EdTech IRL

EdTech IRL

Share this post

EdTech IRL
EdTech IRL
Teams Security Baselines: Cloud Recording for Unapproved Users
Copy link
Facebook
Email
Notes
More
User's avatar
Discover more from EdTech IRL
Anything K12 edtech is fair game - instructional, infrastructure, incident response, tools, tips, tricks, deployment, data privacy, diagnostics, etc., etc. Any opinions are our own and do not represent the opinions of any organization or corporation.
Already have an account? Sign in
M365 / AAD

Teams Security Baselines: Cloud Recording for Unapproved Users

Spending 10 minutes or less will help your M365 environment be a little more secure

Jul 06, 2023

Share this post

EdTech IRL
EdTech IRL
Teams Security Baselines: Cloud Recording for Unapproved Users
Copy link
Facebook
Email
Notes
More
Share

In Oct. 2022, CISA released a document called Microsoft Teams: M365 Minimum Viable Secure Configuration Baseline. This document outlines 13 steps to take to raise your Microsoft Teams environment to a minimum viable security posture. In this series, we’ll take a look at these 13 steps over a series of articles.

Baseline 9: Cloud Recording for Unapproved Users

This baseline reads “Cloud Recording of Teams Meetings SHOULD Be Disabled for Unapproved Users.”

What is it?

This setting refers to whether video can be recorded in meetings hosted by a user, during one-on-one calls, and on group calls started by a user.

Why is it bad?

While not necessarily bad, default settings for user recording in Teams is to allow recording for all users. This baseline suggests explicitly denying the ability to record across the tenant in the Global policy, but creating explicit policies to allow recording for approved users as a way of vetting who should have recording rights.

What should you know before enforcement?

To make this process going more smoothly, it’s helpful to plan out in advance who should have access to recording meetings, and add them to a M365 group (or re-purpose an existing M365 group). Then, to create a policy for them, go to the Teams Admin Center (teams.cmd.ms) —> Meetings —> Meeting Policies —> Group Policy Assignment.

How do you enforce it?

Login to the Teams Admin Center (teams.cmd.ms) and navigate to Meetings—> Meeting Policies, select the appropriate policy (Global - Org-wide default) and then scroll down to Recording and transcription. Set the Meeting recording toggle to OFF.

Next, go back to Meetings —> Meeting Policies and find any policy groups where you want to allow recording, and use the steps above to make sure Meeting recording is toggled to ON. You should also ensure that the Store recordings outside of your country or region toggle should be set to OFF.

Resources:

Teams Cloud Meeting Recording

Assign Policies in Teams

Note: The articles in the Security Baselines series aren’t being sent via the subscriber emails. Once the series is complete, I’ll be publishing a single article with links to all of the articles in the series.


Subscribe to EdTech IRL

Launched 3 years ago
Anything K12 edtech is fair game - instructional, infrastructure, incident response, tools, tips, tricks, deployment, data privacy, diagnostics, etc., etc. Any opinions are our own and do not represent the opinions of any organization or corporation.

Share this post

EdTech IRL
EdTech IRL
Teams Security Baselines: Cloud Recording for Unapproved Users
Copy link
Facebook
Email
Notes
More
Share

Discussion about this post

User's avatar
Mass Deployment of AutoPilot From Scratch (Zero Touch USB - Updated for 2023)
Create a bootable USB drive that will wipe a device, install windows, provision the device, and enroll it into AutoPilot... with barely any user…
Apr 13, 2022 • 
Brady Widener
3

Share this post

EdTech IRL
EdTech IRL
Mass Deployment of AutoPilot From Scratch (Zero Touch USB - Updated for 2023)
Copy link
Facebook
Email
Notes
More
55
Getting a list of last logged on users for an Intune Device
Solving a common K-12 problem using the Microsoft Graph API!
Nov 28, 2023 • 
Brady Widener

Share this post

EdTech IRL
EdTech IRL
Getting a list of last logged on users for an Intune Device
Copy link
Facebook
Email
Notes
More
14
Set it and Forget it: Daily Silent Update of All Your Winget Apps
Clicking "Yes" on UAC 1,000 times not required
Sep 16, 2024 • 
Andy Lombardo
2

Share this post

EdTech IRL
EdTech IRL
Set it and Forget it: Daily Silent Update of All Your Winget Apps
Copy link
Facebook
Email
Notes
More
1

Ready for more?

© 2025 EdTech IRL
Privacy ∙ Terms ∙ Collection notice
Start writingGet the app
Substack is the home for great culture

Share

Copy link
Facebook
Email
Notes
More

Create your profile

User's avatar

Only paid subscribers can comment on this post

Already a paid subscriber? Sign in

Check your email

For your security, we need to re-authenticate you.

Click the link we sent to , or click here to sign in.