Microsoft Teams Security and Governance


Microsoft Teams (Teams) offers a range of tools to help you implement security and governance practices within your organisation. Below, we have listed some of the top security and governance tools, from eDiscovery to Policy enforcement, and from Security Protection to Data Loss Prevention. Teams leverages the strong Security and Governance tools within Microsoft 365 to ensure that information is properly managed and protected within Teams and underlying repositories. Some of the key inclusions are:

 

 

Microsoft 365 eDiscovery

Electronic discovery, also known as eDiscovery, involves identifying, collecting, and producing electronically stored information (ESI) to ensure compliance with new legislation or industry standards. It includes search, case management, analysis, preservation, as well as the export of any data and communication in Teams.

A brief is developed detailing all the discussions and the events. At the same time, an overview of the call and meeting summary is made accessible to users. They can then leverage this data as per their specific requirements using eDiscovery and advanced eDiscovery.

 

The following table shows the critical differences between the two:

 

 

Compliance Content Search

Content search lets you look for pertinent data in Teams using advanced filtering capabilities. You can then export the search results to a container for litigation and compliance support.

This is applicable irrespective of whether it’s an eDiscovery case or not. Moreover, it allows compliance admins to collect the Teams data from all users, analyse and pass it on for further processing.

 

 

Legal Hold

 

During a legal process, you may want to preserve all the information associated with a Team or a user (custodian). It can be made inconvertible and used as evidence during legal proceedings

You can place either a Team or a user mailbox on legal hold.

In a legal team hold, the following holds are applicable on a team’s mailbox:

  • In-Place Hold – select data processed through specified parameters preserved on hold
  • Litigation Hold – the entire site collection or mailbox is put on hold

 

Once you set the hold, it guarantees that even if the end-users edit or delete channel messages, immutable copies of that content are preserved and made accessible via eDiscovery search. Legal holds usually apply within an eDiscovery case’s context.

 

 

Advanced Threat Protection (ATP) for Teams

 

Microsoft Defender (Office 365) offers Advanced Threat Protection (ATP) for Teams. This works as an additional protective layer for files that have already been scanned during upload time with Microsoft 365’s virus detection engine. 

ATP for Teams allows you to detect and block present/existing files that are perceived as malicious in document libraries and team sites. However, it is not enabled by default for Teams. 

Once enabled, it identifies a malicious threat, and that folder is locked by direct integration using the file stores. 

Here are some of the points to remember while using Advanced Threat Protection (ATP):

  • Defender for Microsoft Office 365 doesn’t examine every file in Teams. It is set by default to scan asynchronously. The process leverages guest activity, sharing events and threat signals, and a practical approach to detect files that are malicious
  • Advanced Threat Protection for Teams is an integral part of your company’s standard threat protection strategy. This includes anti-malware and anti-spam protection and security in Exchange Online Protection (EOP), as well as Safe Attachments and Safe Links in Microsoft Defender (Office 365)

 

 

Conditional Access Policies for cloud apps

 

Teams depends on Exchange Online, Skype for Business Online, and SharePoint for core productivity scenarios, such as calendars, meetings, file sharing, and interop chats. Conditional access policies for these cloud applications are applicable to Teams when an individual directly logs in to their Teams account on any client.

Teams is supported individually as a cloud application in conditional access policies of Azure Active Directory. Practically, the conditional access policies apply to the users when they sign in to the cloud application on Teams. 

However, without the valid policies in place on other applications such as SharePoint and Exchange Online, users may still have access to those resources directly. 

Desktop clients for Mac and Windows on Teams support modern authentication. Modern authentication gets sign-in on the basis of Azure Active Directory Authentication Library (ADAL) to Office user apps across platforms. Additionally, the Teams application for desktop supports AppLocker. 

 

 

Leverage the Retention Policy

 

Retention policies enable you to manage the flow of information more effectively in your organisation. Teams retain their chat, files, and channel information indefinitely by default unless someone tries to delete the data through retention policies, admin deletes, user deletes, etc. 

It’s possible to set up different retention policies for channel messages and private chats. Additionally, you can configure exclusive policies for specific teams or users in your organisation. 

  • For Teams chats, you can decide on the right policy for each user
  • For Teams channel messages, you can choose which policy applies to a specific team

 

As a Teams administrator, you have the authority to establish retention policies for channel and chat conversations. This means that you can proactively choose to delete the data right away, retain it, or preserve it for a specific time interval and delete it at a later date.

It’s also possible to set and manage Teams retention policies via the compliance center of Microsoft 365 or through the Security & Compliance Center PowerShell command. You can implement the Teams retention policy to either specific teams or users or even across your entire organisation.

Teams retention policies let you:

  • Retain or preserve Teams messages, channels, or chats for a definite period, and that’s it
  • Retain the messages, channels, or chats in Microsoft Teams for a definite period and after that, delete the data
  • Delete Teams messages, channels, or chats after a definite period 

 

Retention policies in Teams are dependent on when the channel or chat messages originated and are retroactive. 

In simple words, if you make a retention policy concerning data deletion that is older than 90 days, all the data in Teams created over 90 days ago gets deleted.

With this in mind, by leveraging Team’s retention policies you can effectively maintain data security and, ultimately, your organisation’s credibility.

 

 

Protect sensitive information through Microsoft Data Loss Prevention

 

Microsoft data loss prevention (DLP) capabilities in Teams applies to channel messages, chat messages, and private channel messages.

If your company has data loss prevention policies in place, it’s a good idea to outline rules that prevent people from sharing/exchanging sensitive information within the chat or channel messages on Teams.

Here are two instances that show how this data loss protection works:

 

Example 1: Protection of sensitive data in messages

Suppose someone attempts to share critical information with external users in a Teams channel or chat. If you already have a data loss prevention (DLP) policy to prevent this, messages sent to external users with sensitive information get deleted automatically. This is a pre-programmed process that happens within seconds, depending on how you have configured your DLP policy.

 

Example 2: Protecting sensitive information in documents

In case someone tries to exchange a file with external users in a Teams chat or channel, the shared file is rendered useless immediately if it contains sensitive data. A data loss prevention (DLP) policy will not let the file open and be accessible for users.

 

 

Security and Governance with Experteq

Experteq can help you assess and mitigate security risks,  eliminate security flaws and incorporate strong governance capabilities into your Microsoft Teams solution. We leverage Microsoft Teams every day at work and are confident in the robust security and governance options available to your organisation.

Please visit our solutions page to learn more about how we can help you with security and governance, deployment and user adoption when switching to Microsoft Teams.

 

Frank Mulcahy

frank.mulcahy@experteq.com

Over the last 15 years Frank has been involved in several successful start-up technology companies that solve major business challenges using enterprise technology thinking. Frank is a strategic thinker and is often invited by media and vendors to comment on emerging Industry trends and technology market direction.