Skip to main content
McAfee MVISION Cloud

Microsoft Teams Secure Collaboration Use Cases

Supported Features

MVISION Cloud for Microsoft Teams supports these features for the secured collaboration of users:

  • Identify and remove sensitive content shared with unauthorized guest users.
  • Monitor and remove guest users from unauthorized domains.
  • Monitor and remove unauthorized guest users from internal-only conversations or private channels.
  • Identify and remove sensitive content shared in specific teams/channels.

Identify and Remove Sensitive Content Shared With Unauthorized Guest Users

MVISION Cloud for Microsoft Teams allows security admins to define the DLP policies to monitor and remove sensitive data posted in channels having unauthorized guest users as members. Messages or files posted in the regular channels and 1:1 or 1: many chat conversations are monitored and deleted.

Make sure to define the policy for the following service instances:

  • Teams Instance. Monitors and deletes sensitive messages posted in regular channels or chat conversations.
  • SharePoint Instance. Monitors and deletes sensitive files posted in regular channels.
  • OneDrive Instance. Monitors and deletes sensitive files posted in 1:1 or 1:many chat conversations.

For example, say your organization has the domain myorg.com. Some of the teams in 'MyOrg' Office 365 tenant have guest users as members. So the organization wants to detect and remove any sensitive data such as credit card numbers posted in channels having guest user presence. 

To identify and remove the sensitive content posted in channels having guest users, define the DLP policy for Microsoft Teams in the MVISION Cloud as described.

Rule Group

For the DLP Policy, create the folder/file collaboration associated with the Rule Group to identify the sensitive data.

To create a Folder/File policy:

  1. Go to Policy > DLP Policies
  2. Click Actions > Create New Policy
  3. Under Add Rules, select Collaboration
  4. Select Folder/File Collaboration and enter the value * for both From and To fields.
  5. Under Add Rules, select any options such as Data Identifier, Keyword, Regular Expression.
    clipboard_e1b62f0872a789d8419048a32eb3c8d85.png

Exception Group

To add an exception to a policy:

  1. In the Create New DLP Policy page, under Exceptions > Add Exception, select Collaboration.
  2. Select Folder/File Collaboration, enter the value * for From field, and enter the value as a list of internal domains for the To field. For example, internal-domain1.com, internal-domain2.com, etc. In this case, the internal domain of the organization is 'myorg.com'. 
    clipboard_e79d1d3c706957c8e6de2ab035978f587.png

Response Action

To add a response action to a policy:

  1. In the Create New DLP Policy page, under Response, select Delete to remove the sensitive data.
    clipboard_eca22e220b369ea1b721623549e7a8963.png
  2. Click Save.

Monitor and Remove Guest Users from Unauthorized Domains

NOTE: If Microsoft Teams API access is already enabled in your tenant, you must re-enable API access to enable this use case. 

MVISION Cloud for Microsoft Teams allows security admins to define DLP policies to monitor and remove any unauthorized guest users joining teams.

For example, say you have an organization that wants to allow guest users from allowed domains allowed-domain1.com and allowed-domain2.com but wants to remove any guest users from other domains joining teams. This can be accomplished by defining DLP policies for Microsoft Teams in MVISION Cloud as described below.

Rule Group

Create a 'Folder/File Collaboration' rule.

To create a Folder/File Collaboration rule:

  1. Go to Policy > DLP Policies
  2. Click Actions > Create New Policy
  3. Under Add Rules, select Collaboration
  4. Select Folder/File Collaboration and enter the value * for both From and To fields.
    clipboard_e8378531be756ccf263a64366e8f01d75.png

Exception Group

To add an exception to a policy:

  1. In the Create New DLP Policy page, under Exceptions > Add Exception, select Collaboration.
  2. Select Folder/File Collaboration, enter the value * for From field, and enter the list of internal domains or list of allowed domains for To field. For example, allowed-domain1.com, allowed-domain2.com, etc. If any guest user joins Teams from outside of the listed domains, then the policy is triggered.
    clipboard_e265704c85f2f9355613c36478fced23e.png

Response Action

To add a response action to a policy:

  1. In the Create New DLP Policy page, under Response, select Modify Permissions to None for Everyone to remove the guest user.
    clipboard_e9f8e996c749dfecf70a95a6fd18c7eb8.png
  2. Click Save.

Monitor and Remove Unauthorized Guest Users from the Internal Teams Channels

NOTE: If Microsoft Teams API access is already enabled in your tenant, you must re-enable API access to enable this use case. 

MVISION Cloud for Microsoft Teams allows security admins to define the DLP policies to monitor and remove the unauthorized guest users joining internal-only teams (teams meant for internal conversations only).

To monitor and remove the unauthorized guest user from the internal-only teams, define the DLP policy for Microsoft Teams in the MVISION Cloud as described.

Rule Group

Create a folder/file collaboration rule.

  1. Go to Policy > DLP Policies
  2. Click Actions > Create New Policy
  3. Under Add Rules, select Collaboration
  4. Select Folder/File Collaboration and enter the value * for both From and To fields.
  5. Under Add Rules, select File Path/Folder ID and enter the list of internal team names.
    clipboard_e9bf7b38494c0489eb41f5313e51fb8a9.png

Exception Group

To add an exception to a policy:

  1. In the Create New DLP Policy page, under Exceptions > Add Exception, select Collaboration.
  2. Select Folder/File Collaboration, enter the value * for From field, and enter the list of internal domains or list of allowed domains for To field. For example, allowed-domain1.com, allowed-domain2.com. If any guest user joins Teams from a domain outside of the listed domains, then the policy is triggered.
    clipboard_ed5a762c6db49855e107337757541d2f2.png

Response Action

To add a response action to a policy:

  1. In the Create New DLP Policy page, under Response, select Modify Permissions to None for Everyone to remove the guest user.
    clipboard_e9f8e996c749dfecf70a95a6fd18c7eb8.png
  2. Click Save.

Identify and Remove Sensitive Content Shared in Specific Teams / Channels

Microsoft Teams dedicate channels within a team to keep conversations organized by specific topics, projects, disciplines, etc. To create a channel , you must create a Team Name,  then add the channels to it.  MVISION Cloud for Microsoft Teams allow security admins to define the DLP policies to monitor and remove the sensitive content shared in any specific teams /channels.

For example,  say you are sharing the sensitive content such as credit card details in the teams name external.team1 and the associated channels with that team such as Channel 1 and  Channel 2  also receives the same sensitive information. To remove the sensitive content from that specific teams/ channels, define the DLP policy for Microsoft Teams in the MVISION Cloud as described.

Rule Group 

Create File Path/Folder ID collaboration rule.

  1. Go to Policy > DLP Policies
  2. Click Actions > Create New Policy
  3. Under Add Rules, select File Path/Folder ID and enter the team-name/* to monitor all channels in that team or provide the specific team-name/channel-name to monitor specific team/channel.
  4. Under Add Rules, select any options such as Data IdentifierKeywordRegular Expression.
    12.png

Response Action 

To add a response action to a policy:

  1. In the Create New DLP Policy page, under Response, select Delete to remove the sensitive data.
    clipboard_eca22e220b369ea1b721623549e7a8963.png
  2. Click Save.
  • Was this article helpful?