Microsoft Teams is a complete product, not just a chat solution. It has features and functions which is being used by members of Project Management, Security, and even by CxOs. To make this product comply with organization policies, the Governance and Compliance team has to play a part. The members of this team determine the policies which shall be used to protect the organization’s data to be shared or talked about over Teams.
In this blog, I will be sharing some of the functions that are available in Microsoft 365 for Governance and Compliance. All the below settings can be found under Security and Compliance Center or Compliance Portal
The Governance and Compliance team has to be reactive and proactive both at the same time. The audit is one of the functions available in Microsoft 365 Security and Compliance Center which enables the reactive approach of the team. The audit logs let the team knows “who has done what” in Microsoft Teams. For example, they can search for events like the creation of Teams, assignment of roles, creation of connectors, etc. The activities which could be searched can be of Admin and User end both.
The team must have proper roles or permissions in order to view this. A user of this team must be a part of Organization Management or Compliance Management.
Content Search is once again a reactive approach. If an organization gets to know some sensitive information had been leaked over Teams chat (1:1 or Channel), the Governance and Compliance team must investigate it. Using certain Keywords and Conditions like message content, channel name, mailbox associated, Office 365 Group name, etc. can help reach a proper investigation. The results can then be exported and analyzed thoroughly. Please be informed that usage of Content Search should only be given to authorized people in the organization and shall only be used for legal and compliance purposes.
The roles required for Content Search include eDiscovery Manager or eDiscovery Administrator to take out such content searches in Teams.
Data Loss Prevention (DLP)
Now comes some proactive approach where the Governance and Compliance team can ensure no one in the organization leaks internal information or sensitive information even any kind of harassment and threats. The creators of policies can also let users be warned through “Policy Tip” in the header once the message (1:1 or Channel) is blocked. Also, they can also let users lower the policy if it’s found false-positive but with a proper justification. The administrators can also view a granular report of where these DLP policies had been applied and where a false flag was countered.
Users must have Office 365 E5 or Advanced Compliance license as standalone in order to search chat messages. For only files shared through Teams, the E3 license is sufficient but it will not cover chat messages.
Classification is a good practice that should be adopted by organizations to let users understand the integrity and importance of an Office 365 Group or a Team. The classification could be Finance, Marketing, Confidential, External, etc. These are like marking of teams which can be seen by users and accordingly users will be added to those teams. Information shared in such teams which are marked must be protected.
Like Content Search where Governance and Compliance team will be able to search for content in Teams chat messages, Supervision is also similar to capturing information before it is shared with external/internal users over Teams. We set policies and conditions including information related to financial, health, privacy, and harassment that needs to be captured and reviewed by a certain set of users. The users assigned as Reviewers shall take action accordingly.
Please be informed that Supervision is going to retire by October 26th, 2020 and after that, no new policies shall be created. Use Communication Compliance instead for this purpose.