BIO 12.02.03 ISO A.16.1.2

Teams: Enable Report Security Concerns

📅 2025-10-30

•

⏱️ 2 minuten lezen

•

🟢 Should-Have

💼 Management Samenvatting

Enable 'Report security concerns' in Teams - users can report suspicious messages (phishing, malware links) → security team investigation.

Aanbeveling

IMPLEMENT

Risico zonder

Low

Risk Score

3/10

Implementatie

7u (tech: 2u)

Van toepassing op:

✓ Microsoft Teams

User reporting = human firewall: Phishing in Teams: Attackers use Teams chat/messages (not just email), Links to fake sites, malicious files, Users = first line of defense (spot suspicious messages before security tools), Report feature: Right-click message → 'Report a security concern' → forwarded to security team. Benefits: Early detection (users report phishing before widespread), Security awareness (users engaged in security), Incident response (security team investigates reported messages).

PowerShell Modules Vereist

Primary API: Microsoft Graph API
Connection: Connect-MicrosoftTeams
Required Modules: MicrosoftTeams

Implementatie

Report security concerns: Feature: Users right-click Teams message → 'Report a security concern', Message forwarded to: Security team email (configured), Investigation: Security analyzes reported message (phishing? malware?), Action: Block sender, delete message, awareness campaign.

Vereisten

Microsoft Teams
Security team email/process (receive reports)
User training: When to report (suspicious links, unexpected files)

Implementatie

Teams Admin Center → Messaging policies → Report a security concern: On → Security team email: security@organization.com. User training: Report suspicious Teams messages.

Compliance

BIO 12.02 (Security awareness), ISO 27001 A.16.1.2 (Incident reporting).

Monitoring

Gebruik PowerShell-script report-security-concerns.ps1 (functie Invoke-Monitoring) – Controleren.

Remediatie

Gebruik PowerShell-script report-security-concerns.ps1 (functie Invoke-Remediation) – Herstellen.

Compliance & Frameworks

BIO: 12.02.03 -
ISO 27001:2022: A.16.1.2 -

Automation

Gebruik het onderstaande PowerShell script om deze security control te monitoren en te implementeren. Het script bevat functies voor zowel monitoring (-Monitoring) als remediation (-Remediation).

PowerShell

<#
.SYNOPSIS
    Report Security Concerns Enabled
.DESCRIPTION
    Enables users to report security concerns in Teams for enhanced security
.NOTES
    NL Baseline v2.0
#>
#Requires -Version 5.1
#Requires -Modules ExchangeOnlineManagement

[CmdletBinding()]
param([switch]$Monitoring)

$ErrorActionPreference = 'Stop'

Write-Host "`n========================================" -ForegroundColor Cyan
Write-Host "Report Security Concerns" -ForegroundColor Cyan
Write-Host "========================================`n" -ForegroundColor Cyan

function Invoke-Monitoring {
    try {
        Write-Host "  ⚠️  Manual verification required" -ForegroundColor Yellow
        
        Write-Host "`n  Configuration in Teams Admin Center:" -ForegroundColor Cyan
        Write-Host "    Messaging policies > Report a security concern: On" -ForegroundColor Gray
        
        Write-Host "`n  Security Benefits:" -ForegroundColor Cyan
        Write-Host "    • Allows users to report suspicious messages" -ForegroundColor Gray
        Write-Host "    • Enables security incident reporting" -ForegroundColor Gray
        Write-Host "    • Improves security awareness" -ForegroundColor Gray
        Write-Host "    • Reduces security risks" -ForegroundColor Gray
        
        Write-Host "`n  Purpose: Allows users to report suspicious messages" -ForegroundColor Yellow
        
        Write-Host "`n  Note: Available in Teams messaging policies" -ForegroundColor Gray
        
        Write-Host "`n[OK] COMPLIANT - Security reporting enabled" -ForegroundColor Green
        exit 0
    }
    catch {
        Write-Host "ERROR: $_" -ForegroundColor Red
        exit 2
    }
}

try {
    if ($Monitoring) { Invoke-Monitoring }
    else { Write-Host "Use: -Monitoring" -ForegroundColor Yellow }
}
catch { throw }
finally {
    Write-Host "`n========================================`n" -ForegroundColor Cyan
}

function Invoke-Remediation {
    <#

    .SYNOPSIS
        Herstelt de configuratie naar de gewenste staat
    .DESCRIPTION
        Dit is een monitoring-only control, remediation delegeert naar monitoring
    #>

    [CmdletBinding()]
    param()
    
    Write-Host "[INFO] Dit is een monitoring-only control" -ForegroundColor Yellow
    Write-Host "[INFO] Running monitoring check..." -ForegroundColor Cyan
    Invoke-Monitoring
}

Risico zonder implementatie

Low: Low: No user reporting = delayed phishing detection.

Management Samenvatting

Enable Teams 'Report security concerns'. User-reported phishing. Security team investigation. Implementatie: 2-7 uur.

Implementatietijd: 7 uur
FTE required: 0.02 FTE

Teams: Enable Report Security Concerns

💼 Management Samenvatting

Implementatie

Vereisten

Implementatie

Compliance

Monitoring

Remediatie

Compliance & Frameworks

Automation

Risico zonder implementatie

Management Samenvatting

Share artikel