Microsoft Teams: Security and Compliance information for more Apps and Agents

🚨 The Signal: Admins can now view security and compliance data for all Microsoft Teams apps and agents, including those not Microsoft 365 certified or publisher attested. This enhances visibility for risk assessment.

The Impact

Security teams and Teams admins are affected, gaining better visibility into third-party app risks within Teams.

• Security Teams: Enhanced risk assessment for uncertified Teams apps.
• Teams Admins: Streamlined app evaluation and approval workflows.
• Compliance Officers: Better data for auditing third-party app usage.
• Organisational Security: Reduced shadow IT risk from unvetted applications.

The Action

1. Review existing Teams app governance policies for third-party applications.
2. Familiarise with the new security and compliance data available in Teams admin center.
3. Leverage Microsoft Defender for Cloud Apps (MDA) insights for deeper analysis of uncertified apps.
4. Update internal app approval processes to incorporate this enhanced visibility.
5. Communicate updated app evaluation guidelines to relevant stakeholders.

Domain: Defender · Impact: medium · Workload: Teams · Essential Eight: Application Control · ISM: ISM-0843, ISM-1490, ISM-1544, ISM-1582, ISM-1656, ISM-1657, ISM-1658, ISM-1659, ISM-1660, ISM-1870, ISM-1871