Welcome to the 2018 Learn Teams Conference - 25+ World Class Experts Teach You How to Use Microsoft Teams! April 3 - April 7, 2018
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
LearnTeamsConference.com
Power Users of Collaboration
Welcome to the 2018 Learn
Teams Conference
25+ World Class Experts Teach You
How to Use Microsoft Teams!
#LTC18 April 3 – April 7, 2018
LearnTeamsConference.com Power Users of Collaboration Security and Compliance with Microsoft Teams – Step 2 April 3-7, 2018 #LTC18 @AlistairPugin
Security and Privacy
Security Privacy
Security by design Privacy by design
• Data Encryption at rest and in transit • Data stored in-region based on tenant affinity
• Dedicated security professionals • No customer content accessible in logs or
telemetry
• Threat models, Security Reviews, Automated
Security Tools • Grant least privilege required to complete task
• Penetration testing with regular rotation of 3rd • Dedicated Privacy professionals
party penetration testers
• Adhere to Office 365 data classification and
• All keys stored in Azure Key Vault data handling standards
• Admin: Screening, training, access control • Access to Production environments is locked
down
• Host: Access control, anti-malware, patch
management, AAD Modern Authentication • Working to support General Data Protection
Regulation (GDPR) ahead of May 2018 deadline
• Network: Firewalls, edge routers
• Facility: Physical controls, video surveillance,
access control
• Bug Bounty Program (We pay friends, hackers
and researchers to find security bugs)
http://aka.ms/STP is where you can download
Compliance Tiers the audit reports.
https://aka.ms/MicrosoftComplianceStan
dards for Microsoft Compliance Standards
Download
Controls Today CY2018 H1
More than 950 Office 365 controls
• Access control
• Auditing and logging
• Identification and authorization
• Awareness and training
• Continuity planning
• Incident response
• Risk assessment
• Communication protection
• Information integrity
• Deployment Approvals and management
Ongoing compliance processes
• Recurring audits like SOC, FEDRAMP, ISO+
independent verification
▪ Email
O365 Information Protection
▪ 1:1 chats
tools
▪ Group chats
▪ eDiscovery
▪ Channel messages
▪ Legal Hold
▪ Compliance content search
Microsoft Chat O365 ▪ Archive
Teams service substrate ▪ Retention
▪ Audit Logs
▪ SharePoint Files
▪ OneNote/Wiki
▪ OneDrive for Business
181 countries | 25 languages
AMERICAS EMEA APAC
tenant in Australia, Canada,
India, Japan, the United
Kingdom, or the United
States
Dublin UK
Bay Amsterdam
Des
Moines
Hong Kong
Singapore
Teams Data in UK
Microsoft Confidential 2
Information Protection Roadmap
Capability
Archiving Teams Data
Compliance Content search
eDiscovery – Messaging/Files
Available Today
Legal hold
Auditing and reporting
Exchange Online Protection
Conditional Access and Intune MAM
Moderator support
Allowed List of Apps
Windows Information Protection
Tenant-specific retention policy
eDiscovery – Calling/Meetings
Data loss prevention (DLP)
Advanced Threat Protection
GA
Archiving in Office 365 enables preservation of all content immutably
and enables retention, eDiscovery and other compliance capabilities.
What is archived?
▪ Immutable data
▪ Integrated management
▪ Safeguard your data
▪ Highly reliable, available and What is the default archiving policy?
performant.
▪ Unlimited Storage*
Where is Microsoft Teams data archived?
Gartner has named Microsoft a How do I manage archiving?
Leader in the 2016 Magic Quadrant
for Enterprise Information ArchivingGA
Content Search can be used to search mailboxes, SharePoint Online
sites, OneDrive for Business Locations and Teams Data across all of the
organization. There are no limits on the number of mailboxes or the
number of searches that can be run at the same time.
▪ Search Across item types
What accounts/locations can I includes in a search?
▪ Search Organization wide
▪ Highly Scalable
▪ Export for offline use
What search filters can be applied to a search?
▪ Uncover Search Statistics
Can I download/export results from a search?GA
Electronic discovery is the electronic aspect of identifying, collecting
and producing electronically stored information (ESI) in response to a
request for production in a law suit or investigation.
