Microsoft Teams Security and Compliance Overview

Microsoft Teams Compliance

We help our clients utilize Communication Compliance and Microsoft Teams. Both are tightly integrated and can help minimize communication risks in any organization.

Communication Compliance with Microsoft Teams

We implement Communication Compliance, which is an insider risk solution in Microsoft 365 that helps minimize communication risks by helping our clients detect, capture, and act on inappropriate messages in their organization.

For Microsoft Teams, communication compliance helps identify the following types of inappropriate content in Teams channels, Private Teams channels, or in 1:1 and group chats:

  • Offensive, profane, and harassing language
  • Adult, racy, and gory images
  • Sharing of sensitive information

using deFAULT settings?

Book a free demo and learn best practices for secure and compliant Teams communication.

Learn how Teams enforces team-wide and organization-wide two-factor authentication, single sign-on through Active Directory, and encryption of data in transit and at rest.

Users Related Security Controls

Microsoft Teams is built on the Microsoft 365 and Office 365 hyper-scale, enterprise-grade cloud, delivering the advanced security and compliance capabilities our customers expect. For more information on planning for security in Microsoft 365 or Office 365, The Glitterati is a good place to start. We help our clients on their journey planning or Microsoft Teams security and compliance.

Further, Teams uses the following standards: ISO 27001, ISO 27018, SSAE18 SOC 1 and SOC 2, HIPAA, and EU Model Clauses (EUMC).

We offer a wide-range of information to help clients with compliance areas.

Information Barriers

Information barriers are policies we help put in place by to do things like keep people or groups from communicating with one another (when there is no business need for them to do so or a regulatory reason to block them from doing so), and it also provides a way for our clients to set policies relating to things like lookups and eDiscovery. These policies can impact users in 1:1 chats, group chats, or at a team level.

Communication Compliance

We help our clients add users to in-scope policies that can be configured to examine Microsoft Teams communications for offensive language, sensitive information, and information related to internal and regulatory standards. Our clients can be comfortable that Chat communications and associated attachments in both public and private Teams channels, individual chats, and attachments are scanned to help minimize communication risks in any organization.

Data Loss Prevention (DLP)

Data Loss Prevention (DLP) in Microsoft Teams, as well as the larger DLP story for Microsoft 365 or Office 365, revolves around business readiness when it comes to protecting sensitive documents and data. Whether our clients have concerns around sensitive information in messages or documents, the DLP policies we implement help ensure our client’s users don’t share sensitive data with the wrong people.

eDiscovery

We implement sensible eDiscovery. Electronic discovery, or eDiscovery, is the electronic aspect of identifying, collecting, and producing electronically stored information (ESI) in response to a request for production in a lawsuit or investigation. The capabilities include case management, preservation, search, analysis, and export of Teams data. This includes our client’s chat, messaging and files, meeting and call summaries. Moreover, for Teams meetings and Calls, a summary of the events that happened in the meeting and call is created and made available in eDiscovery.

Information Governance

Microsoft Information Protection for Files

The encrypted files are now treated as first class experience in SharePoint, OneDrive, and Teams, and users can search for them and also co-author in Office Apps in them.

Information Barriers (IB) for SharePoint, OneDrive and Teams

You may have compliance need to put barriers in collaboration and communication between certain set of users in your organization to avoid conflict of interest. You can now achieve these controls in Microsoft 365, checkout the Information Barriers scenario link above.

Retention Labels

You can meet your governance needs for retaining or deleting the content after certain period of time, check out the retention labels and policies link above.

Records Management

Organizations of all types require a records management solution to meet their regulatory, legal, and business requirements. Microsoft 365 records management is designed to help you meet these requirements. Check out the link above for more details.

During Litigation

During litigation, our clients may need all data associated with a user or a Team to be preserved as immutable, so that it can be used as evidence for the case. We teach our clients how they can do this by placing either a user (user mailbox) or a Team on legal hold.

This supports the client by ensuring, even if end users delete or edit channel messages that are in the group mailbox, immutable copies of that content are maintained and available through eDiscovery search.

Even more Teams-specific information on legal hold is available, and can be leveraged when necessary.