Data Management - Ensure DLP Policies are Enabled for Microsoft Teams
Summary
Enabling these policies for Microsoft Teams blocks sensitive content when shared in teams or channels. The content will be scanned for specific types of data such as social security numbers, credit card numbers, or passwords.
Reason
If DLP policies are enabled, then, they can alert the users and administrators about the types of data not to be exposed which in turn helps in protecting the data from accidental exposure.
What If?
Setting up these policies will allow sensitive data in Teams channels or chat messages to be detected or blocked.
How to?
To enable DLP policies, use the Microsoft 365 Admin Center:
- Under Admin centers pick Compliance to open Microsoft 365 purview compliance portal.
- Under Solutions select Data loss prevention and then Policies.
- Now, click Create policies.
- After that, either start with a template or create a custom policy.
- Provide a Name for your policy.
- At the Choose locations step, either choose Protect content in Exchange email, Teams chats and channel messages and OneDrive and SharePoint documents or select Let me choose specific locations. If you do select Let me choose specific locations, ensure that Teams chat and channel messages is selected.
- Ensure that the proper DLP policies are created for the type of content to be detected and what actions should be taken.
Monitor:
To verify that DLP policies are enabled, use the Microsoft 365 Admin Center:
- Under Admin centers pick Compliance to open Microsoft 365 purview compliance portal.
- Under Solutions select Data loss prevention and then Policies.
- Now, click Create policies.
- After that, verify that policies exist and are enabled.
- Now, ensure that under Locations to apply the policy the policies include Teams chat and channel messages.
To verify that DLP for Microsoft Teams is enabled for all users, use the Exchange Online/Compliance PowerShell Module:
- Run Exchange Online PowerShell Module.
- Connect using Connect-ExchangeOnline, then run the following
Import-Module ExchangeOnlineManagement
3. After that, connect to the Security and Compliance Center via the following Connect- IPPSSession.
4. Run the following PowerShell command to see what DLP policies are created:
Get-DlpCompliancePolicy
5. Next, you have to run the following to look at the policy details to ensure the required users are excluded TeamsLocationException
Get-DlpCompliancePolicy -Identity "POLICYNAME FROM ABOVE" | Select-Object TeamsLocation*
Comments
Post a Comment