About MVISION Cloud for Microsoft Teams
McAfee MVISION Cloud for Microsoft Teams allows Security Operations Center (SOC) Admins to monitor user activity in Teams, enforce DLP policies to make sure that sensitive data violating regulatory and internal compliance policies are not posted in the form of messages or files, and review threats detected by the MVISION Cloud User and Entity Behavior Analytics (UEBA) and machine learning algorithms. For information about how to enable Microsoft Teams in MVISION Cloud, see Configure MVISION Cloud for Microsoft Teams.
Using DLP policies, you can extend MVISION Cloud protection to Teams in several ways:
- Enforce DLP policies on in all Teams channels (including the Chat application)
- Monitor messages posted in Teams channels and 1:1/1:many chat conversations (including messages to and from guest users) to make sure confidential data is not shared with unauthorized external parties.
- Monitor files uploaded in Teams to enforce DLP policies.
- Allow/Block access based on managed or unmanaged devices, trusted location, and more.
- Monitor several types of user and administrative activities performed in Teams to identify anomalous behavior by using machine learning.
- Make sure guest users only join specific Teams that allow guest user communication from authorized domains.
Supported DLP Policy Rule Types
- Content/Metadata-only Policies. File Name, File Type, File Path, File Size, Classification - Supported with McAfee Classification, Data Identifier, Keyword, Regular Expression, Structured Data Fingerprint, and Unstructured Data Fingerprint
- Content-aware-Collaboration Policies. 'Collaboration - Folder/File Collaboration' rule with Data Identifier, Keyword, and Regular Expression rules. Content-aware collaboration is supported only for sensitive messages posted in channels with guest members. Guest members are identified according to the emails, domains specified in 'to' field of Folder/File Collaboration rule.
NOTE: Content-aware collaboration (as described above) is supported for messages posted in Teams channels and also for messages posted in 1:1 or 1: many user chats in the Chat app. This, in addition to content-aware collaboration of files uploaded in Teams are supported. Also note that Chat logs are stored in OneDrive, not SharePoint.
Supported External User Communication in Teams
In Microsoft Teams, there are two types of users that are not considered internal:
- Guest users. Guest users are external users added as guests in an organization's Azure AD (Office 365). This type of guest user can be added to any team; other users can initiate a chat conversation involving this guest user.
- By default in new Teams tenants, Guest Access is disabled and must be enabled.
- By default in new Teams tenants, Guest Access is disabled and must be enabled.
-
External users. These users are not added as guests to an organization's Office 365 account, you can learn more here. MVISION Cloud only has partial support for this use case.
-
External access lets your Teams and Skype for Business users communicate with other users that are outside of your organization. By default, your organization can communicate with all external domains. If you add blocked domains, all other domains will be allowed but if you add allowed domains, all other domains will be blocked. Learn more
-
Channel Type |
Policy Type |
External User Type |
Supported |
---|---|---|---|
Regular channel in a team |
Content/Metadata-only Policies |
Guest |
Yes |
Regular channel in a team |
Content-aware-Collaboration Policies |
Guest |
Yes |
Regular channel in a team |
Content/Metadata-only Policies |
External |
No |
Regular channel in a team |
Content-aware-Collaboration Policies |
External |
No |
1:1 or 1:many chats |
Content/Metadata-only Policies |
Guest |
Yes |
1:1 or 1:many chats |
Content-aware-Collaboration Policies |
Guest |
Yes |
1:1 or 1:many(group) chats |
Content/Metadata-only Policies |
External |
Partial Support* |
1:1 or 1:many chats |
Content-aware-Collaboration Policies |
External |
Partial Support* |
* If a chat conversation / thread is initiated by an internal user with any external user, then this conversation can be monitored by MVISION Cloud for DLP. If the thread is initiated by the external user, MVISION Cloud doesn't have visibility into the chat messages as Teams APIs do not notify MVISION Cloud for these messages.
DLP Policy Response Actions
Unless specified, the following Response Actions can be used for both messages and files posted in Teams:
- Send Email Notification
- User Email Notification
- Delete
- Quarantine (supported only for files posted with a message)
- Modify permission to None (to remove guest user)
NOTE: Currently, you cannot customize the tombstone message displayed to users when a message is deleted. This will be supported in a future release.