Microsoft Teams Security Guide | Information Technology | University of Pittsburgh

You are here

Microsoft Teams Security Guide

This document provides guidance on how to store and use the University of Pittsburgh’s Teams service securely.  It is the responsibility of the Team owner to make the proper configuration changes outlined in this document.  The Team owner must also securely manage the access to the team site.

Using Microsoft Teams to store and access sensitive data by the appropriate people can be achieved by updating the settings of an existing Team or by creating a new Team for the data with the proper settings.

Access to the data should be limited to those individuals that require access. This means the Team will need to be private, and only members added by the Team’s owners can access it. If there are to be individuals within the Team that need to collaborate but do not need to have access to some or all of the data, private channels within the Team can segregate data within the Team to control access.

It should not be possible for Team members to manage apps within Teams or add or remove tabs or connectors. These member settings can be found within the Settings section of the Manage Team option.

There are additional settings that must be made within the underlying SharePoint site associated with the Team.  Please refer to the SharePoint Security Guide for details on file-level permissions.

The above concepts are explained in the following steps:

  1. Create a Team
  2. Manage Members of the Team
  3. Manage Team Member Permissions
  4. Manage File Permissions in SharePoint