The document discusses the importance of security and compliance within Microsoft Teams, highlighting various policies and features that protect data and ensure user privacy. It covers topics such as Data Loss Prevention (DLP), meeting security options, and the role of sensitivity labels in information protection. Additionally, it provides insights into compliance management and best practices for securing Teams' environments while balancing accessibility and protection.

1. #ScottishSummit2022
#ScottishSummit2022
Understanding
Security and Compliance in
Microsoft Teams
Chirag Patel MVP MCT

2. #ScottishSummit2022
Thank You to our Sponsors…
Event Sponsor
Platinum Sponsors

3. #ScottishSummit2022
Thank You to our Sponsors…
Gold Sponsors
Accessibility
Event Lunch Data Analytics
Data Quality

4. #ScottishSummit2022
Chirag Patel
techchirag.com
• Microsoft 365 Consultant, Architect, Trainer
• Deployment, Migrations, Implementations
• M365UK Organiser, Speaker, Viva Explorer
M365 Consultant
Patel Consulting

5. #ScottishSummit2022
Session overview
Teams part of
Microsoft 365 and
its dependencies
Responsibilities
(business
functions & users)
and policy
controls
State of your data
(activity & content
explorer, scores &
improvement
actions)
Deep dive
classifications
containers,
sensitivity labels,
DLPs

6. #ScottishSummit2022
Microsoft Teams & Dependencies
Communicate Collaborate
Customise Confidence

7. #ScottishSummit2022
Balancing Security & Compliance Needs
IT
Business
Employee
Security Officer
Legal IT Admin
• Prevent data leaks and breaches
• Protect high value information
• Accomplish business goals as simply as
possible – if it is too hard find an easier way…
• Limit business disruption
• Get out of my way
• Make it easy for me to get my work done fast
• Share easily but protect my secret stuff
• Manage the increasing volume of data
• Keep up with changing services & threats
• Make all other roles happy
• Comply with retention
• Support eDiscovery

8. #ScottishSummit2022
Security, compliance and
privacy in Teams
Meeting Security
Data Protection
& Governance
User Privacy
Compliance &
Regulations
Keeping up with
roadmap

9. #ScottishSummit2022
Security, compliance and privacy
in Teams
1. Meeting options
2. Meeting role designation
3. Recording consent
4. Recording access
5. Channel moderation and controls
6. Apps management
7. Teams Settings and policies
8. Secure guest access
9. Communication compliance
10. Multi-Factor Authentication
11. Conditional access
12. Endpoint Manager
13. External access
14. Encryption
15. Data loss prevention
16. Sensitivity labels
17. Advanced Threat Protection
18. Cloud App Security
19. Information barriers
20. eDiscovery, legal hold, audit log,
content search
21. Retention policies
22. Data residency
23. Data management reports
https://www.microsoft.com/en-gb/microsoft-365/microsoft-teams/security

10. #ScottishSummit2022
What’s in a name?

11. #ScottishSummit2022
Plain English Policies
ID Suggested Policy
1 Enable multi-factor authentication (MFA) for all staff
2 Enable MFA for Admins with assigned administrative rights
3 Enable just-in-time access to complete admin tasks
4 Enforce mobile app protection for phones and tablets
5 Block devices that don’t support modern authentication
6 Require compliant PCs and mobile devices
7 Assign Classification in M365 Groups, Microsoft Teams, SharePoint sites
8 Classify content with sensitivity labels to enable protection
9 Classify information with retention labels
10 Provision data loss prevention (DLP) policies
11 Microsoft cannot access our content to perform service operation without approval
https://docs.microsoft.com/en-us/microsoft-365/security/microsoft-365-security-for-bdm

12. #ScottishSummit2022
Compliance Manager
Pre-built &
custom
assessments
Workflow
capabilities
Step-by-step
guidance on
suggested
improvement
actions
Risk-based
compliance
score
• Controls
• Microsoft managed controls
• Your controls
• Shared controls
• Assessments
• In-scope services
• Microsoft managed controls
• Your controls
• Shared controls
• Assessment score
• Templates
• Improvement Actions
https://docs.microsoft.com/en-gb/microsoft-365/compliance/compliance-manager

13. #ScottishSummit2022
Sensitivity Labels – VALUE of content
Label Scope
Files & emails
Encrypt
Assign
permissions
or let users
decide
User access
to content
expires
Allow offline
access
Content
Marking
Auto-
labelling
Groups & sites
Privacy and
external user
access settings
Public,
Private or
None
External
user access
Device access
and external
sharing settings
Control
external
sharing
(labelled
sites)
Access from
unmanaged
devices –
Full access,
web-only,
block
access
Label Policy
 1 or more labels
 Users and Groups
 Default label
 Mandatory label
 Require users to justify
 Link to custom help page
(use SharePoint!)

