What Security Measures Can I Implement for TeamViewer?

Honestly, the best security measure would be to avoid using QS at all. Instead, opt for the TeamViewer Host version with the password disabled and enable Easy Access. Also, implement Conditional Access in your Identity Provider to manage login restrictions. To further secure connections, restrict permissions and connection times through TeamViewer's settings, and block any outbound TeamViewer traffic on your firewall to only allow connections through your private router. This way, you can leverage all the features without compromising on security.

If you want to keep using TeamViewer QS, try isolating it as much as possible. Run it in controlled environments like RDS, just like you're doing right now. Make sure to restrict outbound connections solely to TeamViewer endpoints and enforce short-lived sessions. This way, you can monitor usage centrally. Ideally, if your organization already has a built-in remote access system like VPN or RDP, push for that instead of using TeamViewer unless absolutely necessary.

You might want to consider whether TeamViewer is the only option. If it's just for screen sharing, there are plenty of other tools out there that are more secure and less shady than TeamViewer. Just something to think about!

As for your security team wanting to randomize the connection ID, I'm really confused about the logic behind that. It doesn’t seem to be directly related to actual security. Instead, focus on blocking any TeamViewer-related applications by their developer certificates using your company's security tools, like XDR or AppLocker. This will provide a more effective solution.