Collaboration is a crucial part of our daily work lives. Microsoft Teams made collaboration easier and the sky is the limit. In between all the applause and cheers, customers are starting to answer an important question: How can we secure and manage our data? Jasper Oosterveld, Microsoft MVP & Modern Workplace Consultant, is going to answer this question. You can expect real world advise around sensitivity & retention labels, DLP and managing external access.

1. #ScottishSummit2022
Secure and manage your
data in Microsoft Teams
Jasper Oosterveld
Microsoft MVP & Modern Workplace Consultant

2. #ScottishSummit2022
Thank You to our Sponsors…
Event Sponsor
Platinum Sponsors

3. #ScottishSummit2022
Thank You to our Sponsors…
Gold Sponsors
Accessibility
Event Lunch Data Analytics
Data Quality

4. #ScottishSummit2022
Speaker
Bio
• Microsoft Teams
• Compliance
• Governance
• Adoption
“Try to be kind”
Microsoft MVP &
Consultant
www.linkedin.com/in/jasperoosterveld
www.jasperoosterveld.com
@jasoosterveld

5. #ScottishSummit2022
Power of Microsoft Teams
Chat Meetings Calling Apps &
workflows
Collaboration

6. #ScottishSummit2022
Business value
Increase productivity Compliant & secure
Central & integrated
work experience
Accelerate digital
transformation

7. #ScottishSummit2022
Customer worries
• Teams' explosion
• Duplication
• Purpose unclear
• Findability
• External access & sharing
• Being safe and compliant

8. #ScottishSummit2022
External Access
Managing external access while working with Microsoft Teams

9. #ScottishSummit2022
Risks
• Guests get access to sensitive content (public channels).
• Guests can download and leak sensitivity information.

10. #ScottishSummit2022
Before you enable external access
• Define your internal policies for inviting and working with guests
in Microsoft Teams.

11. #ScottishSummit2022
Managing the risks
• Apply MFA for guests.
• Apply sensitivity labels & DLP to protect sensitive content.
• Apply Conditional Access for unmanaged devices.

12. #ScottishSummit2022
Managing external access
• Block or allow specific domains.
• Expiration policy.
• Reauthentication (verification code).
• Enable for specific teams.
• Type of sharing link (new and/or existing).

13. #ScottishSummit2022
Reviewing external access
• Azure Access Reviews (Azure AD P2)
• Custom solution (for example: blog.atwork.at | Groups
Governance Toolkit Part 5-External Guests).
• 3rd party solution (for example: ShareGate & AvePoint).

14. #ScottishSummit2022
Being safe & compliant
An introduction to the importance of a compliance strategy &
implementation.

15. #ScottishSummit2022
Trends
Data is exploding! 10x amount of data created and stored by 2025 (vs. 2016).
The regulatory landscape is complex and shifting.​
COVID-19 caused an explosion in the usage of Microsoft Teams.

16. #ScottishSummit2022
Challenges
88% of organizations no longer have confidence to detect and prevent loss of
sensitive data.
>80% of corporate data is “dark” – it’s not classified, protected or governed.
Protecting and governing sensitive data is biggest concern in complying with
regulations.
Source
1.Forrester. Security Concerns, Approaches and Technology Adoption. December 2018
2.IBM. Future of Cognitive Computing. November 2015
3.Microsoft GDPR research, 2017

17. #ScottishSummit2022
Risks
High fines
Reputational damage
Go out of business

18. #ScottishSummit2022
Real world examples
• "OLVG receives fine of 440,000 euros for unlawful access to
sensitive information".
• "Personal data of 65,000 civil servants on the street due to
data leak at ministry.
• "Over 100,000 resumes illegally downloaded at Employee
Insurance Agency“.

19. #ScottishSummit2022
Three important questions
1. Do you know where your business critical and sensitive data
resides and what is being done with it?
2. Do you have control of this data as it travels inside and
outside of your organization?
3. Are you using multiple solutions to classify, label, and protect
this data?

20. #ScottishSummit2022
Microsoft Purview
Microsoft to the rescue 

21. #ScottishSummit2022
Microsoft Purview

22. #ScottishSummit2022
Purview Information Protection
Broad coverage
Discover Classify Protect Monitor
Devices Apps Cloud services On-premises

23. #ScottishSummit2022
Information Classification Policy
Non-business
data, for personal
use only.
Company data
specifically
prepared and
approved for public
use.
Company data
intended for
general use within
and outside the
organization
(business
partners).
Sensitive company
data that damages
the company if it is
shared with
unauthorized
people.
Highly sensitive
company data that
causes damage to
the company if it is
shared with
unauthorized
people.
Personal Public Internal Confidential Secret

24. #ScottishSummit2022
Information protection policy
Personal
“Non-business data, for personal use only.”
No protection
“Company data specifically prepared and approved for public use.”
No protection
“Company data intended for general use within and outside the organization (business partners).”
No protection
Internal
Public

25. #ScottishSummit2022
Information protection policy
“Sensitive company data that damages the company if it is shared with unauthorized people.”
• Accessible for all Contoso employees (internal) & for authorized persons (external).
• Example: HR & Finance
“Highly secret company data that causes damage to the company if it is shared with unauthorized
people.”
• Accessible to authorized people per department.
• Example: Board of Directors
Confidential
Secret

26. #ScottishSummit2022
Sensitivity labels
Classifying and protecting your data & teams.

