teams enablement - security & compliance workshop...mobile client • ios (7.1+) • android...
TRANSCRIPT
Transforming workplace
collaboration is a
business imperative
86%of leaders cite lack of collaboration or ineffective communication top
reason for workplace failures
65%of leaders agree that moving from hierarchical to team based
working is critical for their success in 2019, but only 7% say
they are ready
45%of leaders have or are implementing web-based collaboration
solutions at scale in their companies
Microsoft Teamsis the hub for teamwork in Microsoft 365
Chats
Meetings
Calls
Files
Apps and workflows
Transform workplace collaboration
Streamline businessprocesses
Connect everyone on
a single platform
Teams
Provide enterprise grade security & compliance
Teams – Security & Compliance
Protect your sensitive data–wherever it travels.
Secure identities, control access
Identity & access management
Discover and respond
Information protection
Managerisks
Data governance
Identify, collect and produce content
Manage content lifecycle Enforce communication compliance policies, detect
malicious content
Identity & access management Secure identities, control access
• Cloud Identity
• Synchronized Identity
• Federated
Windows
Hello
SMS,
Voice
Hard
Tokens OTP
FIDO2
Security key
Push
Notification
MFA prevents 99.9% of identity
attacks
Microsoft
Authenticator
of breaches leverage stolen or weak
passwords
81%
IT admins can make the use of Microsoft Teams more secure by enforcing restrictions on both managed and
non-managed devices using Intune MAM and CA policies.
Prevent data loss between Teams and other personal apps
Employees can use their favourite device to access Teams securely✓
✓
Protect data at the Teams App level without having to manage devices
Simplified enrolment process to increase user adoption✓
✓
▪ Conditional access policies based on
▪ Exchange and SharePoint Conditional Access
Policies apply to Teams
Device / Platform
Mobile Client
• iOS (7.1+)
• Android (4.0+)
Desktop Client
• Windows PC
(8.1+)
• Mac OS X
Web Client
• IE, Edge
Block access
Require MFA
Allow access
Verify every access attempt
Signals Teams
Application
User and location Device
Real-time risk
Conditional Access
Prevent
Teams access
from non-
work
locations
Way for external Teams users from an entire domain to
find, call, chat, and set up meetings with you in Teams.
Examples:• For example, [email protected] and [email protected] are working on a project
together along with some others in the contoso.com and northwindtraders.com domains.
• Users in your organization use Teams to contact people in outside of your organization.
• Any Teams user in any org can find and contact you, using your email address.
Information protectionProtect your sensitive data –wherever it travel
DLP Mode
- Passive
- Intercept
Sharing of data
- Internal
- External
Scoping
- Per User
- Per Team
Security
Performance
Flexibility
Protection
- Messaging
- Files
Primary DLP Scenarios in Teams
▪ File sharing with external users (guests, federation)
▪ Chats & channel messages with external users (guests, federation)
▪ Sensitive content shared within inappropriate teams
Types of Protection
▪ Protection through storage of files in OneDrive for Business and
SharePoint Online
▪ Protection and classification thru O365 DLP engine &
investigating 3P integration
▪ Teams UX allows for policy blocks, false positives, overrides and
edits.
Policy tips
Block sharing
User overrides
Notification emails
Admin Alerts
Incident Reports
Integration with Activity API
Custom Sensitive Types
Data Loss Prevention in Teams
Discover and respondIdentify, collect and produce content
Discovering data efficiently is
important for both legal and IT
professionals
57%Of corporate counsel plan to increase their total
eDiscovery spend next year
$3BWas spent on eDiscovery software in 2018
71% Of corporate counsel are leveraging technology
and/or best practices to improve legal operations
Capability
In-place
eDiscovery
Advanced
eDiscovery
Case Management ✓ ✓
Access Control ✓ ✓
Content Searches ✓ ✓
Hold(s) ✓ ✓
Export ✓ ✓
Duplication Detection - ✓
Relevance Searches with
Machine Learning
- ✓
Unstructured Data Analysis - ✓
Case management
Access Control
Content Searches
Hold(s)
Export
Advanced eDiscovery
All of in-Place +
Duplicate detection
Relevance Searches with
Machine Learning
Unstructured Data
analysis
In-p
lace
eD
isco
very
Red
uce
eD
iscovery
costs
• If a Microsoft Teams-enabled user
has an on-premises mailbox and
their user account/identity has been
synched to the cloud, Microsoft
creates a cloud-based mailbox (or
phantom mailbox) to store 1xN
Teams chat data.
• After the Teams chat data is stored in
the cloud-based mailbox, it's indexed
for content search. Learn more
• Channel Messages – Covered by EXO
Group mailbox
• Guest Users 1xN Chat – Covered by
Cloud Storage
Features Available
Content Search, Preview & Export Now
Support for Retention Policies Coming soon
Support for Legal Hold Coming soon
Data Governance
Manage content lifecycle
Data governance & retention in Teams
Comply
proactively with
industry
regulations and
internal policies
Reduce your risk
in the event of
litigation or a
security
Help your
organization to
share knowledge
effectively and be
more agile
• Retention Policies allow IT admins to manage the lifecycle of
content within Office 365, including all data from Teams.
• Retention Policies if set, will wipe out the Teams Data from all
possible locations in the Microsoft cloud infrastructure. If
persistent chat is a requirement without retention, then default
retention policy can be overridden to extend it for N years (or
indefinitely).
