Teams policies

  • Last update on November 11th, 2024

The remediation action for Teams policies is NOT available in the Essentials solution.

 

Microsoft Teams has the potential to grow out of control easily and quickly. From a security perspective, new teams and channels can be created effortlessly, files and other data can be added without ensuring proper user access, guest users can be added indefinitely, and there is little motivation to clean up unused resources.

Moreover, from a productivity standpoint, the accumulation of files and data in Teams can make it challenging for employees to locate the correct and most relevant information. Teams policies provide recommended practices to enhance both security and productivity.

The list below provides an overview of the Teams management out-of-the-box policies, the type of remediation action they are to execute, and which remediation settings you can configure.


Empty Teams groups

Show more

Description

This policy quickly identifies Microsoft Teams groups that currently have no members. 

It provides the group's name, confirms the member count is zero, indicates the type of access, and shows when the group was last modified and created.

It's a simple way to spot and clean up any unused Teams groups in your organization.

Impact on your tenant

Empty Teams groups can clutter the organization's Teams environment and make it harder for users to find relevant groups. Regularly identifying and removing these empty groups will improve navigation, reduce confusion, and optimize resource usage. It may also prevent users from accidentally joining or using outdated or abandoned groups.

Remediation action

Execute the action “Archive Teams group” or “Remove Teams group”

What you can configure

  • Choose between two actions: “Archive Teams group” or “Remove Teams group”
  • Schedule the recurrence of the remediation action
  • Enable/disable the email alert if the workflow fails
  • Schedule the recurrence of the remediation action
 
 

Guest users in Teams groups

Show more

Description

This policy provides a list of guest users in Microsoft Teams groups. 

It displays their principal name, display name, and confirms their guest status as true. 

Additionally, it shows the display name of the Microsoft 365 group they're part of, as well as the group's unique identifier (GUID). This helps you manage guest access within your Teams environment efficiently.

Impact on your tenant

Regular monitoring of guest users in Teams groups is crucial for maintaining security and compliance. It helps prevent unauthorized access, ensures appropriate data sharing, and allows for timely removal of unnecessary guest accounts, reducing potential security risks and improving overall collaboration efficiency.

Remediation action

  1. Send attestation to a specified recipient (optional)
  2. Execute the action “Remove Teams member”

What you can configure

  • Change the recipient of the attestation to either the group owner, a custom address, or choose not to send the attestation
  • Insert an additional message
  • Set time-out days (min: 1 day – max: 180 days)
  • Enable/disable the email alert if the workflow fails
  • Schedule the recurrence of the remediation action
 
 

Inactive Teams groups

Show more

Description

This policy leverages information about Microsoft Teams groups that have been inactive for the last 180 days. 

It gets the name of each group, its unique identifier (GUID), and the date of the last activity.

This tool is useful for identifying and possibly cleaning up Teams groups that are no longer active or needed.

Impact on your tenant

Inactive Teams groups might indicate underutilized resources or groups that are no longer needed. Regularly reviewing these groups ensures that only active, necessary groups are retained, reducing clutter and potential confusion.

Remediation action

  1. Send attestation to a specified recipient (optional)
  2. Execute the action “Archive Teams group” or “Remove Teams group”

What you can configure

  • Change the recipient of the attestation to either the group owner, a custom address, or choose not to send the attestation
  • Insert an additional message
  • Set time-out days (min: 1 day – max: 180 days)
  • Choose between two actions: “Archive Teams group” or “Remove Teams group”
  • Enable/disable the email alert if the workflow fails
  • Schedule the recurrence of the remediation action
 
 

Public Teams groups

Show more

Description

This policy is set up to list all public Microsoft Teams groups. 

It shows the name of each group, the display name, and confirms that the access type is set to public. 

This tool is beneficial for reviewing and managing the visibility and accessibility of Teams groups within your organization.

