Forum Discussion

Marius Pretorius's avatar
Marius Pretorius
Iron Contributor
Feb 08, 2018

Using Teams as Admin Hub in Schools

I don't know if my concern is addressed anywhere. If it is, please point me to it. I am looking to propose Ms Teams as Admin hub in our school, however, there are a few areas of concern. One of them being security.

Is it advisable to store high risk documents such as exams in Teams? What I envisage is having a Team per subject for admin/collaboration purposes between staff members. The assessment/exam would be stored in Teams, together with the memorandum/marking guidelines and the moderation of these, but if this can be accessed from any device, such as phone, tablet, laptop, which can be anywhere and at risk of being accessed by a family member - what are the implications and how does one address this concern?

Currently, we are trying this out with a few individual staff members and it is working brilliantly. In the team we create a channel per assessment and keep everything together. The tabs can be used to display prominent documents. However, I am a but apprehensive to present this as a solution to the Principal because I know her first concern will be the security.

One could implement a password policy on the document level but has anyone perhaps another solution or thought on this topic?

3 Replies

  • Hasan Yildirim's avatar
    Hasan Yildirim
    Copper Contributor

    Hi . 

     

    I know what you mean. although MS Teams is a great tool you must setup the security. 

    1. Prevent Students for accessing with conditional Access policy 

    2. Setup a policy for sharing these documents outside the organisation 

    3. Prevent Sharing with entiry organisation

    4. take the right steps for setting up guest accounts on, MS TEAMS, SharePoint online , Outlook Groups and More. 

    5. Secure your Azure AD 

    6. Setup policy about third party add-ons , get this one managed. 

    7. really put some effort into the security and complaince center, this will help you a lot. 

     

    For indivdual MS TEAMS , you can put some extra effort for security 

     

    Keep in mind that maybe your students are in the same tenant , which could be a security risk because a user could share a document with the entire organisation. 

     

    Hope this will help. 

     

     

     

  • Hi Marius

     

    We migrated all file shares to Files within Teams for 12 schools with 600 teachers.

     

    There will always be risks involved when allowing access to data externally, whether it's email on a mobile device, remote access to the office or data in a cloud service, so you will have to consider accessibility and usability up against security and risks.

     

    Personally I think the most important job to prevent data leakage is educating your users. If you find that you need further security measures look into enabling https://blogs.technet.microsoft.com/skypehybridguy/2017/09/01/microsoft-teams-manage-it-using-mobile-application-management-mam/ (Mobile Application Management) or https://blogs.technet.microsoft.com/skypehybridguy/2017/08/31/microsoft-teams-restrict-usage-with-azure-ad-conditional-access/.

    • Anthony Elgan's avatar
      Anthony Elgan
      Copper Contributor

      The thing you need to remember is that anyone in a team can see any of the files in any of the folders in the channels on that team.  If they use Delve then they can see quite a few things that they may not know they have access to.  This is why it is important to restrict documents through the document protection features in Office 2016 to secure your files.  Then even though someone can see the file is there, they won't be able to access it unless you have allowed access.  Putting the document in a folder on Teams is very secure, but protecting the document itself will keep prying eyes from seeing things they shouldn't be looking at.  Until Microsoft enables the ability to restrict team member access to channels (private channels) you should always remember to protect the documents in channels you don't want other team members looking at.

Resources