encrypting the content for you. (There is no value in double encrypting each packet of data.) In fact, many organizations run their Teams media traffic over the VPN as well causing it to crumble and all but ensuring a poor user experience. Let’s envision an example of how VPN tunnels work. Imagine a 2-lane road. Rush hour has just started so more and more cars are occupying this 2-lane road. The more cars, the slower everyone will move along the road. Cars represent packets of data. If there are too many cars on the road, other important traffic can’t get through. That’s why it’s important for traffic that doesn’t have to be encrypted by the customer’s network be moved off the VPN, like Teams media traffic since it’s encrypted anyway. Split tunneling VPN traffic enables segmenting traffic to be egressed to Office 365 via a direct Internet connection. My team always recommends that at a minimum, organizations enable split-tunnel VPN for Teams media traffic to reduce VPN load. This ensures a high-quality experience for all media scenarios within Teams (and much happier end users with less help desk tickets). Teams Engineering made sure it was easier for customers to implement this since Teams only uses 4 UDP ports and 3 IP ranges for media traffic. In other words, its much easier to split out media traffic and take Teams media traffic off the VPN! Remember, we aren’t saying to remove all M365 traffic off the VPN, just Teams media traffic.”
Resources/Screenshots:
5. Meeting Security
Question: How can customers be assured they know who is in their meetings and not have any ‘uninvited guests’?
Answer: “Ever host an event where unexpected folks showed up and no one was checking their invites at the door? Sam‘s 3rd cousin Vinny happened to hear about your party from his great aunt Myra. How did that even happen, right?! Teams can help you check a guest’s invite at the door before they come into the party! The Teams Admin Center has configuration controls that allow organizations to match meeting security to their specific needs.
We recommend the following configuration settings for Teams Meetings with external participants:
- In the Teams Admin Center, turn on the toggle for Anonymous Join. With this setting on, anyone can join the meeting as an outside user by clicking the link in the meeting invitation. Enabling anonymous join is only for Teams meetings and does not allow the sharing of files during a meeting with those outside of your organization.
- Outside Users without a Teams Account:
- Must enter a name before joining the meeting.
- Meeting chat is limited to text only.
- Can join via the Teams mobile app, even without an already existing account (the app just needs to be installed on the phone before clicking the meeting link).
- Cannot create or join a meeting as a presenter, but can be promoted to presenter after they join a meeting.
- Outside users with a Teams Account:
- Can choose to sign in before joining the meeting for a richer meeting experience. These users, if promoted to do so, can act as presenters.
- Think about using Azure Information Protection Labels in Outlook as an option for meeting organizers to apply classifications that do not allow forwarding of meeting invites.
- In the Teams Admin Center under the Meeting Policies Section, most US Gov agencies use these configuration settings…”
US Gov Cloud Caveats: GCC and GCC High organizations can enable anonymous join to allow outside users join their meetings. DOD hosted meetings cannot be joined by users outside of the DOD.
Resources/Screenshots:
Deploying Teams Quickly and Securely
Bonus Question: What is the fastest way I can deploy Teams in my organization without missing anything important, all while focusing on security?
Answer: “We know these are trying times and want to make sure everyone has the best experience when working from home or in a remote environment. We know Teams can help with that better user experience. That’s why we have catered the ‘must do’ list for deploying Microsoft Teams in your US Gov organization! Check out the resource below!
Resources/Screenshots:
About the Author
Nolene LaNeve
Senior Technical Program Manager, Teams Customer Engineering
Nolene LaNeve is currently a Senior Technical Program Manager in Microsoft’s Teams Engineering Product Group. Nolene is a subject matter expert on media quality and reliability and specializes in ensuring organizations in highly-regulated industries can deploy and/or upgrade to Microsoft Teams and achieve superior media quality and reliability while maintaining necessary security requirements.
Prior to her role in Teams Engineering, Nolene was a Solutions Architect in the Skype Circle of Excellence, where she built the “Optimize Enterprise Communications” engagement and helped customers optimize their Skype for Business deployments, as well as migrate to Office 365.
Nolene came to Microsoft as a Premier Field Engineer, where she supported financial services and defense technology organizations, after being on the customer side as a lead application engineer at Raymond James Financial Services, as well as a mobility engineer at AVI-SPL.
