Sharing the latest Microsoft Teams security and compliance innovations
Published Nov 09 2021 08:00 AM 15.5K Views

We hope you had the chance to join us virtually at Microsoft Ignite to learn about all the latest innovations and product announcements. If you couldn’t join, Microsoft Ignite content will remain on-demand on our Microsoft Tech Community!

Below is a summary of Microsoft Teams product advancements over the last year designed to help enable secure, compliant online collaboration. You can also find our previous feature announcement blog from March 2021 here.

Microsoft Teams included in Microsoft 365 Multi-Geo: generally available

Microsoft 365 Multi-Geo provides greater control to organizations over the location of specific data centers their data is stored, especially helpful for multi-national organizations. Multi-Geo is supported across Exchange Online, SharePoint Online, OneDrive, and now Teams. Teams Multi-Geo enables customers to store Teams core customer data at rest for end users and teams in the geo locations of their choice using the same Preferred Data Location (PDL) attribute leveraged by existing Microsoft 365 Multi-Geo services. All existing information protection and compliance capabilities will continue working as is with Microsoft 365 Multi-Geo.

Figure 1: Visual representation of Microsoft 365 Multi-GeoFigure 1: Visual representation of Microsoft 365 Multi-Geo


New compliance and governance capabilities for Teams

The hybrid workplace has introduced more flexibility in how and where employees work. For IT and SecOps teams, this may mean evolving your information protection and governance strategy to support greater flexibility. That’s why Microsoft has continued to invest in tooling and capabilities to help organizations manage the lifecycle of their content in Teams more efficiently.

Retention for Teams private channels: generally available

Private channels are a great way to limit the information of a project to those involved, such as a project that involves business-sensitive data the wider organization doesn’t need access to. We’re happy to share that retention and deletion policies for Teams private channels are now generally available. This feature allows admins to create a separate retention policy to manage the private channel’s messages. They can keep or delete them according to your organization’s policies. Learn more about retention for private Teams channels in our documentation.

Automatically apply retention based on a sensitivity label: generally available

Organizations using sensitivity labels may also have specific policies about how long they should keep that sensitive data. For example, they might have an internal requirement to keep a document labeled as highly confidential for seven years. Now, organizations can now use a sensitivity label as a condition to automatically apply a retention label. Learn more about this new auto-classification option in our documentation.

Adaptive policy scopes to dynamically target retention to specific teams: public preview

Organizations may want to target different retention and deletion policies to a group of teams or users in Teams based on certain criteria. For example, they may have a three-year retention period for messages in Teams for users located in Germany while they have a five-year policy for messages in the United States.

Adaptive policy scopes allow you to dynamically apply a policy based on user, group, or site attributes. These policies stay current as the organization creates and deletes teams, or as users change departments or locations. Adaptive policy scopes also work with SharePoint, OneDrive, Yammer, and more. Adaptive policy scopes are available in public preview and you can learn more about adaptive scopes in our documentation.

Preserve the version of a file shared in a Teams message: public preview

One of the great features of collaborating in Teams is the ability to easily share files in a Teams chat or conversation directly from OneDrive or SharePoint, also known as a cloud attachment. However, for some organizations it can be important for compliance obligations to identify the specific version of the file shared at the time of communication.

We are introducing the ability to retain the specific version of the file attachment sent with the Teams message. Organizations can automatically label the specific version of the file and protect it against deletion or edits while end users can continue to collaborate on the original file. This feature also works with cloud attachments in Outlook and you can learn more about retention for cloud attachments in our documentation.

Information barriers enhancements – modes and insight cards: generally available end of 2021

Microsoft 365 information barriers is designed to help organizations segment end users per business compliance needs and restrict communication between the segmented users in SharePoint, OneDrive, and Teams. We have continued to innovate information barriers and are excited to share three information barriers enhancements: barrier modes, insight cards, and implicit mode. To learn about these enhancements in detail, check out our product article here.

Enhancements to secure collaboration and access governance

Co-authoring and autosave enabled in Office documents encrypted using Microsoft Information Protection: generally available
Co-authoring allows multiple authors to simultaneously edit a document using different OS platforms, as well as the Office desktop apps, Office web apps, and Teams. In March 2021 we shared that co-authoring and autosave on Microsoft Information Protection (MIP) labelled and encrypted documents was available in preview. We are excited to announce that co-authoring and autosave on Office documents encrypted with MIP is now generally available for Windows and Mac. Please see our blog post here for more details.

Figure 2: Office users on Windows and Mac co-authoring an encrypted and labelled Word documentFigure 2: Office users on Windows and Mac co-authoring an encrypted and labelled Word document



Auto labeling enhancements for Office documents in SharePoint and OneDrive: generally available

A year ago, we announced the auto labeling capability that empowers administrators to create rules to detect sensitive files in their corpus and then automatically label them, targeting specific SharePoint Sites or OneDrive accounts. We are taking auto labeling capability steps further by enabling administrators to create auto labelling policies targeting all OneDrive accounts and SharePoint Sites within their organization. This includes files that are being created or uploaded through Teams. To learn more about these enhancements, check out our product article here.

