Microsoft 365 Licenses: understanding security levelsLire l'article
04 July 2022
Microsoft Teams, Microsoft’s flagship collaboration platform, continues to improve and evolve its channel management.
Historically, Microsoft Teams offered two types of channels:
Announced a few months ago, Microsoft will launch shared channels known as Teams Connect. This new feature disrupts the management of members and access in a team, and IDECSI is reviewing these changes.
Shared channels or Teams Connect is a powerful new feature to reduce oversharing and make collaboration easier in Microsoft Teams.
With shared channels, it will no longer be necessary to be a team member to access information in a channel.
This channel, unlike the others, can be accessed by users who are not members of the team (internal or external). It may also be accessible to Microsoft 365 groups.
The advantage is being able to invite a user only to a channel and thus provide that user with only a part of the information available to the team.
By default, this person will not have visibility on other channels including the general channel.
This can concern a person from within the company, a group of users (e.g. a Teams team) or an external person provided that the internal Teams security policy allows it. However, it is not yet possible to invite teams from external organizations.
Microsoft Teams Connect, currently in private preview, is expected to launch in 2022.
To activate it, it is necessary that:
Shared channels will change collaboration and information sharing in Microsoft Teams. Users need to be made aware of the changes these new channels bring and Workplace teams need to communicate and support these users.
Microsoft Teams already offers several use cases around team collaboration, project management, or community animation. Shared channels will again bring new ways of working.
The example of the steering committee is significant. This steering committee group does not need to have access to the entire operational collaboration part of the project. With shared channels, it is possible to create a dedicated channel for them to share only meetings, minutes, and monitoring KPIs.
Through these different use cases, shared channels will allow users to:
Beyond the different use cases of these shared channels, users must be made aware of the specificities brought by this new functionality.
Once a channel is created, an icon will appear next to its name indicating to members that it is a shared channel.
By default, the shared channel inherits the settings of the team (member permissions, comments, etc.). The owner can then adjust the channel-level settings to define the channel’s collaboration policy.
At the team level, there will be channel owners. Indeed, the creator-owner of the channel can appoint other owners. These owners may be different from the team, depending on who is in charge of the information.
Team owners will not necessarily have access to shared channels. Nevertheless, they will have visibility on the list of shared channels created in the team and the list of owners of each channel.
The main change and focus is on membership management. Previously, member management was only done at the team level. Now it will be necessary for the owner to make a review of the members, in the team and also in the shared channels.
Workplace teams will need to train team owners on these changes and the best practices to follow.
When shared channels are deployed, they will not be enabled by default, as mentioned before. IT teams will be able to activate this functionality and set up the associated configurations.
You have to keep in mind that shared channels will have an impact on the management of the Teams tool and the management of external identities.
As a first step, administrators will need to define a new channel strategy for the Microsoft Teams tool.
As with private channels, they may or may not decide to open certain options:
Depending on the options chosen, especially with the opening to external users, there may be impacts on the configurations and security policies.
Attention must be paid to identity management.
Some Azure AD configurations will change. Guests (people with Azure Active Directory guest accounts) cannot be added to a shared channel. However, people outside the organization can be invited to participate in a shared channel using Azure AD B2B direct Connect.
This means that partners and guests must be trusted. Part of the life cycle management (identity, authentication) will be managed directly by the external entity.
Attention must also be paid to the management and control of permissions over time. As a reminder, members of a shared channel and a private channel can be different, the management must be done on two levels. It will be necessary to check what is accessible, what permissions are given over time.
Finally, Microsoft announced that shared channels would be integrated with the various security and compliance tools (eDiscovery, Microsoft Purview Information Protection). Beyond this technical compatibility, optimizations are to be expected and some processes must be adapted. For example, in Azure AD Access Review, it will then be possible to run member review campaigns on these shared channels just like for teams. However, it will not be possible to distinguish between them, which could lead to confusion for users.
Microsoft developments, such as the advent of shared channels, directly impact data protection policies. These must be constantly adapted to mitigate new risks of data overexposure and security flaws related to usage.
The increasingly predominant role of the user in the management and governance of data (access, permission, members, channels, etc.) reinforces the idea that this must be accompanied by a precise security framework. A security framework that supports a fluid, ergonomic and intuitive user experience. Because the user is indeed a key element in the access review and essential in the management of collaboration tools such as Microsoft Teams.
This is why we must be able to give the user the means, that is to say, the right tools, to respect this framework. It’s also an opportunity to review your security policy for distributed detection where everyone has a role to play in managing and reviewing permission.
IDECSI has developed a unique solution to meet this need to simplify the access review by effectively involving the employee in the security system. In addition, the expert solution provides continuous detection of threats and risks on M365.
Subscribe to our newsletter and receive new contents every month