Impact on your tenant

Public Teams groups can expose internal conversations and files to unintended audiences, increasing the risk of data leaks. Regularly reviewing the necessity and permissions of these groups ensures secure communication.

Remediation action

  1. Send attestation to the Group Owner or to a specified recipient (optional)
  2. Execute the action “Archive Teams group” or “Remove Teams group”

What you can configure

  • Change the recipient of the attestation to either the group owner, a custom address, or choose not to send the attestation
  • Insert an additional message
  • Set time-out days (min: 1 day – max: 180 days)
  • Choose between two actions: “Archive Teams group” or “Remove Teams group”
  • Enable/disable the email alert if the workflow fails
  • Schedule the recurrence of the remediation action
 
 

Teams groups without multiple owners

Show more

Description

This policy is focused on identifying Microsoft Teams groups that include guest users and are tagged with specific sensitivity labels. It lists the UPN, the display name, and confirms the presence of guest users. 

It also shows the display name and unique identifier (GUID) of the Microsoft 365 group, along with the applied sensitivity labels. 

This tool is useful for ensuring that guest access in Teams is compliant with the organization's data handling and security policies.

Impact on your tenant

Teams groups without multiple owners are at risk of becoming orphaned. Assigning multiple owners ensures continuous management and accountability.

Remediation action

Send a communication to the group's email owner or a specific recipient

What you can configure

  • Change the recipient of the communication to either the group owner or a custom address
  • Enable/disable the email alert if the workflow fails
  • Schedule the recurrence of the remediation action
 
 

Teams groups without owners

Show more

Description

This policy identifies Microsoft Teams groups that currently have no assigned owners. It lists the name of each group, the display name, and the primary SMTP address associated with the group. 

It also verifies that the total number of owners is zero, indicating that these groups lack owner management. 

This tool is critical for ensuring that all Teams groups have responsible individuals assigned for proper governance and oversight.

Impact on your tenant

Teams without owners cause difficulties if no one is monitoring usage of the team, which can result in inappropriate members being added to the team, sensitive content being shared, and no one there to curate or manage. Microsoft recommends a minimum of two group owners per Team. This workflow allows you to email a specified user or all members of the Team requesting that they identify and add a Team owner.

Remediation action

Send a communication to the group's email owner or a specific recipient

What you can configure

  • Change the recipient of the communication to either the group's email or a custom address
  • Enable/disable the email alert if the workflow fails
  • Schedule the recurrence of the remediation action
 
 

Teams never used

Show more

Description

This report gathers Teams that show no activity over time.

Impact on your tenant

Unused Teams in a system pose security risks by offering attackers potential entry points and complicating access control, making systems vulnerable to both external and internal threats. Regularly auditing and removing these Teams is essential to uphold security best practices, ensuring access is limited to active, necessary users only.

Remediation action

Remove Teams group.

What you can configure

  • Enable/disable the email alert if the workflow fails
  • Schedule the recurrence of the remediation action
 
 

Teams with guest users with a certain sensitivity label

Show more

Description

This policy is set up to identify SharePoint sites where files have been shared with external users. It includes the UPN, the date of the last activity, and the licenses associated with the user. 

Additionally, it provides data on the number of active files, files synced, files shared internally, and files shared externally in the last 30 days, as well as the number of pages visited in the same time frame. 

This tool is vital for monitoring external sharing activities and maintaining control over the distribution of files outside the organization.

Impact on your tenant

Teams groups with guest users can introduce security challenges. Ensuring that these guests are necessary and properly managed helps maintain a secure environment.

Remediation action

  1. Send attestation to a specified recipient (optional)
  2. Execute the action “Remove Teams member”

What you can configure

  • Change the recipient of the attestation to either the group owner, a custom address, or choose not to send the attestation.
  • Insert an additional message
  • Set time-out days (min: 1 day – max: 180 days)
  • Choose between two actions: “Archive Teams group” or “Remove Teams group”
  • Enable/disable the email alert if the workflow fails
  • Schedule the recurrence of the remediation action