Although Microsoft Teams is an incredibly powerful solution, it comes with a challenge around data security. The data generated and stored within Microsoft Teams is unfragmented and different in nature. Varying from chat & channel messages, documents, images, recordings, and meetings. Combining this with the ever-changing regulations, organizations have a serious compliance risk on their hands. Microsoft understands these risks and with the help of Microsoft Purview offers comprehensive solutions to help protect and govern your sensitive data.
Jasper Oosterveld, Microsoft MVP and Modern Workplace Consultant is going to focus on Microsoft Purview Information Protection and Data Loss Prevention. Combining his real world experience, ensuring you can successfully implement these solutions with your customers or internal organization.
ESPC 2023 - Protect and Govern your Sensitive Data with Microsoft Purview in Microsoft Teams.pptx
1.
2. Protect and Govern your
Sensitive Data with Microsoft
Purview in Microsoft Teams
Jasper Oosterveld
Consultant & Microsoft MVP, InSpark, The Netherlands
13. Data classification policy
• Company data
specially prepared and
approved for public
use.
• There is no breach of
confidentiality.
Public
• Company data
intended for general
use within the
organization.
• There is a potential
breach of
confidentiality with
external sharing.
General
• Company information
specifically intended
for internal employees
or specific individuals
or organizations.
• Information is only
shared on basis of
confidentiality.
• Breach of
confidentiality causes
serious harm to the
organization.
Confidential
14. Data security policy
Public
• Accessible to all employees and external individuals or
organizations.
• Data not protected
General
• Accessible to all employees and external individuals or
organizations.
• Data not protected.
Confidential
• Accessible for all employees (internal) or authorized
individuals or organizations (external).
• Data is protected.
16. Examples
Generic
• Social Security Number
• Credit Card Number
• Passport Number
• Drivers License Number
• IBAN
• Physical Address
Organizational
• Medical Information
• Criminal information
• Intellectual property
• Employee information
• Customer information
• Mergers & acquisitions
19. Scattered data
Type Location
1:1 chat & group chat Exchange Online (User mailbox)
Channel messages Exchange Online (M365 group mailbox)
Voicemail, call summary, and contacts Exchange Online (User mailbox)
Channel meeting recordings & transcript SharePoint Online
Chat meeting recordings & transcript OneDrive for Business
Calendar data Exchange Online
Files shared in chat OneDrive for Business
Files shared in channels SharePoint Online
Notes private meetings OneDrive for Business
Notes channel meetings SharePoint Online
Whiteboard OneDrive for Business
Tasks Tasks for Planner & To Do
Source:
https://blog.quest.com/microsoft-teams-meeting-content-where-is-it-stored/
https://www.syscloud.com/saas-data-protection-center/microsoft-365/teams-data-storage/
32. Scenario: Enforcing governance requirements
• Jane is the manager of the project
department of Hammond
Robotics.
• Hammond Robotics distinguish
different type of projects.
• Each project has unique
requirements for external invites &
and sharing.
• Jane needs an internal project site
with no external access and
sharing allowed.
34. Tips & tricks
• Owners can change the label.
• Monitor with the Activity Explorer and Audit.
• Connect with your provisioning solution.
• Talk with your Intune colleagues before enabling CA with labels.
• Use PowerShell to define the default sharing link (view or edit) for
a SharePoint site and site sharing settings.
35. Scenario: Protect sensitive project information
• Alex is part of the Hammond
Robotics Mergers & acquisitions
team.
• He is currently part of a merger
with codename Project MRVN.
• All content related to this project
needs to be automatically
protected.
37. Default Document Library Label & Override
Existing label Override with library default label
Manually applied, any priority No
Automatically applied, lower priority Yes
Automatically applied, higher priority No
Default label from policy, lower priority Yes
Default label from policy, higher priority No
38. Tips & tricks
• Office add-in for the Unified Labeling Client is in maintenance
mode.
• AIP unified labeling client (could) cause an issue with built-in
labels.
• OCR now in preview!
• Use the remove encryption option for the public labels.
• Assign scoped labels to specific departments, teams, or projects.
• Viewing encrypted content only works with Microsoft accounts.
42. Scenario: Prevent data leak in Teams chat
• Alex is part of the Hammond
Robotics Mergers & acquisitions
team.
• He is currently part of a merger
with codename Project MRVN.
• Any mention of Project MRVN is
prohibited outside the dedicated
team.
44. Scenario: Prevent a data leak with external
sharing
• Julia is the CISO of Hammond
Robotics.
• One of the company policies aims
to prevent sharing five or more
IBANs in files.
• This is confidential information
and shouldn’t be shared with
external people.
46. Tips & tricks
• DLP is not 100% failproof.
• Test the SIT with real-world content related to the DLP policy.
• Create a separate policy for Exchange Online.
• Create a rule per Sensitive Information Type within the DLP
policy.