Skip to main content
McAfee Enterprise MVISION Cloud

Microsoft Teams Secure Collaboration Use Cases

Supported Features

MVISION Cloud for Microsoft Teams supports these features for the secured collaboration of users:

  • Identify and remove sensitive content shared with unauthorized guest users.
  • Monitor and remove guest users from unauthorized domains.
  • Monitor and remove unauthorized guest users from internal-only conversations or private channels.
  • Identify and remove sensitive content shared in specific teams/channels.

Identify and Remove Sensitive Content Shared With Unauthorized Guest Users

MVISION Cloud for Microsoft Teams allows security admins to define the DLP policies to monitor and remove sensitive data posted in channels having unauthorized guest users as members. Messages or files posted in the regular channels and 1:1 or 1: many chat conversations are monitored and deleted.

Make sure to define the policy for the following service instances:

  • Teams Instance. Monitors and deletes sensitive messages posted in regular channels or chat conversations.
  • SharePoint Instance. Monitors and deletes sensitive files posted in regular channels.
  • OneDrive Instance. Monitors and deletes sensitive files posted in 1:1 or 1:many chat conversations.

For example, say your organization has the domain myorg.com. Some of the teams in 'MyOrg' Office 365 tenant have guest users as members. So the organization wants to detect and remove any sensitive data such as credit card numbers posted in channels having guest user presence. 

To identify and remove the sensitive content posted in channels having guest users, define the DLP policy for Microsoft Teams in the MVISION Cloud as described.

Rule Group

For the DLP Policy, create the Collaboration for Files and Folders associated with the Rule Group to identify the sensitive data.

To create a Collaboration for files and folders:

  1. Go to Policy > DLP Policies
  2. Click Actions > Sanctioned Policy > Create New Policy
  3. On the Description page, enter a name, description, and deployment type. For Services, select Google Drive. Then select the users the policy will apply to. 
  4. On the Rules page, select Collaboration
  5. For Sharing From, select Anyone
  6. For Sharing To, select Anyone
  7. For Sharing Permission, make a selection. 
  8. Click AND and select any rule options such as Data Identifier, Keyword, or Regular Expression.
    teams_guests_rule.png

Exception Group

To add an exception to a policy:

  1. Click Add Exception.
  2. Select Collaboration.
  3. For Sharing From, select Anyone
  4. For Sharing To, select Specific Users/Domains and Manually enter users/domains. Enter the domain names, for example, internal-domain1.com, internal-domain2.com, etc. In this case, the internal domain of the organization is myorg.com
  5. For Sharing Permission, make a selection. 
  6. Click Next
    teams_guests_exception.png

Response Action

To add a response action to a policy:

  1. On the Response page, click AND, and select Delete to remove the sensitive data.
    teams_guests_response.png
  2. Select an Email Template
  3. Click Next.
  4. Review your policy and click Save

Monitor and Remove Guest Users from Unauthorized Domains

NOTE: If Microsoft Teams API access is already enabled in your tenant, you must re-enable API access to enable this use case. 

MVISION Cloud for Microsoft Teams allows security admins to define DLP policies to monitor and remove any unauthorized guest users joining teams.

For example, say you have an organization that wants to allow guest users from allowed domains allowed-domain1.com and allowed-domain2.com but wants to remove any guest users from other domains joining teams. This can be accomplished by defining DLP policies for Microsoft Teams in MVISION Cloud as described below.

Rule Group

To create a Collaboration for Files and Folders:

  1. Go to Policy > DLP Policies
  2. Click Actions > Sanctioned Policy > Create New Policy
  3. On the Description page, enter a name, description, and deployment type. For Services, select Google Drive. Then select the users the policy will apply to. 
  4. On the Rules page, select Collaboration
  5. For Sharing From, select Anyone
  6. For Sharing To, select Anyone
  7. For Sharing Permission, make a selection. 
  8. Click AND and select any rule options such as Data Identifier, Keyword, or Regular Expression.
    teams_guests_rule.png

Exception Group

To add an exception to a policy:

