Table of Contents

Our Teams Governance Service

Recorded Microsoft Teams Security Webinar

Microsoft's very own, Kevin Martins, and Enabling Technologies' CTO, Chris Stegh, talk about the principals of securing Microsoft Teams on a webinar hosted on a live Microsoft Teams webinar.


Kevin Martins
Kevin Martins is Microsoft’s Principal Partner Technical Architect. He is currently leading a talented team of Microsoft Architects to enhance and build new Microsoft Partner practices. He has 20+ years of experience in leadership, engineering, architecting, consulting as well as project and people management. He has broad experience working directly with clients, executives, and military leadership to achieve impactful results.
Christian Stegh is Enabling’s CTO. Enabling is a 27-year-old professional services firm. Chris helps customers on their most challenging cloud initiatives. He’s backed by a group of Office 365 and Azure consulting engineers, a managed services team that monitors and solves issues 24x7, and change management pros who ensure end users are ready for new tools. He also hovers in Redmond to see where MSFT is headed strategically.


HubSpot Video
There are several layers of Data Loss Prevention in Microsoft's EMS suite, but the best way to protect a file throughout its life cycle, no matter where it ends up, is with Azure Information Protection.

Chris Stegh CTO at Enabling Technologies

Native Teams Security

Teams is part of Microsoft's highest level of cloud compliance commitments. This means that Teams is automatically encrypting messages and audio/video in every level of communications. Teams is also encrypting content at rest. These protections are rarely touched by a human being and most are being handled by Microsoft's machines. However, Teams does not live in a bubble and neither does the governance required for Teams. Governance considerations must also be made for the following (at a minimum):

  • DLP for SharePoint Online & OneDrive for Business
  • Instant Messaging / Chat
  • External access
  • Authentication
  • and more

Microsoft's Matt Soseman put together some great video content for securing Microsoft Teams from a native standpoint as well as with other applications such as Cloud App Security, Azure AD, and more.

Security and Compliance in Microsoft Teams Identity and Access Management
Security and Compliance in Microsoft Teams
Security and Compliance in Microsoft Teams with Microsoft Intune MAM
Security and Compliance in Microsoft Teams with Data Loss Prevention
Security and Compliance in Microsoft Teams with Windows Information Protection
Security and Compliance in Microsoft Teams with Cloud App Security
Security and Compliance in Microsoft Teams with Cloud App Security and Azure Active Directory

User Overrides the Data Loss Prevention Policy

Setting up policies inside your Data Loss Prevention dashboard is key to the success of a more secure Microsoft Teams environment. Luckily, Microsoft makes that process easy for you as the admin. But there are some classifications that you might want to think about before creating that policy.

Tight Control

Middle Ground

Self Help

Business defines what to control and IT must enforce it.
IT proposes and begins implementing DLP
Nothing is tracked or controlled
Remember, set these policies and classifications with as much support from legal and propose a framework. For example:
  1. Highly Confidential (finance and M&A)
  2. Compliant (PII, PHI, industry mandates)
  3. Confidential (new product info)
  4. General (day-to-day work)
  5. Public (anyone can see it)

This question was brought up on our webinar: "When the user overrides the DLP policy, can they do it without any additional approval?" 

Yes, you can configure the DLP override policy so that the user can override it without a Manager approval. A justification could then be required and then logged. As well as emailed to an administration team to monitor this type of activity.

Here is a downloadable Excel file that shows you what features are included with Office 365 vs Azure P1 vs Azure P2.

Guest Access in Microsoft Teams

A lot of people are interested in how guest accounts can be restricted with regards to OneDrive access? Specifically, limiting or fully denying their access to OneDrive while maintaining their access to other Teams functionality.

Well, when inviting an external guest into a Team, the only content they’re able to see is what’s been posted in the Team’s channels. If a file gets shared from a team member’s OneDrive with the Team, no one can see or access other files on the sharer’s OneDrive.

Other Resources

A Maturity Model for Collaboration

The Impetus for a Model There’s no shortage of productivity tools, but there is little means of judging their efficacy. Despite spending time and money on tools and technology, IT leaders still...

Finally! A way to remove the last Exchange Server

Have you completed your migration to Exchange Online?  Many years ago…good for you.  But you are still running and Exchange Server on-premises, why?  Recipient Management, ok, seems a bit overkill to...

Microsoft Teams Governance Service