The Enabling Technologies Blog


Chris Stegh / / Categories: Microsoft Teams

Avoid Zoom's Missteps when Using Teams

Zoom's CEO appeared on CNN 4/5/20, admitting they've moved too fast and had some missteps. The recent issues were summarized by the BBC (see “Dismal Security” section). Zoom stated that they’d freeze other feature development for 90 days while remediating.  

Microsoft Teams is a more secure platform, but some of its security features aren't on by default. For the best detail, watch Enabling’s webinar on Teams SecurityIt outlines how to navigate the tradeoffs between productivity and security. Several lessons from Zoom’s news are summarized here.  

How to avoid Zoombombing with Teams:  

There are several settings necessary to keep intruders from sharing or interrupting Teams meetings. The main steps are to:  

  1. Ensure those that join your meetings are attendees (and not presenters) 
  2. Use lobby to prevent attendees from joining automatically  
  3. Mute all attendees to keep attendees from interrupting  

Marquette University has compiled for a summary of these settings with screenshots.  

 How Microsoft Protects Passwords   

One of the reasons Zoom was so easy to set up was that it hadn’t been enforcing passwords. Microsoft’s considers identity to be the security perimeter (and the most vigorously attacked by bad actors).  

The login process for MSFT Teams is governed by Azure ADExamples of how Azure AD can protect identities include: 

 Support for End-to-end encryption   

Without end-to-end encryption, it’s possible to intercept videoconferences. It’s no wonder controversy erupted when the UK government used it for work-from home conferences.   

Network communications in Teams are encrypted by default. By requiring all servers to use certificates and by using OAUTH, TLS, Secure Real-Time Transport Protocol (SRTP), and other industry-standard encryption techniques, including 256-bit Advanced Encryption Standard (AES) encryption, all Teams data is protected on the network. This comes from Microsoft’s Security and Teams page.  

Protecting Data  

The UK government decided to share their Personal Zoom Meeting IDs in a screenshot, which violates a Zoom advice to “Avoid using your Personal Meeting ID (PMI) to host public events.” Teams creates unique meeting IDs and won’t allow external conferees to eavesdrop on standing, virtual meetings.  

Microsoft’s Trust Center defines the details of how MSFT will not share data with third parties. Only a contracted subprocessors have access to customer data, limited to that for which MSFT contracts them. Each organization has controls to protect data from leaking through Teams. 

Summary  

A CompSci Professor at Princeton grabbed headlines by saying “Zoom is malware. Enabling’s take is less brash. For organizations that are more concerned about security and productivity, Teams does make the industry’s best solution. Teams and Zoom aren’t squarely in the same product category, since video conferencing is just one spoke attaching to Teams’ hub of communications.   

As with any software decision, some tradeoffs must be made, but Teams users can rest assured that security is not an afterthought  

Postscript Teams is also available in a new consumer version, https://www.microsoft.com/en-us/microsoft-365/microsoft-teams/teams-for-home for families/friends to use during shelter-in-place. All of the features mentioned above have not been vetted for the consumer version (nor consumer Skype). 

 

Subscribe to Email Updates

Refine by

To expand the list, please click on the double arrows.

 

Search by Category or Author:

ref:_00D80KtFf._5000y1WwWQD:ref