Teams was a dominant theme at Ignite, and many organizations reported being held back by its lack of compliance, especially since it ties in SharePoint and other backend storage. Here’s a summary of some of the advances in closing the gaps in compliance and governance.
First off, the two key tenants of Microsoft Teams are:
1. Security and compliance have been built in since day 1
2. Re-use, don't reinvent
As a result, Teams relies on Exchange Online as the backend location for channel/group chats to be logged for compliance reasons. Therefore, the first and most important prerequisite is that a user and the Team must have an Exchange Online mailbox. Organizations with Exchange on-premises are currently unable to log chats.
A Team also creates a Group (which automatically creates a SharePoint site, OneNote, etc.). All files shared with the Team are stored on SharePoint. All files sent P2P are also stored in the SharePoint site. When doing a compliance search, and you search a channel or chat, you can also specify and search the SharePoint team site that was created. If you set policies for retention on Exchange or SharePoint, Teams will be also affected. Teams chats have different retention lengths that email (they have a different message class). Different teams can have diff retention policies. If you don't want people to create Teams, don't let them create a Group.
For additional prevention against data loss, Intune Mobile Application Management should be used to keep data from being copied/pasted out of the chat window. Teams can also be secured behind Azure AD conditional access to limit access from unknown locations or devices.
Part of the appeal of Teams is how simple it is to embed other processes/applications through Bots and connectors. In Teams lingo, Bots and Connectors are called “apps.” Admins control which shows up in user drop-down menus. Most apps (and non-MSFT apps) are turned off by default.
Beware: Owners could delete any messages in team or channel.
The #1 request is currently being developed in Redmond right now: Private channels.