Protect your highly regulated files in Teams with Microsoft 365 Enterprise
Published Oct 29 2019 09:34 AM 13K Views
Former Employee

With Microsoft Teams, you can actively connect and collaborate in real time to get things done. Have a conversation right where the work is happening, whether coauthoring a document, having a meeting, or working together in other apps and services. Teams is the place to iterate quickly on a project, work with team files, and collaborate on shared deliverables.

 

However, some places need additional security. For example, places for collaboration within departments dealing with sensitive information or groups of people need to restrict access, prevent others from even requesting access, and protect the files stored there even if they leave the team.

 

The new Teams for highly regulated data scenario (https://aka.ms/m365esecureteams) steps you through:

  • Creating a private team
  • Configuring additional restrictions on the underlying SharePoint site
  • Creating a Data Loss Prevention (DLP) policy for a retention label and to block sharing outside the organization
  • Configuring a sensitivity label for the team for encryption and permissions

Here is the resulting configuration.

 

teams-config.png

 

The sensitivity label travels with the file, providing encryption and permissions when the file leaves the underlying SharePoint site.

 

By combining a private team with information protection technologies in Microsoft 365 Enterprise, you can create a place for your most sensitive or important collaboration and know that the files stored there are protected, no matter where they are.

 

Joe Davies

Senior Technical Writer

2 Comments
Microsoft

Hey Joe! 
Love the topic :hearteyes:.

Question: What's the actual difference from just protecting a file with Azure Information Protection (AIP) and just putting it among the Teams files ?

I understand that the underlying SharePoint site would have additional restrictions. But as you mentioned: A file with an AIP-classification will remain protected wherever it travels (USB, local storage, iCloud, Dropbox, other Cloud storage etc.).

Former Employee

Hi Erik,

 

A file in a private Team can be shared (depending on Data Loss Protection policies) or downloaded to a local drive. While in the team, a file is protected from unauthorized access. We add the sensitivity/API label to ensure that a "leaked" file with highly sensitive information is still protected.

 

Hope this helps.

 

Joe Davies

Co-Authors
Version history
Last update:
‎May 06 2021 12:40 PM
Updated by: