The Microsoft Cloud offers robust security features that are often overlooked by organisations. Have you considered how your data will be protected in Microsoft Teams? Senior Pre Sales Consultant Kieron Sykes talks through three fundamental features to get you started.
In the world of IT, compliance is about the protection and control of data, how and where data is stored, access controls and general availability.
Part of my role entails reviewing RFPs (Request for Proposals) from customers. These always include a section on security and compliance, where the responder must demonstrate how the proposed solution meets various compliance standards. Microsoft Teams is at the forefront of our conversations with both new and existing customers. A common challenge we’re seeing is how quickly Teams is deployed without consideration of how the data is being shared or accessed, and the potential associated compliance risks.
Documents and messages in Teams are stored in the cloud, accessible from anywhere on any device. This means controls need to be put in place to protect sensitive information, ensuring that it’s only available to authorised employees from authorised locations.
Microsoft 365 already offers the most comprehensive set of compliance offerings of any cloud service provider; however, many organisations are unaware of what is available and how to access the controls. Here are three important compliance features you should implement:
1. Two-factor authentication for better login security
We’ve come across a number of organisations that have not implemented the basics when it comes to cloud services. In Office 365, user identity is the new firewall – it controls access to all applications and services. With high levels of phishing attacks so prevalent, it surprises me how many organisations don’t use multi or two-factor authentication. Even if a password does get compromised, the attacker can’t sign in if the user’s account requires the second factor of authentication.
2. Conditional access policies
Azure Active Directory Conditional Access provides automated control decisions for access to cloud applications based on a set of conditions, such as location, device state, sign-in risk, and client application (i.e. web-based apps, mobile apps etc). This enables more flexible access to Teams when users are outside the known corporate network, as opposed to an “allow all” principle that goes against ISO27001 guidance.
3. Enabling auditability with eDiscovery
eDiscovery is a central area for authorised personnel (typically compliance officers) to conduct a comprehensive investigation into Office 365 user activity. Content search within eDiscovery provides the capability to search SharePoint and OneDrive sites, which form the substrate for document collaboration in Teams. Office 365 also provides a unified audit log to enable organisations to search activity across multiple Office 365 workloads, including Microsoft Teams. Auditing may not be turned on by default within a Teams tenant. This has to be enabled for the unified audit log to be searchable. Once it’s turned on, compliance officers can search and filter capabilities for specific user activities.
Another feature worth noting is the Microsoft Compliance Manager. This displays a score against common compliance standards, such as GDPR, ISO27001 and NIST, and provides actionable insights to ensure compliance standards are met.
Putting these security measures in place will help with the overall user adoption of Microsoft Teams, as well as safeguard your organisation from potential risks. If you have any questions, leave a comment below or contact us to discuss your Teams migration.
Senior Pre Sales Consultant | Modality Systems
Looking to scale Teams in a large enterprise? Watch our webinar, hosted by Principal Solutions Architect Tom Arbuthnot.
- Technical and end user considerations.
- Practical steps for applying the right governance and control.
- How to sustain the momentum and ensure it becomes a valuable business tool.
- The possibilities of using bots to automate processes.
- The use of data intelligence to help reduce negative factors, such as content sprawl, and drive positive engagement and adoption.