Do not miss new blog posts! Subscribe to new posts, news, and updates.

Microsoft Teams compliance

Information management without an organized and predictable way to govern the lifecycle, privacy, and security will always have a direct or indirect impact on the productivity, reputation, and profit of an organization. As an example, if you have a meeting organized with external parties, they still have access to the chat associated with the meeting. If you are using Teams to discuss people, you also must think about how that information is managed and its impact on your privacy compliance.


What happens if you don´t manage Microsoft Teams?

Major corporations are realising risks of lacking governance in already deployed Teams

The most noticeable for me personally is the unprecedented sprawl of Teams collections in the last 8-10 months compared to SharePoint in the last 6 years. Some fun facts based on our engagements:

  • On average 20,000 Teams collections created in the last 12 months per tenant,

  • 20% were easily identifiable as inactive,

  • 5% were testing in production,

  • 10% were without an identifiable owner,

  • 40% automated assessment proved sufficient to apply governance,

  • Only 25% required business intervention to review before integrating automated governance.


What is the best approach to ensure Microsoft Teams compliance?

Teams Governance Best Practice

How new Team collections are created is the best place to automate. The key is to focus on making it easy for users to create a new Team yet collect sufficient information to automate the application of governance policies. You can readily use or work with Infotechtion to extend an already published template on Github built on the Microsoft Power platform. This Teams template provides an integrated experience in Teams, through which users can still create a new Team in minutes and the automation delivers a team with default metadata, organization context, retention policies, records management, external / guest access controls, and protection controls to manage information based on the intended purpose and sensitivity. This, of course, requires you to also disable the ability to create Teams through multiple interfaces to make sure this becomes the single place for users to create Teams.


Infotechtion experts can further enhance this experience to configure a Teams Hub, a single access point from within Teams interface for all things related Teams and an integrated knowledge and community experience for users.
Discover content in existing Teams to make informed governance decisions

Once you have structured the creation of new Teams, you can leverage additional options to automate the discovery and assessment of existing Teams. Working with Subject matter experts, you can significantly optimize the discovery and remediation timelines. The tools are important, but you will also need discovery templates and analytical skills to collect data, analyze, and present data in a format that simplifies the decision-making process. Especially instances where you want to decommission inactive Teams which no longer serve their intended business purpose.


As time progresses, you can continue to evolve and improve your governance posture with available tools and updates on Microsoft roadmap. This approach makes integrating governance less disruptive reducing the need to install or upgrade as changes happen incrementally in M365

Infotechtion solution for a unified knowledge and insights experience accessible in Teams

Governance has two sides one is technical and the other is business. Success is 80% with business and 20% technical. So, it's important while we talk about how technology can help you control the sprawl and apply governance, this won’t be effective if not done together with creating a community experience for users to understand best practices and learn from success stories of others, both within the organization and also external success stories.


What value does Infotechtion bring to Teams Compliance?

60% less regret work when Teams deployed with a robust architectural foundation

The value Infotechtion brings to this situation is to quickly lay the architectural foundation for Information governance, automate the application of governance to keep the richness of Teams collaboration on the front end integrated into a well-governed M365 repository on the back end. Our value is not in moving the content to a new Teams with governance, but to move governance to the existing system and content, and that is key to our ability to boost the adoption of information governance.


Some examples include intelligent integration with default metadata and content types to automatically build a Teams topology using existing M365 components which will provide better integration with your existing search experience, ability to see governance posture, and insights integrated with your business/process structure. We are heavily investing in AI options to learn from your existing classifications and apply to new information, therefore reducing the burden on users by automating repeat classification tasks.


My colleague Atle Skjekkeland has an excellent blog post about Microsoft Office 365 compliance features, and below are some examples of how we can use this to set up Microsoft Teams compliance.


What are the latest Office 365 compliance Features for Teams Governance?


Create an in-place retention policy for Teams:


Here you can create policies for chats and channel messages. The reason for these being two different options is because chat policies are user-based and you apply a retention policy to a user identity, whereas for channel messages you select a Team identity that applies retention policy to all channels within a Team.

Create Retention Policy workflow
Note: Careful when configuring to select specific Teams, default option will apply the retention policy to all Chats or Teams

To apply a retention policy to Teams associated files (stored in SharePoint site) and emails (in O365 group mailbox) you will need to select the 'Office 365 groups' option.


Once the policy scope is configured, move on to configuring the definition of the policy. Here you make key decisions regards to the controls and actions to be applied to Teams information when the retention policy is applied.

Configure the duration and controls to be applied through retention policy

Note: Its a best practice to use the '4 eyed principles' as a minimum when configuring the retention policy. Once a policy deletes a Teams chat or channel conversation it cannot be restored!


Manage Sensitive Data leakage and access control:


Create 'Data loss prevention (DLP) policies' to automatically identify sensitive content within Microsoft Teams conversations and take preventive actions.

Block specific messages based on matching policy conditions for sensitive information

Furthermore, leverage a new capability within the Office 365 compliance suite called 'Information Barriers' to create 'walled gardens' of permissions within your organization. There are multiple scenarios in which organizations work with partners, joint ventures, and local communities whereby collaboration lends itself to creating active directory entities for such collaborations people. Information barriers allow you to create a logical separation without impact access to functionality. In the below example, the organization has created an information barrier for the 'Fabrikam1' group to prevent them from being added as members to Microsoft Teams.

Create Information barriers to manage access within your organization

As someone attempts to add the identity as a member, the system informs the selected identity cannot be added. This enables administrators centrally to deploy access management related governance and to ensure your users have the confidence they are sharing information with the intended audience especially where organizations are leveraging Teams for sensitive activities.

Block access to users integrated with Teams interface

Improve ediscovery for Teams videos, chats, and files

Office 365 compliance eDiscovery now supports a central discovery of Teams information, this includes the ability to find a threaded conversation and display them as such within the eDiscovery experience.

Find custodial conversations centrally using eDiscovery

Using Advanced eDiscovery, you can add selected conversations into a single review set. The office 365 compliance suite now also supports the redaction capability of Microsoft Teams messages which is ideal to save time and reduce the need for 3rd party redaction tools.

Redaction support for Teams conversations

The AI components in Office 365 compliance eDiscovery enables the curation of related data, and significantly reducing the search time and also litigation teams are able to find more relevant data for further forensic analysis.


Compliance Score helps assess your compliance maturity:


Finally, as you continuously integrate governance with your enterprise Microsoft 365 applications, Microsoft compliance score helps you track and manage your overall governance and compliance posture with guided steps and recommendations for improvement.

Office 365 compliance with Compliance score

Please feel free to contact us if you need help setting up Microsoft Teams compliance. We can also set up a proof-of-concept that helps you try-before-you-buy.


© Infotechtion