Forum Discussion

StephaneSmithLowes's avatar
StephaneSmithLowes
Copper Contributor
Dec 18, 2019
Solved

Monitor traffic Teams to outbound Teams site

Good Day,   We are being audited by a Data Leak Prevention teams and the came up with a major leak situation regarding TEAMS.   The screnario is ... On my personnal account at home I create my se...
best practices
Chat
files
microsoft teams
  • TonyRedmond's avatar
    TonyRedmond
    Dec 19, 2019

    ChrisWebbTech I don't know of any way to trace access for users from a tenant to Teams in other tenants. The general rule is that compliance data is controlled by the tenant that owns the data. Audit data is kept in the tenant where it is generated. In this case, that data includes audit records for guest users signing into Teams, access documents, and so on. I'm unaware of any audit record captured for outbound access by a tenant user to a resource in another tenant.

     

    But this is surely similar to access to other cloud applications, like someone connecting to their personal Gmail or Dropbox account. Office 365 doesn't gather that data either and no one complains. As to using Teams to transfer data out of a tenant, well, that's like people emailing confidential messages and documents to Gmail or Yahoo! mail, or cutting and pasting information from a document into a personal document. Although you could trace the transmission of email to Gmail or Yahoo! mail, you couldn't say what data is sent.

     

    DLP isn't perfect either, nor is encryption. Users can get around technology if they want to. For example, I can spell out a credit card number in letters (six four one three, etc.) and DLP won't catch that pattern. For this reason, technical blocks exist to catch the most obvious cases of data misuse, but the technology must be backed up with employee training and sanctions (where necessary).

ChrisWebbTech's avatar
ChrisWebbTech
MVP
Dec 19, 2019

StephaneSmithLowes 

You can look into IRM https://docs.microsoft.com/en-us/microsoft-365/compliance/set-up-irm-in-sp-admin-center 

 

 But keep in mind this will only work for Office files and PDF's etc. as listed in the article. This is the only way that you can make sure to keep file access restricted to your tenant. You can also look into sensitivity labels as Tony mentioned which is still early in development stages to help label sensitive data / sites automatically with rules for encryption etc.  Hopefully this will help a little bit but when you talk about restricting your users from abusing your content, it makes your landscape much more difficult with any product you choose out there and not many have options for it. 

  • TonyRedmond's avatar
    TonyRedmond
    MVP
    Dec 19, 2019

    ChrisWebbTech I wouldn't bother with that article or using IRM in that way to protect content. Documents are only encrypted when they are downloaded from the library. You want full rights-management based encryption that is fully understood by all of Office 365 instead of a mechanism created for SharePoint on-premises. Sensitivity labels are the way forward. Use them. They are becoming increasingly mature and you can absolutely use them today to protect documents stored in SharePoint. It's been 18 months since I wrote this: https://www.petri.com/protecting-office-365-document-libraries-guest-users