Forum Discussion

StephaneSmithLowes's avatar
StephaneSmithLowes
Copper Contributor
Dec 18, 2019
Solved

Monitor traffic Teams to outbound Teams site

Good Day,   We are being audited by a Data Leak Prevention teams and the came up with a major leak situation regarding TEAMS.   The screnario is ... On my personnal account at home I create my se...
best practices
Chat
files
microsoft teams
  • TonyRedmond's avatar
    TonyRedmond
    Dec 19, 2019

    ChrisWebbTech I don't know of any way to trace access for users from a tenant to Teams in other tenants. The general rule is that compliance data is controlled by the tenant that owns the data. Audit data is kept in the tenant where it is generated. In this case, that data includes audit records for guest users signing into Teams, access documents, and so on. I'm unaware of any audit record captured for outbound access by a tenant user to a resource in another tenant.

     

    But this is surely similar to access to other cloud applications, like someone connecting to their personal Gmail or Dropbox account. Office 365 doesn't gather that data either and no one complains. As to using Teams to transfer data out of a tenant, well, that's like people emailing confidential messages and documents to Gmail or Yahoo! mail, or cutting and pasting information from a document into a personal document. Although you could trace the transmission of email to Gmail or Yahoo! mail, you couldn't say what data is sent.

     

    DLP isn't perfect either, nor is encryption. Users can get around technology if they want to. For example, I can spell out a credit card number in letters (six four one three, etc.) and DLP won't catch that pattern. For this reason, technical blocks exist to catch the most obvious cases of data misuse, but the technology must be backed up with employee training and sanctions (where necessary).

ChrisWebbTech's avatar
ChrisWebbTech
MVP
Dec 18, 2019
There isn’t anything that’s going to monitor what your users can do to other services as part of office 365. You would have to have some kind of 3rd party too if it exists to do it.

You could use conditional access to prevent downloading of documents where they cannot then be uploaded externally but that will add quite a bit of complexity to your setup.

Do you block your users from access all cloud storage and all other places anyone can upload files to? If you don’t the you are over complicating the scenario since if you could block uploading to external teams they will only go somewhere else to send those files in the end.

You can search audit logs for file views and downloads and prevent download but nothing in to monitor external teams activity.
  • StephaneSmithLowes's avatar
    StephaneSmithLowes
    Copper Contributor
    Dec 19, 2019

    ChrisWebbTech 

    So if I use my domain account wich is under O365 subsribtion to log on to a TEAMS outside of my organisation I can use the Audit log to see what I have shared via my O365 account. Can I apply DLP policies to content leaving my organisation ?

    • StephaneSmithLowes's avatar
      StephaneSmithLowes
      Copper Contributor
      Dec 19, 2019

      StephaneSmithLowes https://docs.microsoft.com/en-us/microsoft-365/compliance/supervision-policies

      Will this help me achieve my goals into supervising communication done from my internal users ?

      • ChrisWebbTech's avatar
        ChrisWebbTech
        MVP
        Dec 19, 2019
        No, Supervision is really just for someone to monitor someone actively doing something. When it comes to guests, you really don't have much options because when you login to a guest tenant, it now becomes that tenants responsibility since you have no visibility into the actions that happen there. The only actions you really have on your data is access (view) logs and download logs, but you can't see if someone uploads something elsewhere. The only thing you can really see is if someone is using the account to login to another tenant, that's about it.