How to secure conversations and data in Microsoft Teams – Part One

In this first part of a two part series, I introduce the methods you can use to secure data in Microsoft Teams. This post focuses on Team Conversation and Files, while Part 2 will talk about individual chats, audit log investigation and what’s coming in the future to assist with security and compliance in Microsoft Teams.

MS teams.jpg

With the news at Microsoft Ignite that Teams is here to stay, and going to be the primary collaboration client in Office 365, it is going to be important for organisations to understand how to secure the data and conversations stored within Microsoft Teams.

Where is the data?

The first key thing to understand what types of data you are talking about, and where it is actually stored. Every “Team” is build on an Office 365 Group, and this is where the majority of the Team related data will be stored. Each Channel in the Team will provision a new folder in the Group’s Document Library, and this is where files shared in Group conversations will be stored. Each Group also has a Group Mailbox, and this is where conversations held within channels are stored.

However, users can also communicate directly via chat, and share files from this interface. In this instance, the conversations will be stored in the user’s mailbox, and the files they share will be stored in OneDrive.

That’s great, but what does this mean when it comes to compliance?

Teams Conversation Data

As I mentioned above, the conversations from Teams Channels is stored within the Group Mailbox. If your organisation has a requirement to remove this data after a certain period, Microsoft will soon be releasing Retention Policies for Microsoft Teams which will allow you to remove content after a specified period, and this can be customised for different Teams.

Teams Retention 1

For eDiscovery, you can use the existing capabilities within the Security and Compliance Center to create an eDiscovery search on the Group Mailbox where the chat data is stored in a hidden folder, and optionally place this data on hold. To do this, use the IM content type as you would historically have done to search for Skype for Business conversation content.Teams Retention 2

Teams File Data

In a similar manor to conversations, as all Teams files are stored within the Groups SharePoint Team Sites, then you should apply the same practices for these files as you would for any other SharePoint sites.

So a standard Retention Policy would be applied and fitered down to your Office 365 Group sites, and eDiscovery search on the same.

What if I need to secure all data in a Team, whether it’s chat or files?

Simple! Set up an eDiscovery case for the specific content you are looking to protect and put both the SharePoint sites and IM conversations for the Group into the scope for the case. This way, you can have a single point of reference for all of your content referencing the case in question.

In Part 2 I will go on to introduce how you can protect individual user chats and files shared within Microsoft Teams, and future features that are going to assist with securing your Microsoft Teams data.

If you have any questions or comments please either use the comments section below, Tweet me @MikeParker365 or via email

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s