Forum Discussion
Monitor traffic Teams to outbound Teams site
ChrisWebbTech I don't know of any way to trace access for users from a tenant to Teams in other tenants. The general rule is that compliance data is controlled by the tenant that owns the data. Audit data is kept in the tenant where it is generated. In this case, that data includes audit records for guest users signing into Teams, access documents, and so on. I'm unaware of any audit record captured for outbound access by a tenant user to a resource in another tenant.
But this is surely similar to access to other cloud applications, like someone connecting to their personal Gmail or Dropbox account. Office 365 doesn't gather that data either and no one complains. As to using Teams to transfer data out of a tenant, well, that's like people emailing confidential messages and documents to Gmail or Yahoo! mail, or cutting and pasting information from a document into a personal document. Although you could trace the transmission of email to Gmail or Yahoo! mail, you couldn't say what data is sent.
DLP isn't perfect either, nor is encryption. Users can get around technology if they want to. For example, I can spell out a credit card number in letters (six four one three, etc.) and DLP won't catch that pattern. For this reason, technical blocks exist to catch the most obvious cases of data misuse, but the technology must be backed up with employee training and sanctions (where necessary).
StephaneSmithLowes I think you re talking about inviting Guests into Teams channel? By default Azure AD guest feature is disabled unlike the test tenants.
Can you elaborate more on this.
There are things like Windows Information protection to safeguard document download and also teams can be configured to be able access only via intune managed or compliant devices with conditional access. Which will eiliminate a lot of external actors.
