Microsoft's very own, Kevin Martins, and Enabling Technologies' CTO, Chris Stegh, talk about the principals of securing Microsoft Teams on a webinar hosted on a live Microsoft Teams webinar.

Kevin Martins is Microsoft’s Principal Partner Technical Architect. He is currently leading a talented team of Microsoft Architects to enhance and build new Microsoft Partner practices. He has 20+ years of experience in leadership, engineering, architecting, consulting as well as project and people management. He has broad experience working directly with clients, executives, and military leadership to achieve impactful results.

Christian Stegh is Enabling’s CTO. Enabling is a 27-year-old professional services firm. Chris helps customers on their most challenging cloud initiatives. He’s backed by a group of Office 365 and Azure consulting engineers, a managed services team that monitors and solves issues 24x7, and change management pros who ensure end users are ready for new tools. He also hovers in Redmond to see where MSFT is headed strategically.

Teams is part of Microsoft's highest level of cloud compliance commitments. This means that Teams is automatically encrypting messages and audio/video in every level of communications. Teams is also encrypting content at rest. These protections are rarely touched by a human being and most are being handled by Microsoft's machines. However, Teams does not live in a bubble and neither does the governance required for Teams. Governance considerations must also be made for the following (at a minimum):

Setting up policies inside your Data Loss Prevention dashboard is key to the success of a more secure Microsoft Teams environment. Luckily, Microsoft makes that process easy for you as the admin. But there are some classifications that you might want to think about before creating that policy.

1. Highly Confidential (finance and M&A)
2. Compliant (PII, PHI, industry mandates)
3. Confidential (new product info)
4. General (day-to-day work)
5. Public (anyone can see it)

This question was brought up on our webinar: "When the user overrides the DLP policy, can they do it without any additional approval?" 

Yes, you can configure the DLP override policy so that the user can override it without a Manager approval. A justification could then be required and then logged. As well as emailed to an administration team to monitor this type of activity.

Here is a downloadable Excel file that shows you what features are included with Office 365 vs Azure P1 vs Azure P2.

A lot of people are interested in how guest accounts can be restricted with regards to OneDrive access? Specifically, limiting or fully denying their access to OneDrive while maintaining their access to other Teams functionality.

Well, when inviting an external guest into a Team, the only content they’re able to see is what’s been posted in the Team’s channels. If a file gets shared from a team member’s OneDrive with the Team, no one can see or access other files on the sharer’s OneDrive.