As already discussed in the previous chapter, it is, in general, only possible to make a connection to a device
- if the TeamViewer ID and the associated password are known or
- if the access is confirmed via Easy Access or
- the connection partner confirmed the access manually.
Accessing a device is impossible if none of the above points is given.
Via your Company profile, you have even other options than discussed to manage and restrict access for users in your company.
What is the Company Profile?
Within TeamViewer, creating an online company that allows you to use additional features to manage your license, groups, modules, users, etc., in an easy and secure environment is possible. To create a company profile, please read the following article:
If you are using the (Classic) interface, please follow the instructions here.
Benefits of a company profile
You can
- change user permissions centrally.
- add users to your license (Premium, Corporate, or Tensor) and
- create TeamViewer accounts to give the users the ability to log into any TeamViewer application and work under the license.
Managing users as a company administrator in your company Profile also gives you access to:
- Connection reports (reports of user connections including date, time, and frequency)
- Ability to deactivate or remove a user
- Ability to create channel groups
- Ability to share groups of contacts and devices and to manage group permissions
- Ability to change user account passwords
- Ability to change user permissions
Once you have activated your license on your TeamViewer account, you can create your company profile and begin to add users.
Deploy TeamViewer with your specified settings
Find a detailed description of TeamViewer Deployment and more information here:
If you are using the (Classic) interface, please follow the instructions here.
Deploy and enforce settings via policy
You can deploy all settings centrally via TeamViewer for devices inside and outside your domain:
Settings policies allow you to centrally set a specific configuration for all your installed clients via TeamViewer. This way, you can deploy and enforce the same settings to all your clients.
Below, please find a list of recommendations to enforce to your users:
- Access control (incoming connections) → depending on your requirements
- Access control (outgoing connections) → depending on your requirements
- Block and Allowlist
- Changes require administrative rights on this computer → enabled
- Check for new version → Weekly
- Enable black screen if partner input is disabled → Home Office setup
- Enable logging
- Incoming LAN connections → depending on your requirements
- Install new versions automatically → All updates (includes new major versions)
- Log incoming connections → enabled
- Log outgoing connections → enabled
- Password strength → depending on your requirements 8 or more characters or disabled
- Random Password after each session → Generate new
- Report connections to this device → enabled
- Temporarily save connection passwords → disabled
- Timing out inactive session → 1 hour or less
Find a detailed description of how to add TeamViewer Setting Policies and more information about it here:
If you are using the (Classic) interface, please follow the instructions here.
Conditional Access
With Conditional Access, you can enforce Remote Access Rights to prevent unauthorized activities and align with security policies
Control TeamViewer usage and access rights throughout your organization using a rules engine you configure within the Management Console. This conditional access provides an additional layer of security for your corporate network.
TeamViewer customers with a TeamViewer Enterprise/Tensor license and Conditional Access AddOn can use the Conditional Access feature. Read more here:
If you are using the (Classic) interface, please follow the instructions here.