You also might enjoy:
Sharing Azure Sentinel Workbook Data with Someone Outside the SIEM
by Scott Muniz | Mar 11, 2020 | Business, Office 365, Technology
We’re getting a lot of inquiries about how to best prepared in case there are school and daycare closures or in the event someone in the office contracts the virus and others who may have had contact will have to quarantine themselves. We’re recommending a strategy built around Office 365 and OneDrive. Because Office 365 and OneDrive can be remotely accessed by any computer, either through a browser or via an app, workers can continue to be productive away from the office. However, we know there may some questions about printing (ex. – printing checks), scanners, or accessing non-Microsoft programs that do not have a Web interface. For this reason, we’ve developed a short questionnaire for you to fill out to identify all the areas of your business remote workers will need to access. Please follow this link to fill out the questionnaire.
Heads up from the CDC for businesses to prepare for COVID-19
Planning Considerations
All employers need to consider how best to decrease the spread of acute respiratory illness and lower the impact of COVID-19 in their workplace in the event of an outbreak in the US. They should identify and communicate their objectives, which may include one or more of the following: (a) reducing transmission among staff, (b) protecting people who are at higher risk for adverse health complications, (c) maintaining business operations, and (d) minimizing adverse effects on other entities in their supply chains. Some of the key considerations when making decisions on appropriate responses are:
- Disease severity (i.e., number of people who are sick, hospitalization and death rates) in the community where the business is located;
- Impact of disease on employees that are vulnerable and may be at higher risk for COVID-19 adverse health complications. Inform employees that some people may be at higher risk for severe illness, such as older adults and those with chronic medical conditions.
- Prepare for possible increased numbers of employee absences due to illness in employees and their family members, dismissals of early childhood programs and K-12 schools due to high levels of absenteeism or illness:
- Employers should plan to monitor and respond to absenteeism at the workplace. Implement plans to continue your essential business functions in case you experience higher than usual absenteeism.
- Cross-train personnel to perform essential functions so that the workplace is able to operate even if key staff members are absent.
- Assess your essential functions and the reliance that others and the community have on your services or products. Be prepared to change your business practices if needed to maintain critical operations (e.g., identify alternative suppliers, prioritize customers, or temporarily suspend some of your operations if needed).
- Employers with more than one business location are encouraged to provide local managers with the authority to take appropriate actions outlined in their business infectious disease outbreak response plan based on the condition in each locality.
- Coordination with state and local health officials is strongly encouraged for all businesses so that timely and accurate information can guide appropriate responses in each location where their operations reside. Since the intensity of an outbreak may differ according to geographic location, local health officials will be issuing guidance specific to their communities.
Important Considerations for Creating an Infectious Disease Outbreak Response Plan
All employers should be ready to implement strategies to protect their workforce from COVID-19 while ensuring continuity of operations. During a COVID-19 outbreak, all sick employees should stay home and away from the workplace, respiratory etiquette and hand hygiene should be encouraged, and routine cleaning of commonly touched surfaces should be performed regularly.
If you need assistance with your Infectious Disease Outbreak Response Plan please go here.
by admin | Oct 1, 2018 | Business, Office 365
Microsoft Teams Videos:
Welcome to Teams
Teams & Channels Overview
Create Instant Meetings
[/vc_column_text][/vc_column][vc_column width=”3/4″][vc_column_text]Microsoft Teams is a platform that combines workplace chat, meetings, notes, and attachments. The service integrates with the company’s Office 365 subscription office productivity suite, including Microsoft Office and Skype, and features extensions that can integrate with non-Microsoft products. Microsoft announced Teams at an event in New York, and launched the service worldwide on 14 March 2017. Here’s a brief overview of the features:
Teams
Teams allow communities, groups, or teams to join through a specific URL or invitation sent by a team administrator or owner. Teams for Education allows admins and teachers to set up specific teams for classes, professional learning communities (PLCs), staff members and everyone.[18]
Messaging
Within a team, members can set up channels. Channels are topics of conversation that allow team members to communicate without the use of email or group SMS (texting). Users can reply to posts with images, GIF’s and custom made memes.
Direct messages allow users to send private messages to a specific user rather than a group of people.
Connectors are third party services that can submit information to the channel, some connectors include MailChimp, Facebook Pages, Twitter, Yammer, SharePoint, Dynamics, SalesForce, Bing News, and many others.
Calling
- Instant messaging
- Voice over IP (VoIP)
- Video conferencing inside the client software
Teams supports public switched telephone network (PSTN) conferencing allowing users to call phone numbers from the client.
