🟢 DISCOVER DETOX FOR MICROSOFT 365 COPILOT : 2 STEPS TO REDUCE DATA EXPOSURE! START YOUR RISK ASSESSMENT 👉

Microsoft 365

14 December 2023

How to improve governance in Microsoft Teams

Video MydataSecurity to govern Microsoft Teams data

The online communication tool Microsoft Teams has become central to employees’ daily use of the Microsoft 365 suite.

However, the use of Microsoft Teams also involves challenges in terms of governance, specifically defining rules and best practices to ensure the proper functioning and sustainability of virtual teams and more generally of the company’s information assets. Microsoft Teams governance includes creating and deleting teams, managing members and roles, configuring settings and features, monitoring data quality and compliance, and training and supporting users. Governance is therefore a strategic issue for companies wishing to make the most of this innovative tool.

How MyDataSecurity helps improve governance of Microsoft Teams data ?

MyDataSecurity for Microsoft Teams

MyDataSecurity is a tool that allows company employees to manage access rights to their data in their Microsoft 365 account. The tool is presented as a personal and interactive dashboard (available in several languages), which displays all of the owner's resources and the access permissions for these files. The tool thus aims to strengthen the confidentiality and security of user data and the governance of their access.

Centralisation of shared files and channels

First, the tool collects resources and files stored and shared within M365 suite applications: Outlook, Teams, Sharepoint, OneDrive… (without ever accessing their content!).

In MyDataSecurity, you will find the "Teams" tab, which contains:

All Teams sites and channels you own

An overview of access and permissions for a Teams team

MyDataSecurity provides a team-level overview of:

all members;
all files that are accessed;
all permissions granted.

Capture décran du tableau de bord MyDataSecurity dIDECSI pour Microsoft Teams

Three main features for managing access to shared data in Teams

1. Global visibility of Microsoft Teams data

As shown in the video above, thanks to MyDataSecurity for Teams, you have global visibility of:

your teams: public or private;
the number of owners;
your public groups;
the number of guests (internal or external);
the level of data confidentiality (labels specific to company policy);
the different document permissions.

2. Focal points on Microsoft Teams

The tool highlights “focal points” for the user on each of these elements.

A focal point is an element that requires particular vigilance when visiting MyDataSecurity. It may be a risk or an anomaly or even a configuration error with respect to the company's security policies. It allows this point to be identified and prioritised by its owner to ensure proper handling.

A focal point is reported from the MyDataSecurity home page (link which goes directly to the element in question). It is easily identifiable thanks to its red label.

In Teams, common use cases are:

a public group;
excessive document permissions (the whole company, anyone with the link);
only one owner per team.

For example, if a Teams group or channel is configured in public, a focal point and a caption will highlight the best practice to follow, namely preferring configuration in private mode.

Furthermore, other indicators allow the user to understand this information: labels to identify sensitive classified data, to identify external members, etc.

3. Remediation in Microsoft Teams

One of the strengths of the MyDataSecurity tool is that in addition to centralising information on groups, files, members and associated permissions, it allows corrections directly from the interface.

The owner can simply click and, for example, delete external members who are no longer attached to a project, or revoke access rights to sensitive files. At Teams group level, you can also change the type of access (upgrade/downgrade), for example, from member to owner or vice versa.

The tool’s user experience has been designed to simplify the rights review process as much as possible and to promote best practice in terms of governance and security.

MyDataSecurity: being responsible for data security in Teams

Every user has a role to play in data governance and security. Every data owner knows with whom they shared their file. Subtleties exist when it comes to collaborative work. So who is responsible and what does that entail?

Microsoft Teams uses the notion of "owner" to define users who created or inherited the team, channel or group. MyDataSecurity is based on a new notion specific to the tool, that of “manager”.

We wanted to distinguish between these two important roles because they have different responsibilities:

A team owner in Microsoft Teams is the administrator of a team. This is a person who has full control over a team's settings, members and channels.
A team (or site) manager in Microsoft Teams is the person responsible for managing its security. The manager is therefore in charge of checking its members and shared files. The manager receives the focal points on the teams they manage, they know what is legitimate and what is not, and more. There can only be one manager (whereas there can be several owners). Although this role is first assigned automatically by the MyDataSecurity tool, it can be changed with a validation request.

Capture d'écran de Microsoft Teams change manager dans MyDataSecurity

MyDataSecurity is accessible at all times by the owner (in case of doubt, if the owner wants to report a departure, etc.), but the tool is mainly used during rights review campaigns.

Overseen by security teams, the campaigns target users and receive a link to access their MyDataSecurity dashboard via TeamsBot or by email to verify/correct the information.

Finally, the tool provides automatic notification workflows in the case of conduct or use that deviates from security policies.

MyDataSecurity: data governance and protection

Microsoft Teams raises major data security and governance challenges at the heart of data shared in M365. The MyDataSecurity tool for Teams gives users a complete overview of permissions, members and shared files, and helps identify anomalies and errors. By joining forces and making company employees responsible, the tool aims to improve governance and thus data protection.