Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Current »

Background

The SphereShield proxy solution requires a modified Teams client, to provide real time Ethical Wall controls for modalities including making calls and screen sharing. It is not required for DLP or file related controls.

Until recently, these modifications were performed on the fly as the client signed in via the proxy and the process was not noticeable for the end user. Due to changes in the Teams client, more consideration is now required.

Below are the options that companies have to ensure that their users run a compatible version of the New Teams client:

1. Use version 23335.232.2637.4844 or older

This version can be patched on the fly by the proxy and requires no further modifications.

This can be achieved in one of the following ways

A. Automated downgrade

Workstations/Clients that are set to automatically upgrade their versions (most client deployments) can benefit from an automated downgrade initiated by the proxy. If the client is running a non compatible version, the proxy will instruct the client to download a compatible version that will be automatically patched.

B. Static deployment

Workstations/Clients that are not set to automatically upgrade their versions (most VDIs and some other installation options) can have the above compatible version installed and not worry about automatic updates with breaking changes.
The compatible version original installer from Microsoft is available upon request from AGAT.

2. Patch a recent client version

Recent client versions are supported, but require more consideration when deploying them.

This option requires disabling automatic updates. Clients can be updated when required.

The patching process requires running a program released by AGAT that modifies a small number of JavaScript files in the Teams client program folder. These allow Ethical Wall related modalities to be detectable by the proxy and enforced.

They can be deployed in one of the following ways:

A: Patch the client on the workstation image

The regular Teams client can be installed and the the patch can be applied to the installed program files contained in the image. This patched image will then be used for workstations.

B: Apply patch in login script

Each time a user logs in the patching program can be run.

This option doesn’t require modifications to workstation images (where relevant).

3. Deploy a patched client version

You can install a patched version or have clients automatically update to a patched Microsoft Teams client.

Patched versions of the installer will be made available on a regular cadence.

The installation package is prepared and signed by AGAT, either using their code signing certificate or yours if you choose to provide one.

If you choose to use a package signed by AGAT you will need to install the AGAT code signing CA on your workstations.


  • No labels