Meeting
Meetings can be scheduled or created ad-hoc and users visiting the channel will be able to see that a meeting is currently in progress. Teams also has a plugin for Microsoft Outlook to invite others into a Teams meeting.[19]
Education
Microsoft Teams allows teachers to distribute, provide feedback, and grade student assignments turned-in via Teams using the Assignments tab, available to Office 365 for Education subscribers.[20] Quizzes can also be assigned to students through an integration with Office Forms.[21]
Clients
As of November 2017, the following Microsoft Teams clients are available:
- Windows and MacOS: Included with Office 365
- iOS: Microsoft app in iTunes app store[22]
- Android: Microsoft app in Google Play[23]
- Windows 10 Mobile and Windows Phone 8.1[24]
For a deeper dive please watch the videos in this article. You can see the full Wikipedia article here.
*** CALL TO ACTION GOES GERE >>> For a free trial or demo![/vc_column_text][/vc_column][/vc_row]
by admin | Aug 28, 2018 | Business, Dynamics 365, Technology
[vc_row css_animation=”” row_type=”row” use_row_as_full_screen_section=”no” type=”full_width” angled_section=”no” text_align=”left” background_image_as_pattern=”without_pattern”][vc_column width=”1/2″][vc_column_text][advanced_iframe use_shortcode_attributes_only=”true” src=”https://www.microsoft.com/en-us/videoplayer/embed/74205e30-2d82-4128-ae84-87d2fc7c9167″ width=”100%” height=”375″ id=”advanced_iframe” allowfullscreen=”true” ][/vc_column_text][/vc_column][vc_column width=”1/2″][vc_column_text]
Make your Dynamics 365 Data Available to the Web!
A custom application builder provides a seamless customer experience with a responsive solution that’s optimized for mobile, tablet, and desktop, right out of the box.
First things first. Any web portal is built on a solid foundation of authentication, security, user roles, and rights. Users are stored as Dynamics 365 contacts so they can self manage account and profile information with ease. You can configure portals for local authentication using simple user name and password fields, or use familiar federated authentication providers like Microsoft, Facebook, Google, Twitter, and many more. Users have self-service control over their profiles and any settings you’ve enabled. Configuration of users, roles, and rights is easily accomplished by any Dynamics 365 Administrator. Once you’re connected, engage your audience with email subscriptions, track their activities, identify and reward brand champions, and let social conversations flow in community discussion forums. Any form or list available within Dynamics 365 can be exposed to the web. You can build sophisticated custom web tools with entity form, list, permission, and action features. Together, they’re a comprehensive tool box with the flexibility to meet the specific needs of your business.[/vc_column_text][/vc_column][/vc_row][vc_row css_animation=”” row_type=”row” use_row_as_full_screen_section=”no” type=”full_width” angled_section=”no” text_align=”left” background_image_as_pattern=”without_pattern”][vc_column][vc_column_text]Portal capabilities for Dynamics 365 brings qualified expertise in web engagement and CMS frameworks with an integrated bundle of web portal solutions that add sophisticated content management, knowledge and case management, opportunity management, membership, profile, and self-service capabilities to Dynamics 365. Use portals to set up an interactive, web-based sales, services, support, and social engagement application platform to engage with communities, manage portal content, and empower your channel partners.
Businesses are constantly challenged to grow, scale, and increase efficiency, at the same time striving to add service capacity, increase customer satisfaction, and deliver exceptional service, all while improving staff productivity and enhancing service quality. How do smart businesses do it all? With a best-in-class Dynamics 365 backed website portal to quickly build secure self-service portals, and even their entire website, with no developers required.[/vc_column_text][/vc_column][/vc_row]
by admin | Aug 28, 2018 | Business, Dynamics 365, Technology
[vc_row css_animation=”” row_type=”row” use_row_as_full_screen_section=”no” type=”full_width” angled_section=”no” text_align=”left” background_image_as_pattern=”without_pattern”][vc_column width=”1/2″][vc_video link=”https://youtu.be/yGN5tcNf-nY” align=”center”][/vc_column][vc_column width=”1/2″][vc_column_text css=”.vc_custom_1535550622211{padding-bottom: 20px !important;}”]Did you know that field service capabilities are now built in to Dynamics 365. Watch this video to learn the possibilities this opens up for your service organization. We’ll show you how field service delivers advanced scheduling, inventory tracking, and asset management for service depots. And how it helps highly mobile, field specialists fulfill work orders and provide preventive maintenance across multiple sites under complex service agreements.
