Microsoft Teams Security Part 2 – Compliance Configurations
In this blog post we will discuss the details about configuring the settings for compliance in your organization. In this particular area, we look only at compliance: configurations need not impact users’ experience with collaboration.
This is the second part of our three-part blog series about Microsoft Teams Security. Here we will dive into Microsoft Teams Security details related to compliance aspects. In Part 1, we took a deeper look at the settings for collaboration options in Microsoft Teams, while part 3 covers the specific configuration of security in Microsoft Teams.
1. Communication Compliance for Microsoft Teams
For Microsoft Teams, the Microsoft 365 Compliance Center allows admins to control communication compliance. Here you can configure compliance settings for your organization’s Microsoft Teams environment as well as other platforms.
You should make sure to check your admin permissions beforehand, though. Global Admin permissions are not sufficient in order to access and make changes in the individual areas of the M365 Compliance Center. At the moment, you can find the necessary Compliance permissions in two locations:
1. In the Office 365 Security & Compliance center under ‘Permissions’.
In the future, however, the Office 365 Security & Compliance Center will be gradually replaced by the Microsoft 365 security center, the Microsoft 365 Compliance center and the Exchange admin center.
2. Directly in the Microsoft 365 compliance center under ‘Permissions’.
Once you have accessed the Permissions, simply filter the available permissions by entering ‘compliance’ in the search field. Click on the permission name, and in the new panel on the right side of the screen, scroll down to find the section titled ‘Members’. Click on ‘Edit’ and add the required user as a new member. Don’t forget to save after you’re done.
What are the benefits Communication Compliance?
- Communication Compliance is supposed to automatically detect inappropriate communication and notify reviewers, based on pre-defined policies. Common use-cases are e.g. monitoring communications for offensive language, sensitive information, financial regulatory data, conflict of interest.
- You can use artificial intelligence to create policy templates and detect if communication rules are violated within the organization.
- If necessary, you can take fast action by checking messages against policies and starting automated workflows if necessary.
- You can see all the important information in a customizable dashboard.
The tools available in Communication Compliance offer a lot of options to control and monitor information and provide insights for improvements. These tools are definitely worth keeping in mind for optimizing communication and regulatory compliance.
2. Data Location for Microsoft Teams
Make sure you keep an eye on the laws regulating data location in your country. Microsoft supports you in complying with these laws by showing you where exactly your data is stored. For each Microsoft app, which includes Microsoft Teams, you can find out where your data is stored in these easy steps:
- Go to Microsoft 365 Admin Center.
- Select “Settings.”
- Select “Org settings.”
- Select “Organization Profile.”
- Select “Data Location.”
Data storage: Multi-Geo Support
Microsoft has introduced rolling out support about multi-geo capabilities at Microsoft Ignite 2021. By using this multi-geo support feature, users can track and manage the location of data. Users can also specify the data centers where they prefer their data to be stored – an important part of achieving data compliance and complying to security regulations.
Keep control of your data with External User Manager. Easily manage external users with the approval workflow, access control and reporting.
3. Data Retention Policies for Microsoft Teams
Data retention is one of the most critical yet underrated topics within compliance and governance. This is why you should make sure to pay attention to the Retention feature, which can be found in the M365 Compliance Center under Policies / Information Governace. With data retention policies, you can control the information in your organization, or to be more precise: which information is stored for which period of time. We highly suggest working with retention policies in order to comply with legal regulations, organization policies or industry policies.
In a scenario where you need to keep data for a particular period, you can utilize retention policies to make sure it is not deleted prematurely. If you need to make sure data is deleted on time, e.g. due to GDPR regulations, you can also create retention policies for this purpose.
Data retention policies are supported by Microsoft Teams for channel messages as well as chat messages.
You can easily enable Microsoft Teams data retention policies for individual users, teams, or for the whole organization. However, make sure to do your homework and thoroughly research your organization’s needs and prerequisites before creating retention policies.
4. Audit for Microsoft Teams
In Microsoft 365, the audit logging feature should be enabled by default. We suggest you check if your audit logs are turned on or off for your tenants. (See Microsoft’s documentation on how to turn auditing on or off.)
With the Audit logs, you can analyze many different user activities. Find out e.g. which user deleted a document or if an admin reset a user’s password. Any activity related to email, groups, documents, permissions, directory services, and many more, can be analyzed through the Audit logs.
You can find the full list of Teams activities in the Microsoft documents:
https://learn.microsoft.com/en-us/microsoft-365/compliance/audit-teams-audit-log-events
5. eDiscovery – Find Information Across Applications
eDiscovery is a feature in the M365 Compliance Center that offers the tools to find information across Microsoft applications, specifically information needed for legal matters or processes concerning due diligence. Once you enable this incredibly powerful tool, you will get quick access to search relevant content in several areas.
eDiscovery tools for Microsoft 365 allow you to search information pertaining to your search queries in Microsoft Teams, Microsoft 365 groups, SharePoint Online, OneDrive for Business, Yammer Teams, Exchange Online mail boxes, etc. Apart from the content search, the essential tools for eDiscovery are Core and Advanced eDiscovery.
Searching for data, creating holds, exporting content, and other relevant actions are easily set up, the interface is pretty easy to use. The other part of the equation requires more time: Setting up the correct search query takes a bit of effort.
How to Use Relevant eDiscovery Tools?
There are numerous options for setting up eDiscovery. To list and explain them all would go beyond the scope of this article. Please refer to this Microsoft document for more details: https://learn.microsoft.com/en-us/microsoft-365/compliance/ediscovery
This concludes the second part of our three-part blog series about Microsoft Teams Security with Compliance Configurations. Take a look at Part 1, where we took a deeper look at the settings for collaboration options in Microsoft Teams. Or go to part 3 with specific configurations of security in Microsoft Teams.
Do you want to improve your Microsoft Teams compliance? Our External User Manager for managing and controlling guest users, and at our Teams Manager for Microsoft Teams templates, lifecycles and naming conventions, could help you!
CEO and Governance Expert – Christian Groß is a Teams expert from the very beginning. In the last 4 years he developed 6 Teams Apps, built up his own service company and additionally founded the largest German-speaking Teams conference.
