Public setting on Microsoft Teams and Microsoft 365 groups deactivated

23 Jul 2024
teamwork
23 Jul 2024

ICTS has introduced a new policy that prevents the creation of public teams on Microsoft Teams and public groups on Microsoft 365 groups at UCT. This forms part of our ongoing efforts to protect the UCT network, as well as your and the university’s digital assets.

Motivation required to create a new public team or group
Public teams and groups allow anyone at the university to join without the owner’s permission. Members can then view all content and messages, even those considered to be confidential. Teams and groups also have an associated SharePoint Online site, where this content can be accessed. 

Should you require a new public team or group, you will need to log a call with the IT Helpdesk and provide a use case and motivation for this requirement. ICTS will review your request and determine whether a public team or group can be created.

This preventative measure is being put in place to protect information stored on teams and groups.

Be careful of where you save information 
We tend to store information in all sorts of places. Some of these folders are only accessible to you, but a few can also be accessed by your colleagues and students. You may have even given external parties access to an online shared folder and forgotten about it. You then store privileged information in the folder, which could lead to a potential breach.   
Let’s work together to protect the university’s digital assets by following the recommendations listed below.  

  • Don’t share confidential information on external systems, public teams and groups, or shared drives. Ensure that only you and those who have similar access, can view it.  
  • Always double-check your storage location to ensure that you don’t accidently save confidential or personal information in a public location. 
  • When sharing any document that contains confidential information, only give access to those who need to view it, instead of selecting to share with everyone in the organisation or anyone with the link. Once you share the link, you never know who else can access it later.   

We all have a responsibility to protect the access that we have been granted at the university. If you suspect confidential or personal information has been incorrectly shared or “leaked”, please immediately inform the UCT Computer Security Incident Response Team (CSIRT) by sending an email to csirt@uct.ac.za and provide a detailed description of the incident.