• Admin permission to your Cloud App Security console
• One Microsoft Teams ATP (Advanced Threat Protection) policy with Real-time Scanning enabled
• Permissions for Cloud App Security to receive notifications from Microsoft upon any change to the files in your teams (refer to Online Help - Step 9)
• One or more Teams protected by Cloud App Security as a selected target of the test policy

Pattern-Based Scanning

1. Download an EICAR file from Download Anti Malware Testfile – Eicar.
2. In the Malware Scanning test policy, ensure that "Scan all files" is selected.

   

3. Sign in the Microsoft Teams client as the test user in any channel of the test team, and then switch to the File tab and upload the eicar sample file.

   

4. Wait for several minutes and then in the Logs tab of the CAS Web UI, confirm that the sample is detected by Pattern-Based Scanning and that the Security Risk Name is “Malware: Eicar_test_file”.

   

TrendX (Predictive Machine Learning)

1. In the Malware Scanning test policy, ensure that “Enable Predictive Machine Learning” is checked.

   

2. Download TrendX.zip and unzip the file with the password “virus”.
3. Sign in the Microsoft Teams client as the test user in any channel of the test team, and then switch to the File tab and upload the TrendX sample files.

   

4. Wait for several minutes and then in the Logs tab of the CAS Web UI, confirm that the sample is detected by Predictive Machine Learning and that the Security Risk Name is “Malware: Ransom.Win32.TRX.XXPE1”.

   

1. In the File Blocking test policy, ensure that “Enable File Blocking” is checked and that “Block Specific Files” is selected for “Type of File Blocking”, and then select “File names to block” and add “test.txt” to the Blocking list.

   

2. Create a text file with file name “test.txt” and input any text into it.
3. Sign in the Microsoft Teams client as the test user in any channel of the test team, and then switch to the File tab and upload the test.txt file created in the previous step.
4. Wait for several minutes and then in the Logs tab of the CAS Web UI, confirm that the sample is detected with Security Filter “File Blocking” and that the Security Risk Name is “test.txt”.

   

1. In the Web Reputation test policy, ensure that “Enable Web Reputation” is checked.

   

2. Create a text file with file name “wrstest.txt” and input the following WRS test URL into it.

   

3. Sign in the Microsoft Teams client as the test user in any channel of the test team, and then switch to the File tab and upload the wrstest.txt file created in the previous step.
4. Wait for several minutes and then in the Logs tab of the CAS Web UI, confirm that the sample is detected with the Web Reputation Security Filter and that the Security Risk Name is “Spyware: [http]:[/][/]wrs21[.]winshipway[.]com”.

   

1. In the Virtual Analyzer test policy, ensure that “Enable Virtual Analyzer” is checked.

   

2. Download the PDF sample and unzip it with the password “virus”.
3. Sign in the Microsoft Teams client as the test user in any channel of the test team, and then switch to the File tab and upload the sample.

   

4. Wait for several minutes and then in the Logs tab of the CAS Web UI, confirm that the sample is detected with Virus Name “HEUR_PDFF.SPACE”.

   

1. Add a test DLP policy for Microsoft Teams. Ensure that “Enable Real-time Scanning” is selected and that the test team is set as "Selected Targets".

   

2. Ensure that “Enable Data Loss Prevention” is selected and that “All: Credit Card Number” is set as "Selected Compliance Template(s)".

   

3. Create a text file with some test credit card numbers like below. If you don’t have one, you may find some from Test Payflow Transactions (paypal.com). The following sample file uses the test credit card numbers provided in the PayPal website.

   

4. Sign in the Microsoft Teams client as the test user in any channel of the test team, and then switch to the File tab and upload the text file created in the previous step.

   

5. Wait for several minutes and then in the Logs tab of the CAS Web UI, select "Data Loss Prevention" as the Log Type and then confirm that the sample is detected with the Data Loss Prevention Security Filter.