Blog Post

Microsoft 365 Blog
1 MIN READ

Protect your highly regulated files in Teams with Microsoft 365 Enterprise

Joe Davies's avatar
Joe Davies
Former Employee
Oct 29, 2019

With Microsoft Teams, you can actively connect and collaborate in real time to get things done. Have a conversation right where the work is happening, whether coauthoring a document, having a meeting, or working together in other apps and services. Teams is the place to iterate quickly on a project, work with team files, and collaborate on shared deliverables.

 

However, some places need additional security. For example, places for collaboration within departments dealing with sensitive information or groups of people need to restrict access, prevent others from even requesting access, and protect the files stored there even if they leave the team.

 

The new Teams for highly regulated data scenario (https://aka.ms/m365esecureteams) steps you through:

  • Creating a private team
  • Configuring additional restrictions on the underlying SharePoint site
  • Creating a Data Loss Prevention (DLP) policy for a retention label and to block sharing outside the organization
  • Configuring a sensitivity label for the team for encryption and permissions

Here is the resulting configuration.

 

 

The sensitivity label travels with the file, providing encryption and permissions when the file leaves the underlying SharePoint site.

 

By combining a private team with information protection technologies in Microsoft 365 Enterprise, you can create a place for your most sensitive or important collaboration and know that the files stored there are protected, no matter where they are.

 

Joe Davies

Senior Technical Writer

Updated May 06, 2021
Version 2.0
  • Hey Joe! 
    Love the topic :hearteyes:.

    Question: What's the actual difference from just protecting a file with Azure Information Protection (AIP) and just putting it among the Teams files ?

    I understand that the underlying SharePoint site would have additional restrictions. But as you mentioned: A file with an AIP-classification will remain protected wherever it travels (USB, local storage, iCloud, Dropbox, other Cloud storage etc.).

  • Joe Davies's avatar
    Joe Davies
    Former Employee

    Hi Erik,

     

    A file in a private Team can be shared (depending on Data Loss Protection policies) or downloaded to a local drive. While in the team, a file is protected from unauthorized access. We add the sensitivity/API label to ensure that a "leaked" file with highly sensitive information is still protected.

     

    Hope this helps.

     

    Joe Davies