Forum Discussion
Using Teams as Admin Hub in Schools
Hi Marius
We migrated all file shares to Files within Teams for 12 schools with 600 teachers.
There will always be risks involved when allowing access to data externally, whether it's email on a mobile device, remote access to the office or data in a cloud service, so you will have to consider accessibility and usability up against security and risks.
Personally I think the most important job to prevent data leakage is educating your users. If you find that you need further security measures look into enabling https://blogs.technet.microsoft.com/skypehybridguy/2017/09/01/microsoft-teams-manage-it-using-mobile-application-management-mam/ (Mobile Application Management) or https://blogs.technet.microsoft.com/skypehybridguy/2017/08/31/microsoft-teams-restrict-usage-with-azure-ad-conditional-access/.
The thing you need to remember is that anyone in a team can see any of the files in any of the folders in the channels on that team. If they use Delve then they can see quite a few things that they may not know they have access to. This is why it is important to restrict documents through the document protection features in Office 2016 to secure your files. Then even though someone can see the file is there, they won't be able to access it unless you have allowed access. Putting the document in a folder on Teams is very secure, but protecting the document itself will keep prying eyes from seeing things they shouldn't be looking at. Until Microsoft enables the ability to restrict team member access to channels (private channels) you should always remember to protect the documents in channels you don't want other team members looking at.
