Experts Live Europe 2023 - Ensure your compliance in Microsoft Teams with Microsoft Purview.pptx

InSpark
#ExpertsLiveEU
Protect and govern your
sensitive data with
Microsoft Purview in
Microsoft Teams
Jasper Oosterveld

InSpark
#ExpertsLiveEU
Thank you to our Sponsors

InSpark
Welcome 
00 Introduction
• Modern Workplace Consultant @ InSpark
• Microsoft MVP
• Amsterdam
• /in/jasperoosterveld
About me

InSpark
Let’s see some
hands!

InSpark
Key features
01 Microsoft Teams
Chat Meet Call Collaborate

InSpark
Business value
01 Microsoft Teams
Employee
empowerment
Integrated
experience
Increase
productivity

InSpark
Challenges
01 Microsoft Teams
Explosion Management
Staying
compliant
New way of
working
Guest
access

InSpark
My recommendation
01 Microsoft Teams
Governance Change
management
Data security
Device
management
Identity
management

InSpark
Challenge with Data Security
02 Data Security
Unfragmented
data
Sensitive
Information
Types
Information
security
policy

InSpark
Risks
02 Data Security
Fines Reputational
damage
Loss of trust

InSpark
Information
protection policy

InSpark
Setup a classification policy
02 Data Security
• Company data
specially prepared
and approved for
public use.
• There is no breach
of confidentiality.
• Company data
intended for
general use within
the organization.
• There is a potential
breach of
confidentiality with
external sharing.
• Company
information
specifically intended
for internal
employees or
specific individuals
or organizations.
• Information is only
shared on basis of
confidentiality.
• Breach of
confidentiality
causes serious harm
to the organization.
Public Internal Confidential

InSpark
Setup a security policy
02 Data Security
Public
• Accessible to all employees or authorized individuals.
• No security.
• Accessible to all employees.
• Data is protected / not protected.
• Accessible for all employees (internal) or authorized individuals or organizations (external).
• Data is protected.
Confidential
Internal

InSpark
Setup a security policy
02 Data Security
• R&D information is specifically intended for R&D employees.
• Data is protected for all R&D employees
R&D
• HR information is specifically intended for HR employees.
• Data is protected for all HR employees
HR

InSpark
Sensitive
Information types

InSpark
Generic Organizational
Examples
02 Data Security
Social Security number
Credit card number
Passport number
Drivers license number
IBAN
Intellectual Property
Employee information
Customer information
Mergers & Acquisitions

InSpark
Identify Sensitive Information Types
02 Data Security
Stakeholders Purview
inspiration
Law &
regulations
Impact data
loss

InSpark
Fragmented data
01 Microsoft Teams
Type Location
1:1 chat & group chat Exchange Online (User mailbox)
Channel messages Exchange Online (M365 group mailbox)
Voicemail, call summary, and contacts Exchange Online (User mailbox)
Channel meeting recordings & transcript SharePoint Online
Chat meeting recordings & transcript OneDrive for Business
Calendar data Exchange Online
Files shared in chat OneDrive for Business
Files shared in channels SharePoint Online
Notes private meetings OneDrive for Business
Notes channel meetings SharePoint Online
Whiteboard OneDrive for Business
Tasks Tasks for Planner & To Do
Source:
https://blog.quest.com/microsoft-teams-meeting-content-where-is-it-stored/
https://www.syscloud.com/saas-data-protection-center/microsoft-365/teams-data-storage/

InSpark
Microsoft Purview
03 Microsoft Purview

InSpark
Analyze your
current situation

InSpark
Analyze current situation
Compliance
Manager

InSpark
Compliance Manager

InSpark
Content
Explorer
Compliance
Manager

InSpark
Content Explorer

InSpark
Content
Search
Content
Explorer
Compliance
Manager
Content
Explorer
Compliance
Manager

InSpark
Content Search

InSpark
Content
Search
Content
Explorer
Compliance
Manager
DLP & Activity
explorer

InSpark
DLP & Activity Explorer

InSpark
Classify & protect
with Purview
Information
Protection

InSpark
Scope
04 Microsoft Purview Information Protection
Items & e-mail
Microsoft 365
Group
Purview Data
Map
Meetings

InSpark
Sensitivity labels
Encryption Location
independent
Safe & controlled
meetings

InSpark
Applying sensitivity labels
Manual Automatically

InSpark
External Collaboration
Scenario: Manage external guests &
sharing
• Jane is the manager of the project
department of Hammond Robotics.
• Hammond Robotics distinguish different
type of projects.
• Each project has unique requirements for
external invites & and sharing.
• Jane needs an internal project site with
no external access and sharing allowed.

