Use Microsoft Teams securely on shared computers

When possible, it's recommended Enterprises make use of a Zero Trust approach to client devices making use of device management capabilities, device health checks and policy enforcement, device-level encryption, and other security features.

Administrators can create secure conditions by insisting on verification, least privilege, and by assuming compromise--standards that lead to actions that minimize risk to both users and data.

Tip

For a deeper examination of Zero Trust principles, see these videos.

Tips for using Microsoft Teams securely from a shared computer

Recognizing that this might not be possible or practical in all scenarios, it's still important for security administrators to follow guidance for using Teams from a shared computer or unmanaged device as best they can.

Plans should be developed to adhere to guidelines as promptly as is possible.

1. Use Operating System platform security capabilities.
   1. Ensure that the operating system is configured to install automatic updates from the Operating System provider (for Microsoft systems, this can be accomplished via Windows Update).
   2. Ensure that any device encryption capabilities such as bitlocker are enabled, and the key used to access the device is secured. Note that most modern Windows 10 devices support bitlocker.
   3. Use anti-virus capabilities such as those offered by Windows Defender on your devices.
   4. Use of separate user accounts for each user of the system is highly recommended.
   5. Don't grant, or use, administrator privileges for nonadministrative functions (such as browsing the web, running Teams, et cetera).

If the guidance above can't be met, we recommend using other browser security best practices:

1. Automatically delete browser data.

   1. Configure your browser to automatically delete the browser history and data regularly, or whenever the browser is closed. This protects privacy without affecting how Microsoft Teams works. You can find instructions on how to set this up in the documentation for Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari.
   2. Private browsing sessions, such as inPrivate browsing in Microsoft Edge or Incognito Mode in Google Chrome, can help minimize the data and history that's saved to your device. However, using Microsoft Teams on the web in private browsing sessions may lead to performance issues if cookies or services used by Microsoft or third-party apps in Teams are blocked.

2. Browse to and use the Teams web app (sometimes called the web client) not the downloadable Teams client.

3. When you're done using the shared system, you must:

   1. Sign out of Teams.
   2. Close all browser tabs and windows.
   3. Sign out of the device.

The items above aren't a comprehensive list of best practices or security controls covering all cases, and there might be extra actions that can be taken in your environment (for instance, security administrators might choose to use Safe Links and Safe Attachments for Teams if you have Microsoft Defender for Office 365 Plan 1 or Plan 2). However, these steps are a starting point for building guidance for using Teams from shared devices.

More Information

BitLocker in Configuration Manager

BitLocker for Windows 10 in Intune

Endpoint security in Intune

Enable Microsoft Defender Antivirus in your Windows Security and run scans

Microsoft Defender security center article

Teams web client/teams web app

Security and Microsoft Teams