Although Microsoft Teams is an incredibly powerful solution, it comes with a challenge around data security. The data generated and stored within Microsoft Teams is unfragmented and different in nature. Varying from chat & channel messages, documents, images, recordings, and meetings. Combining this with the ever-changing regulations, organizations have a serious compliance risk on their hands. Microsoft understands these risks and with the help of Microsoft Purview offers comprehensive solutions to help protect and govern your sensitive data. Jasper Oosterveld, Microsoft MVP and Modern Workplace Consultant is going to focus on Microsoft Purview Information Protection and Data Loss Prevention. Combining his real world experience, ensuring you can successfully implement these solutions with your customers or internal organization.

2. Protect and Govern your
Sensitive Data with Microsoft
Purview in Microsoft Teams
Jasper Oosterveld
Consultant & Microsoft MVP, InSpark, The Netherlands

3. Let’s start with a poll
menti.com
6990 0442

4. Microsoft Teams

5. Key features
Chat Meet Collaborate
Call

6. Business value
Employee
empowerment
Integrated
experience
Increase
productivity

7. Challenges
Explosion Management Staying
compliant
New way of
working
Guest access

8. My recommendation
Governance Change
management
Data
security
Device
management
Identity
management

9. Data Security

10. Challenges
Scattered
data
Sensitive
Information
Types
Information
security
policy
Internal threats &
data breaches
Law &
regulations

11. Risks
Loss of trust
Reputational
damage
Fines

12. Information Security Policy

13. Data classification policy
• Company data
specially prepared and
approved for public
use.
• There is no breach of
confidentiality.
Public
• Company data
intended for general
use within the
organization.
• There is a potential
breach of
confidentiality with
external sharing.
General
• Company information
specifically intended
for internal employees
or specific individuals
or organizations.
• Information is only
shared on basis of
confidentiality.
• Breach of
confidentiality causes
serious harm to the
organization.
Confidential

14. Data security policy
Public
• Accessible to all employees and external individuals or
organizations.
• Data not protected
General
• Accessible to all employees and external individuals or
organizations.
• Data not protected.
Confidential
• Accessible for all employees (internal) or authorized
individuals or organizations (external).
• Data is protected.

15. Sensitive Information Types

16. Examples
Generic
• Social Security Number
• Credit Card Number
• Passport Number
• Drivers License Number
• IBAN
• Physical Address
Organizational
• Medical Information
• Criminal information
• Intellectual property
• Employee information
• Customer information
• Mergers & acquisitions

17. Identify Sensitive Information Types
Impact
data loss
Microsoft
Purview
Stakeholders Law &
regulations

18. Sensitive Information Types

19. Scattered data
Type Location
1:1 chat & group chat Exchange Online (User mailbox)
Channel messages Exchange Online (M365 group mailbox)
Voicemail, call summary, and contacts Exchange Online (User mailbox)
Channel meeting recordings & transcript SharePoint Online
Chat meeting recordings & transcript OneDrive for Business
Calendar data Exchange Online
Files shared in chat OneDrive for Business
Files shared in channels SharePoint Online
Notes private meetings OneDrive for Business
Notes channel meetings SharePoint Online
Whiteboard OneDrive for Business
Tasks Tasks for Planner & To Do
Source:
https://blog.quest.com/microsoft-teams-meeting-content-where-is-it-stored/
https://www.syscloud.com/saas-data-protection-center/microsoft-365/teams-data-storage/

20. Microsoft Purview

22. Analyze current situation

23. Compliance Manager

24. Content Explorer

25. Activity Explorer

26. Protect and Govern with Microsoft
Purview Information Protection

27. Scope
Purview data
map
Meetings
Items &
e-mail
Microsoft 365
Group

28. Sensitivity labels
Location
independent
Encryption Safe & controlled
meetings

29. Classification methods
Manual Automatic

30. Automatic classification
Data-in-transit Data-at-rest

31. Detect Sensitive Information
SIT Trainable
classifiers
EDM Document
Fingerprinting
SharePoint
Premium

32. Scenario: Enforcing governance requirements
• Jane is the manager of the project
department of Hammond
Robotics.
• Hammond Robotics distinguish
different type of projects.
• Each project has unique
requirements for external invites &
and sharing.
• Jane needs an internal project site
with no external access and
sharing allowed.

33. Demo & solution

34. Tips & tricks
• Owners can change the label.
• Monitor with the Activity Explorer and Audit.
• Connect with your provisioning solution.
• Talk with your Intune colleagues before enabling CA with labels.
• Use PowerShell to define the default sharing link (view or edit) for
a SharePoint site and site sharing settings.

35. Scenario: Protect sensitive project information
• Alex is part of the Hammond
Robotics Mergers & acquisitions
team.
• He is currently part of a merger
with codename Project MRVN.
• All content related to this project
needs to be automatically
protected.

36. Demo & solution

37. Default Document Library Label & Override
Existing label Override with library default label
Manually applied, any priority No
Automatically applied, lower priority Yes
Automatically applied, higher priority No
Default label from policy, lower priority Yes
Default label from policy, higher priority No

38. Tips & tricks
• Office add-in for the Unified Labeling Client is in maintenance
mode.
• AIP unified labeling client (could) cause an issue with built-in
labels.
• OCR now in preview!
• Use the remove encryption option for the public labels.
• Assign scoped labels to specific departments, teams, or projects.
• Viewing encrypted content only works with Microsoft accounts.

39. Prevent a data leak with Purview
Data Loss Prevention

40. Key features
Identify Monitor Protect

41. Location
Microsoft 365 Devices Cloud Apps On premises

42. Scenario: Prevent data leak in Teams chat
• Alex is part of the Hammond
Robotics Mergers & acquisitions
team.
• He is currently part of a merger
with codename Project MRVN.
• Any mention of Project MRVN is
prohibited outside the dedicated
team.

43. Demo & solution

44. Scenario: Prevent a data leak with external
sharing
• Julia is the CISO of Hammond
Robotics.
• One of the company policies aims
to prevent sharing five or more
IBANs in files.
• This is confidential information
and shouldn’t be shared with
external people.

45. Demo & solution

46. Tips & tricks
• DLP is not 100% failproof.
• Test the SIT with real-world content related to the DLP policy.
• Create a separate policy for Exchange Online.
• Create a rule per Sensitive Information Type within the DLP
policy.

47. Conclusion

48. How to get started!
Pilot Use-case Test and
review
Training and
support
Next
department