The hidden nuances within your Microsoft Teams Security…and how to make them secure

Tobias West - CTO

By Tobias West

CTO at Torsion

On the face of it, Microsoft Teams permissions are quite simple. As an owner, you can add other owners and members to collaborate.

However, whenever a team is created in your Microsoft 365 estate, Microsoft Teams creates a SharePoint site, which in theory is managed by the permissions you grant and revoke to the Microsoft Team.

However, over time – as owners come and go – it’s common for people to add and remove people and permissions within the SharePoint site rather than the Microsoft Team. As a result, the permissions in the Team and the underlying SharePoint site become out of sync and there is a danger that owners don’t have a true understanding of ‘who has access to what’. If you’re managing permissions in the wrong place (in the SharePoint site) you are inadvertently giving access to data that you aren’t aware of.

We regularly see scenarios where somebody has added or removed somebody from the Team but another site owner has unknowingly deleted the permissions from the underlying SharePoint site resulting in people getting ‘access denied’ messages. When this happens it’s fairly obvious there’s a problem, but it becomes more dangerous when somebody has been granted access to the site through a slightly different mechanism and the access is hidden away in the nuances.

How Torsion improves Microsoft 365 Security

Not only does Torsion report on who has access to the MS Team, but it also reports on who has access to the SharePoint site, and to any library, file or folder that exists in that Team.

If Torsion spots any anomalies or inconsistencies between the MS Team and SharePoint sites, the data owner is alerted and notified that there is a security issue that needs attention.

Granular Microsoft 365 Security

Microsoft Teams SecurityMicrosoft does a very good job of encouraging users to collaborate in Microsoft 365. It’s fundamentally what Microsoft 365 is for.

But every time you share a document or you copy a link to a document, depending on how your M365 environment is configured, you could be in advertently giving everybody in the business access to those files and folders.

And again, as the business owner you won’t necessarily be aware of what’s going on at each and every file and folder level.

How does Torsion solve this? Because Torsion looks at the permissions for, not just a Team, but every single object that sits in that Team, we can show business owners exactly ‘who has access to what’. And if Torsion spots anything that doesn’t look ‘right’, it automatically cleans up the permissions and access.

Private Channels and Shared Channels

When it comes to Private Channels, and the most recent innovation from Microsoft – Shared Channels, it’s important to remember that every one of these also has its own SharePoint site. This means that your scope of control, as a business owner, is suddenly a lot wider, especially as more and more private channels get created. It’s quite common to see Teams with 10-15 private channels.

Again, this is where Torsion uses it’s intelligent automation to identify and control permissions at every single site, file or folder level. And presenting that as simply as possible to the business owner.