Many of us rolled out Teams in the spring of 2020 as the pandemic sent us all home. We connected our newly remote users to each other and to our organization resources. We got everyone productive and helped them adapt to their new telework situations.
As content moves to Teams and collaboration begins to take off, prudent customers are taking steps toward managing it. The most common tools our customers use are:
Microsoft Security and Compliance retention rules enable you to apply retention to content you have not only in Teams, but across the Microsoft O365 platform. Starting with a written corporate document retention policy, you will define the kinds of content your org cares about (i.e. document types like Invoice, Employee Applications, Contracts,) how long that content should be kept (1 year, 7 years, etc.,) the trigger that kicks off your retention period (Create Date, Employee Termination, Contract End Date,) and disposition (delete immediately, forward to compliance for review and action.) You can even designate content as being an “Official Record,” which makes the content immutable.
You can apply these retention rules with Retention Label Policies and Retention Policies.
Retention Label Policies are associated with Retention Labels you define that articulate the duration, trigger, and disposition of your content. The Label becomes an immutable property of your content and follows your content wherever it might go across the O365 platform. The Retention Label Policy makes the Label available wherever you decide.
Retention Policies are applied to broad locations like Document Libraries or Folders, for example. Any content in a container with a Retention Policy attracts that policy so long as it remains in that container. So, if you save all your Invoices to a Finance and Accounting Document Library that has a Retention Policy to keep content for 7 years after create date and delete, that policy will apply to all your Invoices. If you move an Invoice out of that Library, it loses the policy.
Check out how to get started here.
Data Loss Prevention
Your tenant has sensitive content on it: SSNs, Credit Card #s, Passport #’s, Bank Account #’s, etc. There are lots of good reasons why that kind of content might be on your tenant and why staff may share, discuss, and include this kind of content in docs, emails and conversations as part of their duties. What isn’t good is when that content goes places it shouldn’t go, when it is exposed to users who shouldn’t see it or when it leaves the tenant.
Microsoft DLP controls help you to identify that content, where it resides on your tenant, discover the appropriate uses for that content, and apply rules that limit how that content is shared and used. Two AP clerks share a list of SSNs for staff that need adjustments to expense reports. That’s fine. But if one of those AP clerks attempts to share that same list with a Guest in a Team, the share is blocked.
Depending on how you compose your rules, content can be blocked, users are warned and given the option to override a restraint, or just given a warning about the sensitive nature of the content. Your business requirements will drive what content should be protected and how it should be protected across the organization.
Office 365 E3 licenses will get you DLP for SPO, OD4B, and Exchange Online. For those wanting to extend DLP to Teams Chat and Channel messages, you’ll need E5/A5/EMS E5, or Microsoft 365 Information Protection and Governance or Office 365 Advanced Compliance.