Microsoft Teams: New VDI solution for Teams optimization in Amazon WorkSpaces

🚨 The Signal: Microsoft Teams now optimizes audio/video in Amazon WorkSpaces, offloading media processing to the local device. This improves performance but shifts some media processing outside the VDI boundary, requiring re-evaluation of data flow and endpoint security.

The Impact

Security teams are affected by new data flows, creating a risk of unmonitored media streams and potential endpoint compromise.

• Security teams: Risk of unmonitored media data leaving the VDI environment.
• Security teams: Risk of local endpoint compromise impacting Teams media streams.
• Network architects: Need to review network traffic paths for Teams media.
• Compliance officers: Potential impact on data residency and transit policies.

The Action

1. Review existing endpoint security policies on devices accessing Amazon WorkSpaces for media processing.
2. Assess network traffic logs to identify new Teams media offloading patterns.
3. Update data flow diagrams to reflect media processing outside the VDI for Teams in Amazon WorkSpaces.
4. Verify that local device security controls adequately protect offloaded Teams media data.
5. Consult ASD ISM guidelines for VDI and remote access to ensure compliance with new media processing architecture.

Domain: Teams · Impact: high · Workload: Teams · Essential Eight: User Application Hardening · ISM: ISM-1412, ISM-1485, ISM-1486, ISM-1542, ISM-1585, ISM-1667, ISM-1668, ISM-1669, ISM-1670, ISM-1823, ISM-1824, ISM-1859, ISM-1860