With Zoom under fire, Microsoft rushes to boost Teams security

Microsoft is accelerating plans to release new security features and IT controls for the video conferencing portion of Microsoft Teams.

The move comes as rival online meetings provider Zoom faces widespread criticism over security and privacy lapses.

Some of the planned upgrades are like measures Zoom took to thwart "Zoombombing," a practice through which uninvited visitors disrupt meetings.

Microsoft said it fast-tracked the enhancements in response to demand from customers, who are using Teams more than ever before amid the coronavirus pandemic.

However, at least one Teams customer feels IT departments still won't have enough control over meetings after the features take effect. 

Phillip Lyle, an IT leader at Chapman University, wants to require all meeting attendees to wait in a virtual lobby until a host lets them in. Teams predecessor Skype for Business keeps internal meetings private by supporting such a configuration.

Microsoft will not go as far as Lyle would like. Instead, it will change its default settings so only guests outside of the host organization will enter through a lobby. That means any internal user with the meeting link can still join without a roadblock.

Lyle also wants Microsoft to let IT admins lock certain features while still allowing individual users to customize default settings. Zoom and Skype for Business let users do this.

"Microsoft made an announcement over a year ago that they were at feature parity with Skype for Business," Lyle said. "But obviously, there are some really good features that are still missing in Microsoft Teams that I think they need to catch up on."

That said, the features added to the roadmap this month will go a long way towards securing Teams meetings, said Lyle, assistant vice president of enterprise infrastructure at the university. "We'll put some of them to use immediately."

Another change will let IT admins set company-wide rules regarding who can share visual content in a Teams meeting. Currently, everyone can share materials in a session by default, a setting that hosts can change only on a case-by-case basis.

Microsoft will also make it easier for hosts to change lobby and presenter settings once a meeting has started. A new button for accessing those controls will appear prominently in the interface.

To counter miscreants who try to take over meetings, Microsoft recently gave hosts the option of shutting down the event. Previously, sessions persisted until the last person left the gathering.

Additional adjustments will prevent external guests from seeing the telephone numbers of other users and will let meeting organizers download a report on everyone who attended an event.

Zoom recently made similar adjustments to its platform. The vendor now requires the use of pre-meeting lobbies and passwords by default. It also added a "security" button to the meeting interface to provide quick access to settings.

In addition to Zoombombing, Zoom has come under fire for sharing users' device data with Facebook and for allegedly overstating how securely it encrypts video communications.

The incidents have heightened scrutiny of the security risks posed by video conferencing platforms, including by members of Congress and federal law enforcement agencies.

Microsoft has slated the launch of the new Teams meeting features for some time in April and May. Lyle hopes Microsoft gives IT admins advance warning before each upgrade takes effect.

A change to the default settings of Zoom left his team scrambling earlier this month after the vendor failed to give customers proper notice. "We don't want the same thing to happen with Teams," Lyle said.