Permissions reporting is only part of the Microsoft Teams security and management equation. Microsoft 365 offers built-in classification and enforcement capabilities to help users identify and protect their collaboration data with Microsoft Development Services. By understanding where sensitive business information resides, we can determine what controls may be needed.
Remember, we don't want to do more than is necessary, we just want to do the right thing. By “tweaking” your approach, you can improve operational efficiency and avoid disrupting valuable collaboration within your organization.
Microsoft Insights
In the Microsoft 365 Security & Compliance Center, you can configure the following:
Privacy Labels _
These tags can be assigned to specific category, priority, and policies. As Microsoft mentions in its documentation , “For example, apply a Confidential © label to a document or email , and that label encrypts the content and applies a Confidential© watermark. Content markings include headers and footers as well as watermarks, and encryption can also restrict the actions authorized people can perform on the content. »
What is the disadvantage of sensitivity labels ? Unless your organization has an E5 or other advanced license, these settings must be manually applied by users, which is not a durable or comprehensive method for securing data in Microsoft Teams. Additionally, these labels really only focus on sensitive data, leaving your general collaboration or sensitive business information unmanaged.
Retention strategies
Retention policies ensure that data (documents, instant messages, etc.) cannot be deleted before the appropriate time period expires. These policies are applied to the container (email, SharePoint site, OneDrive account, etc.). Retention labels can be automatically applied to content if the content contains specific types of sensitive information. Retention labels can also be used as a condition of DLP policies.
However, creating and continuously tracking tags, strategies, and their interactions can be a tedious process. Policies are also enforced tenant-wide, which can unintentionally hinder productive collaboration.
eDiscovery
You can run an eDiscovery search to find your sensitive information. For example, you can initiate a guided search for a credit card number in your environment. You will probably notice that these analyzes take a long time, and this for a single request against a SINGLE type of sensitive information, carried out only once and targeted on a single perimeter. You are also responsible for all information returned, including next steps to secure that copy of the data.
Data Loss Prevention (DLP)
Microsoft 365 DLP policy results can provide insight into which documents contain sensitive information and where those documents are located. Policies can also help ensure that documents that the DLP engine determines contain sensitive information cannot be shared externally.
DLP reports will highlight documents that have been accessed multiple times for definition types as more sensitive than documents that have only been accessed once. The more sensitive information found in a document, the more sensitive the document is considered. The problem with DLP reports is that they identify the location of sensitive data, but not who has access to that data.
In summary, these are all effective native tools to help classify and protect your sensitive data in Microsoft Teams and across Microsoft 365. However, these solutions do not provide sufficient insight into who can access sensitive data. To get this essential metric natively, you'll have to spend hours combining and analyzing multiple unintuitive reports, ultimately getting insights into a single insight.
Given the pace of collaboration and data generation in business today, this report will be essentially out of date by the time you complete your analysis.
0 Comments