MS.TEAMS.5.2v1 - Agencies SHOULD only allow installation of third-party apps approved by the agency.

Information

Allowing Teams integration with third-party apps can expose the agency to potential vulnerabilities present in an app not managed by the agency. By allowing only specific apps approved by the agency and blocking all others, the agency can limit its exposure to third-party app vulnerabilities.

Solution

1. Sign in to the Microsoft Teams admin center.

2. Select Teams apps > Manage apps.

3. Select Org-wide app settings button to access pop-up options.
- Under Third-party apps turn off Third-party apps.
- Click Save.

4. Select Teams apps > Permission policies.

5. Select Global (Org-wide default).

6. Set Third-party apps to Block all apps, unless specific apps have been approved by the agency, in which case select Allow specific apps and block all others.

7. Click Save.

8. If custom policies have been created, repeat steps 4 to 7 for each policy, selecting the appropriate policy in step 5.

See Also

https://github.com/cisagov/ScubaGear/tree/v1.5.0/

Item Details

Category: ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|AC-2, 800-53|AC-3, 800-53|AC-4, 800-53|AC-5, 800-53|AC-6, 800-53|AC-10, 800-53|CA-2, 800-53|CA-7, 800-53|CA-8, 800-53|CM-2, 800-53|CM-5, 800-53|CM-6, 800-53|CM-7, 800-53|CM-11, 800-53|IA-2, 800-53|IA-4, 800-53|IA-5, 800-53|IA-8, 800-53|RA-5, 800-53|SA-11, 800-53|SA-15, 800-53|SA-22, 800-53|SI-2, 800-53|SI-4

Plugin: microsoft_azure

Control ID: a0cc8e2cc5758633a3ae5a9806c562952c859411a9822a40997051cba0eb2da7