Preventing Data Leakage in Microsoft Teams: Best Practices

Preventing Data Leakage in Microsoft Teams

Question

You are the global administrator of an organization with a Microsoft 365 E5 subscription.

Because of the presence of sensitive data in your company's MS Teams groups and channels, you want to prevent enterprise data from leaving the application.

What should you do?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Correct Answer: B

You can control your organizational data by creating an app protection policy.

A policy can be a rule that is enforced when the user attempts to access or move "corporate" data, or a set of actions that are prohibited or monitored when the user is inside the app.

The following tables list, per cloud app, which abilities are supported with App connectors:

Users and activities

App List accounts List groups List privileges Log on activity User activity Administrative
activity

AWS v v Not applicable v

Azure v v v v

Box v v v v v v

Dropbox v v v v v v

Option A is incorrect.

You need an app protection policy to control your organization's data within the app.

But you can require an app protection policy and an approved client app for cloud app access with Conditional Access.

Option C is incorrect.

App configuration policy lets you assign configuration settings to a policy that is assigned to end-users before they run the app.

It does not protect your data.

Option D is incorrect.

eDiscovery is a tool organizations can use to search and export content in Microsoft 365 and Office 365.

Reference:

To know more about application protection policies, please refer to the link below:

To prevent sensitive data from leaving the MS Teams application, the best approach is to create policies that govern the use of the app. There are several policies available to you as a global administrator of an organization with a Microsoft 365 E5 subscription.

Option A: From Azure AD, create a conditional access policy.

Conditional access policies can be used to control access to applications based on user, device, location, and other criteria. By creating a policy that requires multi-factor authentication or blocks access from unmanaged devices, you can prevent unauthorized users from accessing MS Teams and its associated data.

Option B: From Microsoft Endpoint Manager, create an App protection policy.

App protection policies can be used to manage the behavior of apps on mobile devices. By creating a policy that prevents data from being copied or shared outside of MS Teams, you can ensure that sensitive data remains within the app.

Option C: From Microsoft Endpoint Manager, create an App configuration policy.

App configuration policies can be used to control the settings of apps on mobile devices. By creating a policy that disables the ability to save files outside of MS Teams, you can prevent data from being shared with unauthorized parties.

Option D: From Microsoft 365 security & compliance center, create an eDiscovery core case.

eDiscovery is a feature of Microsoft 365 that allows you to search for and preserve content across multiple applications. While eDiscovery can be used to find sensitive data, it does not prevent it from leaving MS Teams.

In summary, the best approach to prevent sensitive data from leaving the MS Teams application is to create policies that govern the use of the app. Option A, creating a conditional access policy, is likely the most effective approach, but options B and C can also be used to manage the behavior of the app on mobile devices. Option D, creating an eDiscovery core case, is not an effective method for preventing data from leaving the app.