Microsoft Teams enables organizations to stay connected and access shared content at any time to learn, plan, and innovate—together. Although these advantages improve internal and external collaboration, organizations have serious concerns about being and staying compliant. Jasper Oosterveld, Microsoft MVP & Modern Workplace Consultant, is going to discuss the available Microsoft 365 Purview toolset to ensure and maintain your organizational compliance while working with Microsoft Teams.
14. InSpark
Setup a classification policy
02 Data Security
• Company data
specially prepared
and approved for
public use.
• There is no breach
of confidentiality.
• Company data
intended for
general use within
the organization.
• There is a potential
breach of
confidentiality with
external sharing.
• Company
information
specifically intended
for internal
employees or
specific individuals
or organizations.
• Information is only
shared on basis of
confidentiality.
• Breach of
confidentiality
causes serious harm
to the organization.
Public Internal Confidential
15. InSpark
Setup a security policy
02 Data Security
Public
• Accessible to all employees or authorized individuals.
• No security.
• Accessible to all employees.
• Data is protected / not protected.
• Accessible for all employees (internal) or authorized individuals or organizations (external).
• Data is protected.
Confidential
Internal
16. InSpark
Setup a security policy
02 Data Security
• R&D information is specifically intended for R&D employees.
• Data is protected for all R&D employees
R&D
• HR information is specifically intended for HR employees.
• Data is protected for all HR employees
HR
18. InSpark
Generic Organizational
Examples
02 Data Security
Social Security number
Credit card number
Passport number
Drivers license number
IBAN
Intellectual Property
Employee information
Customer information
Mergers & Acquisitions
21. InSpark
Fragmented data
01 Microsoft Teams
Type Location
1:1 chat & group chat Exchange Online (User mailbox)
Channel messages Exchange Online (M365 group mailbox)
Voicemail, call summary, and contacts Exchange Online (User mailbox)
Channel meeting recordings & transcript SharePoint Online
Chat meeting recordings & transcript OneDrive for Business
Calendar data Exchange Online
Files shared in chat OneDrive for Business
Files shared in channels SharePoint Online
Notes private meetings OneDrive for Business
Notes channel meetings SharePoint Online
Whiteboard OneDrive for Business
Tasks Tasks for Planner & To Do
Source:
https://blog.quest.com/microsoft-teams-meeting-content-where-is-it-stored/
https://www.syscloud.com/saas-data-protection-center/microsoft-365/teams-data-storage/
37. InSpark
External Collaboration
Scenario: Manage external guests &
sharing
04 Microsoft Purview Information Protection
• Jane is the manager of the project
department of Hammond Robotics.
• Hammond Robotics distinguish different
type of projects.
• Each project has unique requirements for
external invites & and sharing.
• Jane needs an internal project site with
no external access and sharing allowed.
44. InSpark
Owners can change the label.
Monitor with the Activity Explorer and Audit.
Connect with your own provisioning solution (PNP).
Talk with your Intune colleague before enabling CA with labels.
Use PowerShell to define the default sharing link (view or edit) for a
SharePoint site and site sharing settings.
Tips & tricks
04 Microsoft Purview Information Protection
45. InSpark
Mergers & acquisitions
Scenario: Protect your sensitive content
04 Microsoft Purview Information Protection
• Alex is part of the Hammond Robotics
Mergers & acquisitions team.
• He is currently part of a merger with
codename Project MRVN.
• All content related to this project needs
to be automatically protected.
53. InSpark
AIP unified labeling client is in maintenance mode.
Review the current options & limitations (see resources slide).
AIP unified labeling client (could) cause an issue with build-in labels.
Use the remove encryption option for the public labels.
Assign scoped labels to specific departments, teams or projects.
Viewing encrypted content only works with Microsoft accounts.
Tips & tricks
04 Microsoft Purview Information Protection
55. InSpark
Power of Data Loss Prevention
05 Microsoft Purview Data Loss Prevention
Identify Monitor Protect
56. InSpark
Mergers & chat
Scenario: Prevent data leak in chat
05 Microsoft Purview Data Loss Prevention
• Alex is part of the Hammond Robotics
Mergers & acquisitions team.
• He is currently part of a merger with
codename Project MRVN.
• Any mention of Project MRVN is
prohibited outside the dedicated team.
63. InSpark
Personal data & sharing files
Scenario: Prevent a data leak with sharing
05 Microsoft Purview Data Loss Prevention
• Julia is security officer of Hammond
Robotics.
• One of the company policies aims to
prevent sharing five or more IBAN
numbers in files.
• This is confidential information and
shouldn’t be shared with external people.
72. InSpark
DLP is not 100% failproof.
Test the SIT with real world content related to the DLP policy.
Create a separate policy for Exchange Online.
Create a rule per Sensitive Information Type within the DLP policy.
Tips & tricks
05 Microsoft Purview Data Loss Prevention
76. InSpark
Microsoft Purview Services & Licenses
Announcing AIP unified labeling client maintenance mode and sunset of mobile viewer
Choose Microsoft Purview Information Protection built-in labeling for Office apps over the Azure Information
Protection (AIP) add-in - Microsoft Purview (compliance) | Microsoft Docs
Learn about sensitivity labels - Microsoft 365 Compliance | Microsoft Docs
Automatically apply a sensitivity label to content in Microsoft 365 - Microsoft 365 Compliance | Microsoft Docs
Overview of data loss prevention - Microsoft 365 Compliance | Microsoft Docs
Overview of data loss prevention
Create a custom sensitive information type in the Security & Compliance Center
Sensitive information type entity definitions
Data loss prevention and Microsoft Teams
Resources
06 Conclusion