Prevent Sensitive Insider Risk in Microsoft Teams

Mar 24, 2021

If you’re like most organizations, security was on the top of your list when you moved to the cloud.   What to protect and how to protect your data is an ongoing challenge. Luckily, Microsoft has an expansive portfolio of products to protect your O365 Environment. In this blog post, I will specifically talk about Data Loss Protection (DLP) and more specifically Communication Compliance as a tool in your toolbox that is currently rolling out to the Government Community Cloud (GCC).

Most organizations are already familiar with DLP and have set up file and email protections in Exchange Online, SharePoint, OneDrive, and Teams. But did you know, you still aren’t protected for data loss and sensitive data leakage in Teams Chat and Channels without the correct license model and configurations? Unfortunately, most people are not aware that sensitive data in Teams can be sent to external or internal parties without a Communications Compliance license even if they have DLP for Teams files configured. The communications channel in chat and conversations are still left unprotected.

Announced last February and now available in the GCC, Communications Compliance can solve the communication channel gap. Communications Compliance is a new capability included in Microsoft’s Insider Risk capabilities in the E5/G5 suite, or as an add-on with the Microsoft 365 E5 Compliance suite for customers utilizing M365 E3 or E3 + EMS E3.  Some customers may have the Advanced Compliance sku (no longer available) which also includes these capabilities. With Communication compliance in Teams, organizations can block chats and channel messages that contain sensitive or confidential information like bullying, harassment, financial information, personally identifying information and health-related information.

Communication Compliance doesn’t just include DLP but a toolbox of capabilities for highly regulated compliance customers. Insider Risk is a big problem and you need the right tools to protect your organization. Think about the damage a disgruntled or rogue admin can do to an organization and how you could possibly protect yourself from this scenario. Communication Compliance complements your existing O365 security tools by adding templates for scanning for offensive or threatening language, sensitive information, regulatory compliance, and conflict of interest scenarios.  You also have the ability to build  a custom policy for specific communication channels, individual detection conditions and the amount of content to monitor and review in your organization.

Once your templates are set up you are now ready to monitor, investigate and remediate alerts for both incoming and outgoing communications.  Different roles are available from administrator to analyst to investigator so you can separate your IT Admin (even Global Admins) from your compliance management team.

When setting up policies you can scope the policy down to a user, specific users, all users, a group, a channel, chat or to the other workloads in O365.  With Communication Compliance you finally have the visibility and tools to get alerts, investigate and react to your most risky user and organizational behaviors. Additionally, users will get a policy tip and removed messages and content are replaced with notifications for viewers explaining that the message or content has been removed and what policy was applicable to the removal. The sender of the removed message or content is also notified of the removal status and provided with the original message content for context relating to its removal. This scenario is very similar to how Twitter and Facebook remove content that is undesirable.

By now you understand the benefits of why these new capabilities are important. If you own Advanced Compliance, E5/G5 or the add-on sku for Microsoft 365 E5 Compliance suite, now is the time to set these configurations and get started.

If you would like to learn more about these capabilities contact your Cloud Strategist for more information and watch this quick video.