*
en | de
All Content
Timespan
explore our new search
What’s new for security in the new Microsoft Teams 2023
Image Source: Shutterstock.com
Teams
Sep 11, 2023 6:18 PM

What’s new for security in the new Microsoft Teams 2023

by HubSite 365 about Microsoft

Software Development Redmond, Washington

Pro UserTeamsM365 Release

Stay updated on security enhancements in the latest Microsoft Teams version, with architectural changes and improved deployment mechanisms.

Microsoft has announced an upgrade to the Microsoft Teams desktop app, introducing a host of fresh security enhancements. The software no longer depends on custom solutions for deployment and updates, but uses natively supported MSIX packages and App Installer by Windows. This approach mitigates the risk surface and reduces maintenance overhead significantly. The new version installs in a privileged location, safeguarding its executable files from non-admin users' interference.

Microsoft Teams has transitioned from Electron to Edge WebView2, leading to various efficiency benefits. The software uses WebView2 in an 'evergreen' distribution model, allowing for shared utilities between apps like Teams and Outlook. Classic Teams' clients receive applicable security fixes from Chromium, but the switch to evergreen WebView2 allows more faster security updates. Moreover, the new version's lighter and leaner, with a size of less than 12 megabytes compared to the old Teams exceeding 134 megabytes.

This upgrade delivers several advancements on the web. The new Teams has a modernized web framework using React, favoring secure code writing for engineers. There have been significant strides in reducing cross-site scripting attacks (XSS), and adoption of Trusted Types to prevent client-side XSS. Microsoft welcomes user feedback and active participation in improving Teams, urging users to report any security flaws they encounter through the MSRC Researcher Portal.

Extra: A Closer Look at Microsoft Teams' Security Transformation

Microsoft Teams' transition to a secure desktop app is substantial, focusing on cutting down risk and optimizing efficiencies. Microsoft aimed to minimize dependence on bespoke solutions by leveraging native Windows technologies like MSIX and App Installer. The result is a considerably squashed risk surface and lesser maintenance costs. These changes signify Microsoft's direction towards security, with an emphasis on protecting Teams' executable files from unsolicited changes and maintaining user data security.

The shift from Electron to Edge WebView2 indicates a strategic emphasis on efficiency and storage. As a lighter software, Teams can operate smoothly across various devices with different capacities, making it more accessible. Enhanced security features, like efforts towards mitigating XSS attacks and adopting Trusted Types, show that Microsoft is committed to tightening security, which is encouraging for users regularly sharing sensitive information through the platform.

 

Read the full article Latest Security Features and Updates in Microsoft Teams

Learn about Latest Security Features and Updates in Microsoft Teams

In our latest report, Microsoft recently announced an updated version of the Microsoft Teams desktop app. This newly updated Teams app has introduced a host of security improvements that reduce both risk surface and maintenance costs compared to using a custom installer and updater. This is possible because it now leverages MSIX packages and App Installer, both natively supported by Windows.

  • Teams no longer depends on custom solutions for deployment and updates. Instead, it relies on Windows-native MSIX packages and App Installer. This significantly reduces the risk surface and maintenance cost.
  • Microsoft is transitioning away from installing Teams in the user profile, which previously allowed common post-exploitation activities, such as maintaining persistence. The new Teams now installs in a privileged location via App Installer, safeguarding its executable files from tampering by non-administrator users.
  • Teams is shifting from Electron to Edge WebView2. Both are based on the same Chromium browser engine, but WebView2 offers various efficiencies. For instance, the Teams app on Windows, utilizing the evergreen distribution model, enables WebView2 to update independent of the Teams client and share across multiple embedding apps, saving storage space. The evergreen model also provides a secure runtime for embedding apps.

It is worth noting that even though there is a program in place to ensure that classic Teams clients receive appropriate security fixes from Chromium, switching to the WebView2 runtime allows Microsoft to reduce the associated workload. For more on the architectural changes, you can refer to Advantages of the new architecture.

 

More links on about Latest Security Features and Updates in Microsoft Teams

Security guide for Microsoft Teams overview
Aug 16, 2023 — Security advice and learnings for IT admins in installing, configuring, and maintaining Microsoft Teams.
What's new in Microsoft Teams
Get the latest info on new features for Microsoft Teams with these regularly updated release notes.
What's new for security in the new Microsoft Teams?
Apr 25, 2023 — Safer deployment with MSIX · Faster updates with Edge WebView2 runtime · Less bloated application · Better security on the web with Trusted Types.
Overview of security and compliance - Microsoft Teams
Apr 5, 2023 — An overview of Microsoft Teams security and compliance features including privacy and encryption, auditing and reporting, and more.
Security, Compliance, and Privacy | Microsoft Teams
Backed by Microsoft 365, Microsoft Teams helps safeguard your data and privacy, and helps your company stay compliant. From safer video meetings to ...

Keywords

Microsoft specialist, Microsoft professional, Microsoft authority, Microsoft adviser, Microsoft consultant