Collaboration is a crucial part of our daily work lives. Microsoft Teams made collaboration easier and the sky is the limit. In between all the applause and cheers, customers are starting to ask an important question: How can we secure and manage our data? Jasper Oosterveld, Microsoft MVP & Modern Workplace Consultant, is going to answer this question. You can expect real world advise around sensitivity & retention labels, DLP and managing external access.
Axa Assurance Maroc - Insurer Innovation Award 2024
CollabDays Belgium 2022 - How to secure and manage your data while collaborating with Microsoft Teams
1. How to secure & manage your
data while collaborating,
internally & externally, with
Microsoft Teams
Jasper Oosterveld | @jappie1981
CollabDays Belgium 2022 by BIWUG
#CollabDaysBE
22. InSpark
Managing guests
Working with guest access in Microsoft Teams
Settings
• Block or allow specific domains.
• Expiration per 30 days.
• Verification code per 1 day.
• Idle session sign-out.
Guest review
• Azure Access Reviews (Azure AD P2)
• 3rd party solution (for example ShareGate).
• Manually
25. InSpark
• OLVG receives fine of 440,000 euros for unlawful access to sensitive information.
• Personal data of 65,000 civil servants on the street due to data leak at the ministry.
• Over 100,000 resumes illegally downloaded at Employee Insurance Agency.
Real world examples
Staying compliant with Microsoft Teams
26. InSpark
1. Do you know where your business’s critical and sensitive data resides and what is being done with it?
2. Do you have control of this data as it travels inside and outside of your organization?
3. Do you know what regulations are applicable to your type of industry?
Three important questions
Staying compliant with Microsoft Teams
28. InSpark
Step 1: Information Classification Policy
Staying compliant with Microsoft Teams
• Company data
specifically
prepared and
approved for
public use.
• Company data
intended for
general use
within the
organization.
• Company data
specific to
internal
employees or
specific
individuals or
organizations.
Public Internal Confidential
29. InSpark
Step 2: Information Protection Policy
Staying compliant with Microsoft Teams
Company data is specifically prepared and approved for public use.
• Accessible to all employees (internal) or authorized individuals (external).
• No security.
Company data is intended for general use within and outside the organization (business partners).
• Accessible to all employees.
• Data is protected.
Internal
Public
Company data is intended for internal employees or specific individuals or organizations.
• Accessible for all employees (internal) or authorized persons (external).
• Data is protected.
Confidential
38. InSpark
Scenario: Manual & auto
labeling
Working with sensitivity labels
• Megan Bowen works as a marketing specialist for Contoso.
• She works on the development of the PlayStation 6 (codename: Project
Raven).
• She wants to manually and automatically classify & protect the content
related to the project.
39. InSpark
• Sensitivity label for file & e-mail.
• Custom Sensitive Information Type (SIT) for PlayStation 6 with auto labeling.
• Auto classification connected to the Project Raven document library.
Solution summary
Working with sensitivity labels
40. InSpark
• AIP unified labeling client is in maintenance mode.
• Microsoft advice moving towards the built-in labeling within Office.
• Review the current options & limitations (see resources slide).
Important information about labels!
Working with sensitivity labels
41. InSpark
Scenario: Limited
external sharing
Working with sensitivity labels
1. Alex works as PM on the development of the PlayStation 6 (codename:
Project Raven).
2. Alex wants a private & secure collaboration space with Microsoft Teams.
3. It’s not allowed to add guests.
4. External sharing is only allowed with approved accounts.
42. InSpark
• Sensitivity label for M365 Groups.
• Attach to project sites.
Solution summary
Working with sensitivity labels
45. InSpark
The importance of DLP
Working with Data Loss Prevention
Conscious
sharing
unconscious
sharing
46. InSpark
• Create a policy based on existing regulations (GDPR) or customize your own.
• Select the location (M365, OnPrem, Devices, OS & non-MS cloud apps).
• Define your policy settings (conditions & actions).
• Test & deploy.
High-level overview
Working with Data Loss Prevention
49. InSpark
• Data Loss Prevention Policy for all Microsoft 365 services.
• Connect with Project Raven Sensitive Information Type.
Solution summary
Working with Data Loss Prevention
51. InSpark
• Retain the content for a specified period (days, months & years).
OR
• Retain & automatically delete content after a specified period (days, months & years).
OR
• Automatically delete content after a specified period (days, months & years).
OR
• Retain content forever.
Data lifecycle management
Working with Data Lifecycle Management
52. InSpark
Importance of Data Lifecycle Management
Working with Data Lifecycle Management
Govern
lifecycle
Regulatory
requirements
54. InSpark
Who is using Data Lifecycle Management?
Working with Data Lifecycle Management
55. InSpark
Scenario: Preserve all
project content
Working with Data Lifecycle Management
• Alex wants to preserve all content from Project Raven for an indefinite
amount of time.
56. InSpark
• Retention Policy for the Project Raven team.
• Retention Label for all Microsoft 365 services.
Solution summary
Working with Data Lifecycle Management