Does eDiscovery in Office 365 work with Teams Data?
▪ The Teams Information Protection Dataset is covered along with all the other communication and
productivity workloads in the O365 Security and Compliance Center.
What are the different stages of a typical eDiscovery process at a large company?
▪ Unified eDiscovery Center
▪ In-Place hold
▪ Quickly identify the most
relevant data
▪ View/Export data in Advanced eDiscovery
Reduce eDiscovery costs
Case management
In-place eDiscovery
standard EDRM format Access Control All of in-Place +
Content Searches Duplicate detection
Hold(s) Relevance Searches with
Export Machine Learning
Unstructured Data
analysisGA
When a reasonable expectation of litigation exists, organizations are
required to preserve electronically stored information (ESI) relevant to
the case. This expectation often exists before the specifics of the case
are known and organizations may need to preserve broadly all
information related to certain individuals, keywords or topics.
Can user continue to user Teams when they are put on hold?
▪ Permanently Preserved Data
within O365 solution
What is the difference between Litigation Hold and In-Place Hold?
▪ Flexibility: Multiple Time Based
Holds
▪ Integrated management with
eDiscovery
What happens to edits and deletes when a user is on hold?
▪ Narrow Down on Legal Data –
Intelligent Query based holds
▪ Transparent to End User
What Teams Data can be put on Hold?GA
Auditing and reporting supports the need for IT Admins to track
important business events within Office 365 and now Teams.
What types of events are being captured for auditing in Teams?
Object/File Access Events
Account Logon events File Creation/Access/Upload/Deletion
User/Admin Login and Logout from teams File rename/modification/movement/restoration
Client(s)
▪ Audit all Teams Events Service Logins and Sessions
File Copy/Checking in and out
▪ Audit all/specific users
▪ View, Filter, Export results
Audited Events
▪ Unlimited Auditing Timeline
Process Tracking events Account Management events
▪Setting Store Changes – Client and Admin •User Roles/Permissions setting/editing
Portals •Teams Enablement or License assignment
▪Additions of Connectors or Bots events
▪Editing of Posted Chat messages •Group/Team/Channel Creation and Deletion
and member updates
What is the SLA for when the audit log is updated?IT admins can make the use of Microsoft Teams more secure by enforcing restrictions on both managed and non
managed devices using Intune MAM and CA policies.
What platforms/devices are supported for Teams Conditional Access/MAM?
GA
Device / Platform
Mobile Client Desktop Client Web Client
▪ iOS (7.1+) ▪ Windows PC (8.1+) ▪ IE, Edge
▪ Android (4.0+) ▪ Mac OS X
What are the general factors in setting up Conditional Access policies?
You can set a conditional access policy to protect access based on:
•Targeted Sets or Groups of users
•The device compliance definition and status
•The platform that is running on the device
•The type of apps that are used to access the services (example: Teams)
✓ Simplified enrolment process to increase user adoption
If the user/device is non compliant, a message is displayed that directs the user to
the Intune Company Portal app or website where there are remediation steps.
✓ Protect data at the Teams App level without having to manage devices
Will Exchange and SharePoint Conditional Access Policies apply to Teams?
✓ Employees can use their favourite device to access Teams securely
Yes, because Teams Services rely on Exchange Online and SharePoint online.
✓ Prevent data loss between Teams and other personal appsRetention Policies allow IT admins to manage the lifecycle of content
within Office 365, including all data from Teams.
What does Retention mean in the context of Microsoft Teams?
Teams related Retention polices Retention period Retention action
Chats (1x1, 1xN) Configurable by tenant (days) ▪ Delete & Allow recovery
in Security and Compliance ▪ Permanently delete
Center, example: 30 days ▪ Archive
▪ Flexible – different policies for
different types of Items
Channel messages Configurable by tenant (days)
▪ Standard Preservation & in Security and Compliance
Deletion Policy templates Center, example: 365 days
▪ Integrates with Legal Hold and
e-Discovery
Files (SharePoint Online and Configurable by Tenant for Site ▪ Delete & Allow recovery
▪ Integrated Management OneDrive for Business) Templates, Site Collections and ▪ Permanently delete
Document Deletion ▪ Manage through Records
Management
How does Retention and Persistent Chat in Teams work together?