Figure 3: Admin selecting all SharePoint sites and OneDrive accounts for an auto-labeling policy in Microsoft 365 Compliance CenterFigure 3: Admin selecting all SharePoint sites and OneDrive accounts for an auto-labeling policy in Microsoft 365 Compliance Center



Continuous Access Evaluation (CAE) in SharePoint and OneDrive: generally available

With conditional access policies we can support a core principle of Zero Trust, verify explicitly, across Teams, SharePoint, and OneDrive. We are now taking our authorization journey one step further by announcing general availability of Continuous Access Evaluation support in SharePoint and OneDrive. The continuous evaluation of security centric actions or conditions, such as an end user’s password changing, helps better control access to sensitive information. To learn more about CAE, please review the article here.

Channel sites management in SharePoint Admin Center: generally available end of 2021

As the usage of Teams within organizations continues to scale, the number of team-connected and channel-connected sites in SharePoint also continues to grow. We’ve heard your feedback to have a more simplified way to discover and manage these Teams-related sites. We’re happy to share that we’ve innovated a new experience to have a collective view of all sites that are associated with a Team and its channels. This enables admins to easily view the setting and policies that are configured for the team and channel sites. To learn more, please see the article here which will be updated as the experience becomes generally available.

Figure 4: Admin managing channel sites a Recruiting Team in SharePoint Admin CenterFigure 4: Admin managing channel sites a Recruiting Team in SharePoint Admin Center



Data access governance across Teams, SharePoint, and OneDrive: public preview

External collaboration remains a core component of many organizations, but IT and SecOps teams must also work to prevent oversharing or accidental sharing of sensitive information to guests. Admins can now use the data access governance insights dashboard in the SharePoint admin center to monitor the external sharing activities and label/policy settings for the sites that matter the most. These insights help admins discover the sites with the greatest number of sensitive documents or with the most content shared externally to validate the appropriate sensitivity labels and access policies are in place. To learn more, please review the docs article here.

Figure 5: Administrator views the sharing activity report in Data Access Governance page in SharePoint Admin CenterFigure 5: Administrator views the sharing activity report in Data Access Governance page in SharePoint Admin Center



Customer Key support for GCC, GCC-High, and DoD clouds: generally available end of 2021

Customer Key support for Teams became generally available in May 2021 for our general commercial cloud and we are happy to share that support will be extended throughout our government commercial clouds! Customers who are using GCC, GCC-High, and DoD government clouds will be able to utilize Customer Key support for Teams.

Microsoft 365 Customer Key is built on service encryption and enables organizations to provide and control the encryption keys used to encrypt customer data in Microsoft’s data centers, assisting customers in meeting regulatory or compliance obligations for controlling root keys. For more details on how Customer Key works with service encryption and how to get started, please see Service encryption with Customer Key and Set up Customer Key.


Committed to enabling secure, compliant collaboration

These latest announcements and innovations assist organizations in continuing to drive collaboration across their workforce without compromising on security or compliance. Microsoft remains committed to offering a broad portfolio of tooling to help organizations protect and govern their sensitive data. In the last few months, we also shared some other key innovations that are enabling customers to help meet security and compliance obligations:

Microsoft Graph Export API for Teams messages: generally available
In early October we announced the general availability of the Microsoft Graph Export API which enables customers and ISVs to export Teams message data for processing in their security and compliance SaaS applications. This helps organizations meet regulatory and legal requirements around managing and archiving information. Microsoft Graph Export API for Teams supports exporting Teams messages and message hosted content for a particular end user or team that is subject to compliance. To learn more about the Export API, please review the Export API documentation.

Microsoft 365 App Compliance Program: generally available

The Microsoft 365 App Compliance Program is a two-tiered approach to app security and compliance curated for developers best summarized by its mission statement: help Microsoft customers have complete trust in the applications that run in their organizations. Each tier of the program builds upon the next to maximize confidence IT and SecOps teams have in their Microsoft 365 ecosystem. For more information on the Microsoft 365 App Compliance program, please see How the Microsoft 365 App Compliance program helps enable a secure Teams app ecosystem and Microsoft 365 App Compliance Program overview.

End-to-end encryption option for Teams 1:1 Calls: public preview

In October 2021, we announced the public preview availability of using end-to-end encryption option for one-to-one Microsoft Teams calls. IT admins will have full control and discretion over how E2EE is used within the organization. For more information on E2EE for Teams calls, please review our blog post.


Thank you!

We hope you had a wonderful Microsoft Ignite. For more detailed information on announcements related to SharePoint and OneDrive, please see What’s new in Security and Compliance in SharePoint, OneDrive, and Teams – Ignite 2021 Announcements.

Please share any feedback or questions in the comments section – we look forward to hearing from you!

Version history
Last update:
‎Nov 15 2021 08:54 AM
Updated by: