Now let me ask you, how secure is your Microsoft Teams? When was the last time you looked at how it was configured? While working on another side project I had the great idea of converting some of the work to Maester tests to help others have a quick look at how their Teams is configured. These tests aren’t the end all be all, but there are 45 tests to make your Microsoft Teams more secure. If you only copy them into your custom tests folder, please make sure to review why they passed or failed, as some are for awareness until I create exact tests for them.
I will be creating more, but thought this would be a great start for many so you can see what is possible and customize them to your organization. Hopefully, you will share yours as well to help others make their Teams more secure.
How to use them? All you have to do is copy the 3 files for each test into your Custom Tests folder, then use a “Find and Replace” for “Contoso” and put in your company name. If you don’t want to change any of the expected values, you are good to go to start running the tests. If you just want to see these new tests you can run Invoke-Maester -Tag “TEAMS.TC.*” and it will only show you these new tests.
Here are some of the tests and there is a link to the repo down below
| Anonymous Join Meeting – Anonymous users should not be allowed to join meetings |
| Anonymous Start Meeting – Anonymous users should not be allowed to start meetings |
| Anonymous Dial Out – Anonymous users should not be allowed to dial out to prevent toll fraud |
| App Sideloading – App sideloading should be disabled to enforce security review |
| Auto Admitted Users – Auto-admitted users should be restricted to prevent unauthorized access |
| Broadcast transcription settings should be reviewed |
| Call forwarding to phone should be reviewed |
| Channel meeting scheduling should be controlled |
| Broadcast recording settings should be reviewed |
| Chat settings should protect sensitive data |
| Broadcast attendee visibility should protect privacy |
| Chat permission roles should be reviewed |
| Email into Channel – Email into channel should be disabled to prevent bypassing email security controls |
| External collaboration should be configured with security controls |
| External non-trusted meeting chat should be disabled |
| External participants should not be allowed to give or request control |
| Federation should be restricted to specific allowed domains |
| Giphy content rating should be set to Strict if enabled |
| Guest IP video settings should be reviewed |
| Guest meeting chat settings should be reviewed |
| Guests should not be able to start ad-hoc meetings |
| Guest screen sharing should be limited to prevent data leakage |
| Guests should not control transcription |
| URL previews should be disabled to prevent information leakage |
Let me know what you think, feel free to create an issue if their is a test you would like to see and/or if you find any issues in the tests.
And for those wondering, the giphy ratings are strict, moderate, or turned off.
Tests Repo: https://github.com/DevClate/Custom-Maester-Tests/tree/main/tests/Teams/Configuration
Web Page: https://devclate.github.io/Custom-Maester-Tests/docs/intro/
Keep sharing, stay secure, and have a great day!
Leave a Reply