Microsoft has announced an upgrade to the Microsoft Teams desktop app, introducing a host of fresh security enhancements. The software no longer depends on custom solutions for deployment and updates, but uses natively supported MSIX packages and App Installer by Windows. This approach mitigates the risk surface and reduces maintenance overhead significantly. The new version installs in a privileged location, safeguarding its executable files from non-admin users' interference.
Microsoft Teams has transitioned from Electron to Edge WebView2, leading to various efficiency benefits. The software uses WebView2 in an 'evergreen' distribution model, allowing for shared utilities between apps like Teams and Outlook. Classic Teams' clients receive applicable security fixes from Chromium, but the switch to evergreen WebView2 allows more faster security updates. Moreover, the new version's lighter and leaner, with a size of less than 12 megabytes compared to the old Teams exceeding 134 megabytes.
This upgrade delivers several advancements on the web. The new Teams has a modernized web framework using React, favoring secure code writing for engineers. There have been significant strides in reducing cross-site scripting attacks (XSS), and adoption of Trusted Types to prevent client-side XSS. Microsoft welcomes user feedback and active participation in improving Teams, urging users to report any security flaws they encounter through the MSRC Researcher Portal.
Microsoft Teams' transition to a secure desktop app is substantial, focusing on cutting down risk and optimizing efficiencies. Microsoft aimed to minimize dependence on bespoke solutions by leveraging native Windows technologies like MSIX and App Installer. The result is a considerably squashed risk surface and lesser maintenance costs. These changes signify Microsoft's direction towards security, with an emphasis on protecting Teams' executable files from unsolicited changes and maintaining user data security.
The shift from Electron to Edge WebView2 indicates a strategic emphasis on efficiency and storage. As a lighter software, Teams can operate smoothly across various devices with different capacities, making it more accessible. Enhanced security features, like efforts towards mitigating XSS attacks and adopting Trusted Types, show that Microsoft is committed to tightening security, which is encouraging for users regularly sharing sensitive information through the platform.
In our latest report, Microsoft recently announced an updated version of the Microsoft Teams desktop app. This newly updated Teams app has introduced a host of security improvements that reduce both risk surface and maintenance costs compared to using a custom installer and updater. This is possible because it now leverages MSIX packages and App Installer, both natively supported by Windows.
It is worth noting that even though there is a program in place to ensure that classic Teams clients receive appropriate security fixes from Chromium, switching to the WebView2 runtime allows Microsoft to reduce the associated workload. For more on the architectural changes, you can refer to Advantages of the new architecture.
Microsoft specialist, Microsoft professional, Microsoft authority, Microsoft adviser, Microsoft consultant