Microsoft Teams: Cross location Shifts

🚨 The Signal: Teams Shifts now allows frontline workers to pick up shifts across multiple locations. This expands the pool of available workers for managers but introduces new identity and access considerations for security teams.

The Impact

Frontline workers and managers are affected, with a security risk related to expanded access and potential for privilege creep if not managed.

• Frontline workers: May gain access to resources in new locations, increasing potential attack surface.
• Managers: Can assign shifts across locations, requiring review of their administrative scope.
• Security Teams: Must review identity and access policies for cross-location shifts.
• Compliance Teams: Need to ensure location-based access controls remain compliant with ISM.

The Action

1. Review existing Microsoft Teams Shifts policies for location-based access controls.
2. Assess Entra ID group memberships and conditional access policies for frontline worker roles.
3. Verify that administrative roles for Shifts managers are appropriately scoped to prevent over-privileging across locations.
4. Update security awareness training for frontline workers regarding cross-location access implications.
5. Document changes to access control policies in your ISM and PSPF compliance records.

Domain: Teams · Impact: medium · Workload: Teams · Essential Eight: Restrict Administrative Privileges · ISM: ISM-0445, ISM-1175, ISM-1380, ISM-1507, ISM-1508, ISM-1509, ISM-1647, ISM-1648, ISM-1650, ISM-1686, ISM-1688, ISM-1689, ISM-1883, ISM-1897, ISM-1898