InSpark
Owners can change the label.
Monitor with the Activity Explorer and Audit.
Connect with your own provisioning solution (PNP).
Talk with your Intune colleague before enabling CA with labels.
Use PowerShell to define the default sharing link (view or edit) for a
SharePoint site and site sharing settings.
Tips & tricks

InSpark
Mergers & acquisitions
Scenario: Protect your sensitive content
• Alex is part of the Hammond Robotics
Mergers & acquisitions team.
• He is currently part of a merger with
codename Project MRVN.
• All content related to this project needs
to be automatically protected.

InSpark
AIP unified labeling client is in maintenance mode.
Review the current options & limitations (see resources slide).
AIP unified labeling client (could) cause an issue with build-in labels.
Use the remove encryption option for the public labels.
Assign scoped labels to specific departments, teams or projects.
Viewing encrypted content only works with Microsoft accounts.
Tips & tricks

InSpark
Prevent a data leak
with Purview Data
Loss Prevention

InSpark
Power of Data Loss Prevention
05 Microsoft Purview Data Loss Prevention
Identify Monitor Protect

InSpark
Mergers & chat
Scenario: Prevent data leak in chat
• Alex is part of the Hammond Robotics
Mergers & acquisitions team.
• He is currently part of a merger with
codename Project MRVN.
• Any mention of Project MRVN is
prohibited outside the dedicated team.

InSpark
Personal data & sharing files
Scenario: Prevent a data leak with sharing
• Julia is security officer of Hammond
Robotics.
• One of the company policies aims to
prevent sharing five or more IBAN
numbers in files.
• This is confidential information and
shouldn’t be shared with external people.

InSpark
DLP is not 100% failproof.
Test the SIT with real world content related to the DLP policy.
Create a separate policy for Exchange Online.
Create a rule per Sensitive Information Type within the DLP policy.
Tips & tricks

InSpark
Microsoft Purview roll-out advise!
06 Conclusion
Pilot Use-case Test &
review
Training &
support
Next
department

#ExpertsLiveEU
Thank you to our Sponsors

InSpark
Microsoft Purview Services & Licenses
Announcing AIP unified labeling client maintenance mode and sunset of mobile viewer
Choose Microsoft Purview Information Protection built-in labeling for Office apps over the Azure Information
Protection (AIP) add-in - Microsoft Purview (compliance) | Microsoft Docs
Learn about sensitivity labels - Microsoft 365 Compliance | Microsoft Docs
Automatically apply a sensitivity label to content in Microsoft 365 - Microsoft 365 Compliance | Microsoft Docs
Overview of data loss prevention - Microsoft 365 Compliance | Microsoft Docs
Overview of data loss prevention
Create a custom sensitive information type in the Security & Compliance Center
Sensitive information type entity definitions
Data loss prevention and Microsoft Teams
Resources
06 Conclusion

Experts Live Europe 2023 - Ensure your compliance in Microsoft Teams with Microsoft Purview.pptx

Recommended

Recommended

More Related Content

Similar to Experts Live Europe 2023 - Ensure your compliance in Microsoft Teams with Microsoft Purview.pptx

Similar to Experts Live Europe 2023 - Ensure your compliance in Microsoft Teams with Microsoft Purview.pptx (20)

More from Jasper Oosterveld

More from Jasper Oosterveld (20)

Recently uploaded

Recently uploaded (20)

Experts Live Europe 2023 - Ensure your compliance in Microsoft Teams with Microsoft Purview.pptx