[/vc_column_text][/vc_column][/vc_row]
by admin | Aug 6, 2018 | Business, Office 365, Technology
[vc_row css_animation=”” row_type=”row” use_row_as_full_screen_section=”no” type=”full_width” angled_section=”no” text_align=”left” background_image_as_pattern=”without_pattern”][vc_column width=”1/2″][vc_column_text]
Answered by Daanish Zaffar, Sitecore/SharePoint Admin at Mindtree
1) Seamless Coordination with the Tools You Already Know
Office 365 works seamlessly with the programs you already know and use, including Outlook, Word, Excel, OneNote, Publisher and PowerPoint. These tools provide the same great features you rely on as well as powerful capabilities in Office 365. With multiple subscription levels in Microsoft Office 365, you can see if others are editing the document you’re using, synchronize documents with your desktop, broadcast PowerPoint presentations, and check documents in and out of your online document library.
2) Anytime, Anywhere Access
Microsoft® Office 365 provides web-enabled access to email, important documents, contacts, and calendar on almost any device—including PCs, Macintosh computers, iPhones, Android phones, and BlackBerry smartphones. It frees you to work where and when you choose, letting you respond to important requests right away, from almost any location. With the ability to access email and documents from your mobile device, you don’t need to hurry to the office or look for a WIFI hot spot. And if you’re traveling without access to Microsoft Office, Office 365 helps you view and edit documents from the most popular web browsers on PCs and Macintosh computers. Take control of when and where you work with Office 365.
3) Easily Communicate and Collaborate Inside and Outside Your Organization
With Office 365, you can create a password-protected portal to share large, hard-to-email files both inside and outside of your organization, giving you a single location to find the latest versions of files or documents, no matter how many people are working on them. Send instant messages to colleagues and customers and invite them to participate in online meetings where you can review documents or take control of a desktop.
4) Simple to Learn, Straightforward to Use
Office 365 is easy to try, simple to learn, and straightforward to use. You don’t need to learn new software, install complicated systems, or learn new jargon. In just a few minutes, you can create a trial account and see how easily your business can be “in the cloud” with benefits usually found only in larger organizations.
5) Email, Collaboration, and Online Meeting Solutions
Microsoft has years of experience delivering scalable, secure online solutions. Enhance your Office experience with Office 365 features like a 50-gigabyte (GB) mailbox that accommodates attachments up to 25 megabytes (MB), calendaring, contacts, online meetings, instant messaging, document collaboration and more. With Office 365, you can take advantage of these easy-to-use solutions and advanced features at a small-business price.
[/vc_column_text][/vc_column][vc_column width=”1/2″][vc_column_text]
6) Safety and Security
Security is priority at Microsoft data centers. With Office 365, you can use the same systems used by Microsoft and other enterprises worldwide to help protect email, documents, and networks. These systems scan your messages and documents for spam and malicious software (also called malware) 24 hours a day, 7 days a week. Microsoft data centers help safeguard your data and are certified to meet multiple industry-standard certifications.
7) No Requirement for Advanced IT Knowledge
Office 365 administration is designed for organizations without IT staff, so you can easily set up and use the features, helping you focus on your business rather than on learning menus and technical lingo. Perform administrative tasks using an intuitive, web-based portal that is accessible only to people you designate. The online portal provides step-by-step instructions on how to add users and set up your account so your employees can quickly start using Office 365.
8) 99.9% Financially-Backed Uptime Guarantee
Office 365 is built from the ground up for reliability, availability, and performance. Our proven service is powered by the same Microsoft email and collaboration products that businesses of all sizes have been using for decades.
Office 365 helps safeguard your critical data with geo-redundant, enterprise-grade reliability and disaster recovery with multiple datacenters and automatic failovers and a strict privacy policy. Office 365 is designed to deliver reliability, availability, and performance with a guaranteed 99.9% uptime, financially backed service level agreement (SLA).
9) Flexibility for Your Business
With Office 365, you get pay-as-you-go pricing options that give you predictability and flexibility for your business. Office 365 also offers great flexibility by allowing you to easily provide users with only the services they need, cost-effectively adding value to your business.
10) Professional Face for Your Business
Using professional services like Office 365 tells potential customers that you’re serious about business. With these state-of-the-art but easy-to-use collaboration, mail, and messaging services, you can set yourself apart from organizations that use free or ad-supported services. A custom domain name further enhances your branding, and Office 365 includes design tools to easily create a professional, public-facing website in minutes.
[/vc_column_text][/vc_column][/vc_row][vc_row css_animation=”” row_type=”row” use_row_as_full_screen_section=”no” type=”full_width” angled_section=”no” text_align=”left” background_image_as_pattern=”without_pattern”][vc_column width=”1/3″][/vc_column][vc_column width=”1/3″][/vc_column][vc_column width=”1/3″][/vc_column][/vc_row]
Recent Comments