在共用電腦上安全地使用 Microsoft TeamsUse Microsoft Teams securely on shared computers

如果可能,建議企業對用戶端裝置使用「零信任」方法,運用裝置管理功能、裝置健康情況檢查和原則強制執行、裝置層級加密及其他安全性功能。When possible, it is recommended Enterprises make use of a Zero Trust approach to client devices making use of device management capabilities, device health checks and policy enforcement, device-level encryption, and other security features.

零信任的圖片,在藍色圓形中顯示明確驗證、最低權限以及承擔入侵 (零信任原則的核心)。

系統管理員可以透過堅持驗證、最低權限,以及承擔入侵 (即會對使用者和資料造成最低風險動作的標準),藉此建立非常安全的條件。Administrators can create very secure conditions by insisting on verification, least privilege, and by assuming compromise -- standards that lead to actions that minimize risk to both users and data.

提示

若要更深入檢查零信任原則,請參閱這些影片For a deeper examination of Zero Trust principles, see these videos.

從共用電腦安全地使用 Microsoft Teams 安全的秘訣Tips for using Microsoft Teams securely from a shared computer

我們意識到此做法可能並非在所有情況下都可行,但安全性系統管理員仍務必遵循從共用電腦或非管理裝置使用 Teams 的指導方針。Recognizing that this may not be possible or practical in all scenarios, it is still important for security administrators to follow guidance for using Teams from a shared computer or unmanaged device as best they can.

應該開發方案,以盡快、盡可能遵守指導方針。Plans should be developed to adhere to guidelines as promptly as is possible.

  1. 使用作業系統平台安全性功能。Make use of Operating System platform security capabilities.
    1. 確保作業系統已設定為透過作業系統提供者安裝自動更新 (若為 Microsoft 系統,可透過 Windows Update 來完成此動作)。Ensure that the operating system is configured to install automatic updates from the Operating System provider (for Microsoft systems, this can be accomplished via Windows Update).
    2. 確保已啟用任何裝置加密功能 (例如 bitlocker),以及用來存取裝置的金鑰受到保護。Ensure that any device encryption capabilities such as bitlocker are enabled, and the key used to access the device is secured. 請注意,大多數的 Windows 10 裝置支援 BitLockerNote that most modern Windows 10 devices support bitlocker.
    3. 在您的裝置上使用防毒功能,例如 Windows Defender 提供的功能。Use anti-virus capabilities such as those offered by Windows Defender on your devices.
    4. 強烈建議對系統的每個使用者使用個別使用者帳戶Use of separate user accounts for each user of the system is highly recommended.
    5. 請勿對非系統管理功能 (例如瀏覽網頁、執行 Teams 等) 授與或使用系統管理員權限。Do not grant, or use, administrator privileges for non-administrative functions (such as browsing the web, running Teams, et cetera).

如果不符合上述指導方針,我們建議使用額外的瀏覽器安全性最佳做法:If the above guidance cannot be met, we recommend making use of additional browser security best practices:

  1. 運用瀏覽器的安全性功能。Leverage browser security capabilities.

    1. 使用私人瀏覽工作階段,將保存到磁碟的資料和歷程記錄最小化。Use private browsing sessions to minimize data and history that persists to disk. 例如,在 Microsoft Edge 中使用 inPrivate 瀏覽在 Google Chrome中進行無痕式瀏覽,或使用您的特定瀏覽器用於私人瀏覽的功能。For example, use inPrivate browsing in Microsoft Edge, Incognito browsing in Google Chrome, or the capabilities your specific browser for browsing privately.
    2. 建議將系統行為變更為預設採用私人瀏覽。Changing the system behavior to engage private browsing by default is recommended.
  2. 瀏覽至並使用 Teams Web 應用程式 (有時稱為 Web 用戶端),而非可下載的Teams 用戶端。Browse to and use the Teams web app (sometimes called the web client) not the downloadable Teams client.

  3. 使用共用系統完成之後,您必須:When you are done using the shared system, you must:

    1. 登出 TeamsSign out of Teams.
    2. 關閉所有瀏覽器索引標籤和視窗。Close all browser tabs and windows.
    3. 從裝置登出。Sign out of the device.

上述項目並非涵蓋所有情況的最佳做法或安全性控制項的完整清單,且可能會在您的環境中採取額外的動作 (例如,如果您有 Office 365 ATP 方案 1 或 2,安全性系統管理員可以選擇對 Teams 使用安全連結和安全附件)。The items above are not a comprehensive list of best practices or security controls covering all cases, and there may be extra actions that can be taken in your environment, (for instance, security administrators may choose to use Safe Links and Safe Attachments for Teams if you have Office 365 ATP Plan 1 or 2). 不過,這些步驟可做為建立從共用裝置使用 Teams 指導方針的起點。However, these steps are a starting point for building guidance for using Teams from shared devices.

詳細資訊More Information

Configuration Manager 中的 BitlockerBitlocker in Configuration Manager

Intune 中 Windows 10 的 BitLocker 原則Bitlocker for Windows 10 in Intune

Intune 中的端點安全性Endpoint security in Intune

在您的 Windows 安全性中啟用 Microsoft Defender 防毒軟體,並執行掃描Enable Microsoft Defender Antivirus in your Windows Security and run scans

Microsoft Defender 安全性中心文章Microsoft Defender security center article

Teams Web 用戶端/Teams Web 應用程式Teams web client/teams web app

安全性和 Microsoft TeamsSecurity and Microsoft Teams