14. #ScottishSummit2022
Enable sensitivity labels for containers
and synchronise labels
Import-Module AzureADPreview
Connect-AzureAD
$TemplateId = (Get-AzureADDirectorySettingTemplate | where { $_.DisplayName -eq "Group.Unified" }).Id
$Template = Get-AzureADDirectorySettingTemplate | where -Property Id -Value $TemplateId -EQ
$Setting = $Template.CreateDirectorySetting()
$Setting["UsageGuidelinesUrl"] = "https://guideline.example.com"
New-AzureADDirectorySetting -DirectorySetting $Setting
$Setting = Get-AzureADDirectorySetting -Id (Get-AzureADDirectorySetting | where -Property DisplayName -
Value "Group.Unified" -EQ).id
$Setting.Values
$Setting["EnableMIPLabels"] = "True"
Set-AzureADDirectorySetting -Id $Setting.Id -DirectorySetting $Setting
Import-Module ExchangeOnlineManagement
Connect-IPPSSession -UserPrincipalName admin@M365x011743.onmicrosoft.com
Execute-AzureAdLabelSync
https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels-teams-groups-sites

15. #ScottishSummit2022
Information protection in
Microsoft Teams
• Automatically set a Teams to Private to
prevent other users to join without being
invited by team owners.
• Block access from people outside your
organisation to prevent team owners from
inviting external guests.
• Limit access to Teams from unmanaged
devices to prevent data leakage.
Note
Sensitivity labels for containers support Teams shared channels, currently in preview. If a team
has any shared channels, they automatically inherit sensitivity label settings from their parent
team, and that label can't be removed or replaced with a different label.

16. #ScottishSummit2022
Data Loss Prevention for
Microsoft Teams
DLP Rules
Conditions
Content
contains
Sensitive
info types
Content is shared from
Microsoft 365
People
inside
organisation
People
outside
organisation
Exceptions
Except if content is
shared from Microsoft
365
People
inside
organisation
People
outside
organisation
Actions
Restrict
access or
encrypt
content in
Microsoft
365
locations
Audit or
restrict
activities n
Windows
devices
Restrict
Third Party
Apps
User notifications
Email
users
and/or
owners
Policy Tips
User
override
s
Incident reports
Severity
Alerts to
admins
Email
incident
reports
Additional
option for
processing
policies
and rules
• Exchange email
• SharePoint sites
• OneDrive
Accounts
• Teams chat and channel
messages
• Devices
• Microsoft Cloud App Security

17. #ScottishSummit2022
Data Loss Prevention for
Microsoft Teams
• Automatically block messages which contain
sensitive information
• Prevent sharing sensitive information in a
channel or chat session
• Educate and guide end-users with notifications
and “policy tips”
• Unified classification engine supporting 90+
sensitive information types and custom
sensitive info type creation

18. #ScottishSummit2022
Guest Access and External Sharing
https://docs.microsoft.com/en-us/microsoftteams/teams-dependencies

19. #ScottishSummit2022
Attack Simulations
• Simple way to host and deliver the
training material within your own
environment
https://security.microsoft.com/attackSimulatorTrainings

20. #ScottishSummit2022
Top tasks for security teams to support
working from home
https://docs.microsoft.com/en-us/microsoft-365/security/top-security-tasks-for-remote-work

21. #ScottishSummit2022
Configure Teams with three tiers of
protection
- Baseline (Public) Baseline (Private) Sensitive Highly sensitive
Private or public
team
Public Private Private Private
Who has access? Everybody in the organisation,
including B2B users.
Only members of the team. Others
can request access to the
associated site.
Only members of the team. Only members of the team.
Private channels Owners and members can
create private channels
Owners and members can create
private channels
Only owners can create private
channels
Only owners can create private channels
Site-level guest
access
New and existing
guests (default).
New and existing guests (default). New and existing guests or Only
people in your organization depending
on team needs.
New and existing guests or Only people in
your organization depending on team
needs.
Site sharing
settings
Site owners and members, and
people with Edit permissions
can share files and folders, but
only site owners can share the
site.
Site owners and members, and
people with Edit permissions can
share files and folders, but only site
owners can share the site.
Site owners and members, and
people with Edit permissions can
share files and folders, but only site
owners can share the site.
Only site owners can share files, folders,
and the site.
Access requests Off.
Site-level
unmanaged device
access
Full access from desktop apps,
mobile apps, and the
web (default).
Full access from desktop apps,
mobile apps, and the web (default).
Allow limited, web-only access. Block access.
Default sharing link
type
Only people in your
organization
Only people in your organization Specific people People with existing access
Sensitivity labels None None Sensitivity label used to classify the
team and control guest sharing and
unmanaged device access.
Sensitivity label used to classify the team
and control guest sharing and unmanaged
device access. Label can also be used on
files to encrypt files.

22. #ScottishSummit2022
Further resources
• Microsoft 365 licensing guidance for security & compliance
• Download the Detailed Microsoft 365 Compliance Licensing Comparison
• Microsoft 365 Roadmap
• Manage information protection and governance – Learning Path
• Microsoft Security and Compliance - Microsoft Tech Community
• Microsoft Teams Blog - Microsoft Tech Community
• Joanne C Klein – SharePoint, Microsoft 365 and Azure Things

23. #ScottishSummit2022
Thank You to our Sponsors…
Event Sponsor
Platinum Sponsors

24. #ScottishSummit2022
Thank You to our Sponsors…
Gold Sponsors
Accessibility
Event Lunch Data Analytics
Data Quality

25. #ScottishSummit2022
Thank you! techchirag.com