Microsoft Teams
This section describes the configuration of Microsoft Teams associated with systems built according to guidance in ASD's Blueprint for Secure Cloud.
Estimated reading time: 2 minutes
Instruction
The below pages outline the as built configuration for ASD’s Blueprint for Secure Cloud (the Blueprint) for the Microsoft Teams admin portal at the following URL:
https://admin.teams.microsoft.com/
The settings described on these pages provide a baseline implementation for a system configured using the Blueprint. Any implementation implied by these pages should not be considered as prescriptive as to how an organisation must scope, build, document, or assess a system.
Implementation of the guidance provided by the Blueprint will differ depending on an organisation’s operating context and organisational culture. Organisations should implement the Blueprint in alignment with their existing change management, business processes and frameworks.
settings in a Microsoft 365 tenancy exactly as outlined in the Configuration pages of the Blueprint. Organisations should ensure they customise configuration of their Microsoft 365 tenancies in accordance with their own design decisions and requirements, deviating from the Blueprint (including automated configuration files) where appropriate.
Placeholders such as <ORGANISATION.GOV.AU>, <BLUEPRINT.GOV.AU> and <TENANT-NAME> should be replaced with the relevant details as required.
Automated Configuration Deployment and Assessment
Overview
All of the Teams configurations can be automatically deployed using Microsoft 365 Desired State Configuration (DSC).
All of the Teams configurations can be automatically assessed using M365DSC Blueprint.
Desired State Configuration
Before using the below Microsoft 365 Desired State Configuration (DSC) file, please refer to Automated Deployment for instructions.
| Desired State Configuration File |
|---|
| Download Teams DSC (.ps1) Note: download the linked .txt file and rename to .ps1 |
| Configuration Data File: |
| The Configuration Data File can be found on the Automated Deployment page. |
Service Principal permissions
To import the DSC as per the instructions on the Automated Deployment page, the following permissions will need to be added to the Service Principal:
"TeamsAppPermissionPolicy", "TeamsAudioConferencingPolicy", "TeamsCallHoldPolicy", "TeamsCallingPolicy", "TeamsChannelsPolicy", "TeamsClientConfiguration", "TeamsComplianceRecordingPolicy", "TeamsDialInConferencingTenantSettings", "TeamsEventsPolicy", "TeamsFederationConfiguration", "TeamsFeedbackPolicy", "TeamsGroupPolicyAssignment", "TeamsGuestCallingConfiguration", "TeamsGuestMeetingConfiguration", "TeamsGuestMessagingConfiguration", "TeamsMeetingBroadcastConfiguration", "TeamsMeetingBroadcastPolicy", "TeamsMeetingConfiguration", "TeamsMeetingPolicy", "TeamsMessagingPolicy", "TeamsOrgWideAppSettings", "TeamsPstnUsage", "TeamsShiftsPolicy", "TeamsTemplatesPolicy", "TeamsTenantDialPlan", "TeamsTenantNetworkRegion", "TeamsTenantNetworkSite", "TeamsTranslationRule", "TeamsUpdateManagementPolicy", "TeamsUpgradeConfiguration"
Teams
This section describes the configuration of teams within Microsoft Teams associated with systems built according to guidance in ASD's Blueprint for Secure Cloud.
Users
This section describes the configuration of users within Microsoft Teams associated with systems built according to guidance in ASD's Blueprint for Secure Cloud.
Teams apps
This section describes the configuration of apps within Microsoft Teams associated with systems built according to guidance in ASD's Blueprint for Secure Cloud.
Meetings
This section describes the configuration of meetings within Microsoft Teams associated with systems built according to guidance in ASD's Blueprint for Secure Cloud.
Messaging
This section describes the configuration of messaging within Microsoft Teams associated with systems built according to guidance in ASD's Blueprint for Secure Cloud.
Voice
This section describes the configuration of voice services within Microsoft Teams associated with systems built according to guidance in ASD's Blueprint for Secure Cloud.