  1. Click Add Exception.
  2. Select Collaboration.
  3. For Sharing From, select Anyone
  4. For Sharing To, select Specific Users/Domains and Manually enter users/domains. Enter the domain names, for example, allowed-domain1.com, allowed-domain2.com, etc. If any guest user joins Teams from outside of the listed domains, then the policy is triggered.
  5. For Sharing Permission, make a selection. 
  6. Click Next
    teams_remove_guests_exception.png

Response Action

To add a response action to a policy:

  1. On the Response page, click AND and select Revoke Sharing for and Everyone to remove the guest user.
  2. Select an Email Template
    teams_remove_guests_response.png
  3. Click Next.
  4. Review your policy and click Save

Monitor and Remove Unauthorized Guest Users from the Internal Teams Channels/Multi-Chat

NOTE: If Microsoft Teams API access is already enabled in your tenant, you must re-enable API access to enable this use case.  This is applicable for Multi-Chat also.

MVISION Cloud for Microsoft Teams allows security admins to define the DLP policies to monitor and remove the unauthorized guest users joining internal-only teams (teams meant for internal conversations only).

To monitor and remove the unauthorized guest user from the internal-only teams, define the DLP policy for Microsoft Teams in the MVISION Cloud as described.

Rule Group

Create a Collaboration rule for Files and Folders.

  1. Go to Policy > DLP Policies
  2. Click Actions > Sanctioned Policy > Create New Policy
  3. On the Description page, enter a name, description, and deployment type. For Services, select Google Drive. Then select the users the policy will apply to. 
  4. On the Rules page, select Collaboration
  5. For Sharing From, select Anyone
  6. For Sharing To, select Anyone
  7. For Sharing Permission, make a selection. 
  8. Click AND and select File Path/Folder ID, then Manually enter Select File Path/Folder ID and enter the list of internal team names.
  9. Click Done

teams_internal_rule.png

Exception Group

To add an exception to a policy:

  1. Click Add Exception, select Collaboration.
  2. Select Collaboration
  3. For Sharing From, select Anyone
  4. For Sharing To, select Specific Users/Domains, and Manually enter users/domains
  5. Enter the list of internal domains or list of allowed domains for To field. For example, allowed-domain1.com, allowed-domain2.com. If any guest user joins Teams from a domain outside of the listed domains, then the policy is triggered.
  6. Click Next
    teams_internal_exception.png

Response Action

To add a response action to a policy:

  1. On the Response page, click AND and select Revoke Sharing for and Everyone to remove the guest user.
  2. Select an Email Template
    teams_internal_response.png
  3. Click Next.
  4. Review your policy and click Save

Identify and Remove Sensitive Content Shared in Specific Teams / Channels

Microsoft Teams dedicate channels within a team to keep conversations organized by specific topics, projects, disciplines, etc. To create a channel , you must create a Team Name,  then add the channels to it.  MVISION Cloud for Microsoft Teams allow security admins to define the DLP policies to monitor and remove the sensitive content shared in any specific teams /channels.

For example,  say you are sharing the sensitive content such as credit card details in the teams name external.team1 and the associated channels with that team such as Channel 1 and  Channel 2  also receives the same sensitive information. To remove the sensitive content from that specific teams/ channels, define the DLP policy for Microsoft Teams in the MVISION Cloud as described.

Rule Group 

Create File Path/Folder ID collaboration rule.

  1. Go to Policy > DLP Policies
  2. Click Actions > Sanctioned Policy > Create New Policy
  3. On the Description page, enter a name, description, and deployment type. For Services, select Google Drive. Then select the users the policy will apply to. 
  4. On the Rules page, elect File Path/Folder ID, then Manually enter Select File Path/Folder ID and enter the team-name/* to monitor all channels in that team or provide the specific team-name/channel-name to monitor specific team/channel.
  5. Click Done
  6. Click AND and select any options such as Data IdentifierKeywordRegular Expression.
    teams_delete_channel_rules.png

Response Action 

To add a response action to a policy:

  1. On the Response page, click AND, and select Delete to remove the sensitive data.
  2. Select an Email Template
    teams_delete_channel_response.png
  3. Click Next.
  4. Review your policy and click Save
  • Was this article helpful?