Protecting against Data Loss in Microsoft Teams Meeting Chats

In my recent blog called My Teams Security Slide I called out support for Data Loss Prevention (DLP) Policies for Microsoft Teams. I think most IT Pros are very familiar with these native platform controls built into Microsoft 365 and may have already applied them to Microsoft Teams Chats and Channels.

One thing I always point out is these same polices will be applied during a Microsoft Teams Meeting to protect against accidental data loss from within the Meeting Chat. This short video demo provides an example use case:

So in the video above Joni invites Adele to a meeting in her Microsoft 365 tenant and is protected from erroneously sharing credit card information. But what happens when Joni is in a meeting that’s hosted in an external tenant?

She is still protected! Check this video out:

Securing Teams Meetings Content Sharing

I recently posted a short blog called My Teams Security Slide, which contained an overview of the security controls I associate with Microsoft Teams. One of the features I listed was “Sensitivity Labels for Content”, which for organisations concerned about data loss prevention is a way of classifying content and applying security policies.

So what does this has to do with a Teams Meeting?

Microsoft 365 Sensitivity Labels actually allow administrators to managed document permissions and Microsoft Teams will honour these. One of the net effects is that is that you can restrict the ability to share confidential documents during a Teams Meeting.

I created this video to demonstrate the resulting end user experience.

This is a great way to protect against accidental data loss during a Microsoft Teams share. But what about policing a Teams Meeting chat? I’ll talk about this in a future post.

My Teams Security Slide

One of the things that I personally like about Microsoft Teams from an architect’s perspective is that the service leverages existing Microsoft 365 and Azure AD security capabilities. From an Admin’s perspective, the security features available for other Microsoft 365 services such as EXO and SPO are, when relevant, directly applicable to Teams.

Having said this, if you are new to Microsoft Teams you might struggle to get your head around which of the myriad of available controls relate to Teams and whether they fall under the Microsoft 365 or Azure AD administrative umbrellas. To try and help with this I recently created the diagram below to try and position a lot of the “bells and whistles” you might want to consider for a Teams security posture. One point to note is that different customers (or parts of a business) will have different security requirements. But I use this chart as a bit of a cheat sheet to remind me of some of the main components that should/could be considered during the planning stages of a Teams implementation.

Note; As per the slide name this is a “sample” of the capabilities so may not be exhaustive but it works for me as a super high level overview.

Anyway, just thought I’d post this in case this was helpful. I’ll probably bring some of the features mentioned above to life by way of some video demos in future posts.