▪ Flexible – different policies for
different types of Items
▪ Standard Preservation &
Deletion Policy templates
▪ Integrates with Legal Hold and
e-Discovery
▪ Integrated Management
Teams related Retention
polices
Retention period Retention action
Chats (1x1, 1xN) Configurable by tenant (days)
in Security and Compliance
Center, example: 30 days
▪ Delete & Allow recovery
▪ Permanently delete
▪ Archive
Channel messages Configurable by tenant (days)
in Security and Compliance
Center, example: 365 days
Files (SharePoint Online and
OneDrive for Business)
Configurable by Tenant for Site
Templates, Site Collections and
Document Deletion
▪ Delete & Allow recovery
▪ Permanently delete
▪ Manage through Records
Management
Establish Team or chat retention and deletion policies
Retention policies for Teams
Establish Team or chat retention and deletion policies
Retention or Deletion policies
• Archiving in Office 365 enables preservation of all content
immutably and enables retention, eDiscovery and other
compliance capabilities.
• Archiving for Microsoft Teams leverages existing Office 365
archiving management tools that are used for email and
SharePoint files.
• A team can be archived when it’s not longer active, it will be read-
only and it can be reactived in the future.
• Microsoft Teams chats and channel messages are archived using
Exchange online storage
• 1: 1 chats and group chats → individual mailboxes
• Channel messages → group mailboxes
• Messages are automatically moved to the archive mailbox
after two years*
• Office 365 Compliance Admins will have a fast learning curve with
Teams Archival Process since it leverages the Security and
Compliance Center in Office 365 admin portal.
▪ Immutable data
▪ Integrated management
▪ Safeguard your data
▪ Highly reliable, available and
performant
▪ Unlimited Storage*
• When a reasonable expectation of litigation exists, organizations
are required to preserve electronically stored information (ESI)
relevant to the case. This expectation often exists before the
specifics of the case are known and organizations may need to
preserve broadly all information related to certain individuals,
keywords or topics.
• Litigation Hold is normally used when an entire mailbox has to be
put on hold.
• In-place hold is used when holds are to be created and placed
based on fine tuned search criteria across mailboxes.
• All of the Teams Information Protection dataset can be put on
litigation hold. This includes 1:1 chats, Group chats, Channel
messages, Files, OneNote and Wiki.
• Users can continue to use Teams seamlessly when their data is put
on hold.
• What happens to edits and deletes when a user is on hold
• All Teams Chats, Channel Messages (both current and
archived) are subjected to hold
• All Edits to Messages are allowed but will be tracked
separately than the original message
• All Deleted Teams data will still be persisted.
▪ Permanently Preserved Data
within Office 365 solution
▪ Flexibility: Multiple Time Based
Holds
▪ Integrated management with
eDiscovery
▪ Narrow Down on Legal Data –
Intelligent Query based holds
▪ Transparent to End User
GA
▪ Search Across item types
▪ Search Organization wide
▪ Highly Scalable
▪ Export for offline use
▪ Uncover Search Statistics
• Content Search can be used to search mailboxes, SharePoint
Online sites, OneDrive for Business Locations and Teams Data
across all of the organization. There are no limits on the number of
mailboxes or the number of searches that can be run at the same
time.
• Search Location
• All Teams user accounts and locations (SharePoint, Exchange,
OneDrive for biz) within a tenant can be included in a content
search.
• Search Filters
• Case Keywords, Team/Channels, To/From lists, Date Time, Size,
Message Type and File types are some of the many criteria
supported in Content Search.
• All Compliance Content Search results can be exported into a
Outlook Data File or .PST File. Individual Files and attachments can
also be downloaded and exported in a report.
GA
• Auditing and reporting supports the need for IT Admins to track
important business events within Office 365 and now in Teams.
• Audit Log(s) will be updated and available for searching and
reporting in up to 24 hours from when the activity was done in
Teams Client.
▪ Audit all Teams Events
▪ Audit all/specific users
▪ View, Filter, Export results
▪ Unlimited Auditing Timeline
Account Logon events
User/Admin Login and Logout from teams
Client(s)
Service Logins and Sessions
Object/File Access Events
File Creation/Access/Upload/Deletion
File rename/modification/movement/restoration
File Copy/Checking in and out
Process Tracking events
Setting Store Changes – Client and Admin
Portals
Additions of Connectors or Bots
Editing of Posted Chat messages
Account Management events
User Roles/Permissions setting/editing
Teams Enablement or License assignment
events
Group/Team/Channel Creation and Deletion
and member updates
Audited
Events
Manage internal risksEnforce communication policies
Organizations face a broad range of risks from insiders
Data spillage
Confidentiality
violations
IP theft
Workplace
violence
Regulatory
compliance
violations
Fraud
Policy
violations
Insider trading
Conflicts of
interest
Leaks of sensitive
data
Security
violations
Workplace
harassment
Information Barrier (IB)/Ethical wall in Teams
.
Quarantine information
Restrict information sharing
Control flow of information
Information Barrier in Teams
Info Barrier policies in Security & Compliance Center
Meetings between segmented users
Supervision in Teams
.
Risk ManagementIdentify and manage legal
and corporate risk
Regulatory ComplianceSEC, FINRA require
communications oversight
Corporate PoliciesEmployees must
comply with ethical
and other corporate
standards
Supervise Teams content – channels & chats
Supervision – specify conditions
Teams events as part of M365 Audit
Get visibility into
changes to policies,
groups
Need investigation
capability around
breaches
Gain visibility into
changes to org
compliance policies
Need to know who
accessed what, when &
how
Audit log’s in Teams
Audit of users who are added
MCAS + Teams
Alert’s for external users added to Team
Office 365 Advanced Threat ProtectionProtect against sophisticated threats and automatically investigate and remediate attacks
Actionable insights
Automated response
Industry-leading protection
Training & awareness
ATP Safe links in Teams (roadmap)
Advanced Threat Protection – Safe Attachments
O365 ATP Safe links