▪ Retention Policies if set, will wipe out the Teams Data from all possible locations in the Microsoft
cloud infrastructure. If persistent chat is a requirement without retention, then default retention
policy can be overridden to extend it for N no. of years (or indefinitely)Moderation provides the ability for a Team or Tenant Admin
to control the nature of messages being sent and persisted in
any chat in Teams.
Admin Controls:
• Allowing Team Owners to delete all messages
• Allow Tenant Admin to disable private chat (1xN) all together.
Muting and Moderation (EDU targeted)
• Ability for a Teacher to mute a student in a Team
What is the user experience for a student who has been muted?
▪ Flexible – different controls at Only a Team Owner (i.e. Teacher) can mute a member. Once muted, the
both tenant (global) and member cannot post/reply to messages.
team(local) levels
▪ Graceful User Experience for What about moderation features for Team Admins in general?
For moderation of posting on General Channel of a team, there are new team
“moderated” participant settings that allow admins to control the noisiness of the general channel:
▪ Prevents bullying and other
bad behavior in classroom - Anyone can post in general
- Anyone can post but will be alerted before they do so (large teams)
situations - Only owners can post on general
Is there full support for these features on mobile?
Yes, all of the above features are going to be available on all Teams Clients.Apps (Bots, Connectors and Tabs) represent flow of important information both in and out of the Tenant. While Teams strongly supports the concept of empowering the end user to find the right app for the right scenario, we also ensure that IT Admins have ways of controlling usage and distribution of apps within their organization. What controls do I have as a Tenant admin at this time? • Control default state (on/off) for all 3rd Party store published • Apps Control side loading of Apps by end users in Teams • Control default state (on/off) for yet unpublished apps as a preventive step What does side-loading of apps in Microsoft Teams mean? End users can take apps that they have built using the Microsoft bot framework and add them to their Teams. How do I populate Teams with a restricted set of Apps upfront? This feature is on our roadmap. We want to allow admins to be able to side-load a set of pre-approved LOB Apps for their tenant.
Windows Information Protection (WIP), previously known as
enterprise data protection (EDP), helps protect enterprise apps and
data against accidental data leak on enterprise-owned devices and
personal devices without requiring changes to your environment or
other apps.
How does WIP Apply to MSTeams?
MS Teams Windows Client is a WIP Aware app and classified as
Enterprise or Corporate Owned. Data created from Teams is subject to
encryption and protection offered through WIP Policies on Windows 10
Enterprise devices.
What are the different controls WIP offers?
• Prevent enterprise data leaks, - Classify all data into Enterprise or Personal at a user level
even on BYOD devices - Restricting Copy or Download of Enterprise data & using Allowed
Apps only to access Enterprise Data
• Maintain ownership and control - Encrypt all Enterprise data at rest & prevent accidental data
disclosure to public spaces and removable media
• Control the network/data access - Flexibility to allow user to hide or allow overrides of the policy and
and sharing for all Apps or audit data sharing actions
- Remotely wipe all Enterprise data from MDM enrolled devices while
leaving personal data behind in employee termination scenariosResources to Learn More
https://aka.ms/SuccessWithTeams https://FastTrack.microsoft.com
Your hub for all things Microsoft Teams including vision, Assistance for customers to realize their vision with
practical onboarding guidance, success stories, and support. Microsoft cloud services
Resource Link
Office Blog https://aka.ms/OfficeBlog
Office Roadmap https://aka.ms/OfficeRoadmap
Product Help https://aka.ms/TeamsSupport
Known Issues List https://aka.ms/TeamsKnownIssues
Team Developer Hub https://TeamsDeveloper- Read about Teams top information Protection Features: https://aka.ms/TeamsInformationProtection - Learn about how to successfully deploy Teams in an Enterprise: https://www.successwithteams.com/ - Other Interesting Blog Posts about Teams IP Features: https://aka.ms/TeamsEnterpriseFeatures - https://aka.ms/SCCOverview for an overview of the Security and Compliance Center
You can also read