27. #ScottishSummit2022
Sensitivity labels: What?
1.Classify & protect sensitive information.
2.Classify Microsoft 365 Groups.

28. #ScottishSummit2022
Sensitivity labels: Why?
Sensitive information
• Protect sensitive information from unauthorized access by
applying encryption.
• The encryption continues to work regardless of the location of
the sensitive information.

29. #ScottishSummit2022
Sensitivity labels: Why?
Microsoft 365 Groups (Microsoft Teams)
• Enforcing governance agreements:
• Default privacy setting.
• Enable or disable guest access.
• Type of external sharing links.
• Type of access with unmanaged devices.

30. #ScottishSummit2022
Sensitivity labels: How?
• Applied manually (E3) or automatically (E5).

31. #ScottishSummit2022
Auto labels & sensitive info types
• Pattern-based classifiers for sensitive content.
• Out-of-the-box:
• IBAN
• Credit card
• Social Security Number
• Create your own:
• PlayStation 6

32. #ScottishSummit2022
#ScottishSummit2022
Scenario
• Megan works on the
development of the
PlayStation 6 (codename:
Project Raven).
• She wants to classify &
protect the content related to
the project.
Megan Bowen
Marketing specialist

33. #ScottishSummit2022
#ScottishSummit2022
Solution
• Sensitivity label for file & e-
mail.
• Custom Sensitive Information
Type (SIT) for PlayStation 6.
• Auto classification connected
to the SIT.
Classify & protect Project
Raven content

34. #ScottishSummit2022
Demo
Manually & automatically apply a label to sensitive information.

35. #ScottishSummit2022
#ScottishSummit2022
Scenario
• Alex works as PM on the
development of the PlayStation
6 (codename: Project Raven).
• Alex wants a private & secure
collaboration space with
Microsoft Teams.
• External access is only allowed
with approved accounts.
Alex Wilber
Project Manager

36. #ScottishSummit2022
#ScottishSummit2022
Solution
• Sensitivity label for M365
Groups.
• Attach to project sites.
Classify teams to enforce
governance requirements

37. #ScottishSummit2022
Demo
Sensitivity labels & Microsoft Teams

38. #ScottishSummit2022
Data Loss Prevention
Detect sensitive information

39. #ScottishSummit2022
DLP: What?
• Identify, monitor, and automatically protect sensitive items.

40. #ScottishSummit2022
DLP: Why?
• Prevent the conscious or unconscious sharing of sensitive
information with colleagues and/or external people.

41. #ScottishSummit2022
DLP: How?
High level
• Create a policy based on existing regulations (GDPR) or
customize your own.
• Select the location (M365, OnPrem, Devices, OS & non-MS
cloud apps).
• Define your policy settings (conditions & actions).
• Test & deploy.

42. #ScottishSummit2022
#ScottishSummit2022
Scenario
• She wants to prevent the
sharing of Project Raven
information in other teams.
Megan Bowen
Marketing specialist

43. #ScottishSummit2022
#ScottishSummit2022
Solution
• Data Loss Prevention Policy
for all Microsoft 365 services.
• Connect with Project Raven
Sensitive Information Type.
Prevent sharing sensitive
information

44. #ScottishSummit2022
Demo
Data Loss Prevention

45. #ScottishSummit2022
Data Life Cycle Management
Formerly known as Information Governance

46. #ScottishSummit2022
Data Lifecycle Manage: What?
• Govern your data for compliance or regulatory requirements.

47. #ScottishSummit2022
Options
• Retain content for a specified period (days, months & years).
OR
• Retain & automatically delete content after a specified period (days,
months & years).
OR
• Automatically delete content after a specified period (days, months &
years).
OR
• Retain content forever.

48. #ScottishSummit2022
Retention: How
• Retention Policies
• Retention Labels
• Record Management

49. #ScottishSummit2022
#ScottishSummit2022
Scenario
• Alex wants to preserve all
content from Project Raven
for an indefinite amount of
time.
Alex Wilber
Project Manager

50. #ScottishSummit2022
#ScottishSummit2022
Solution
• Retention Policy for the
Project Raven team.
• Retention Label for all
Microsoft 365 services.
Preserve all Project
Raven content

51. #ScottishSummit2022
Demo
Data Lifecycle Management

52. #ScottishSummit2022
Conclusion
Finish with some tips & tricks

53. #ScottishSummit2022
Tips & tricks
• Start by defining your policies instead of a focus on the
technology!
• Start with a pilot.
• Don’t forget about governance & change management.
• Be aware of licensing! Auto = E5, DLP & Teams = E5.

54. #ScottishSummit2022
Thank You to our Sponsors…
Event Sponsor
Platinum Sponsors

55. #ScottishSummit2022
Thank You to our Sponsors…
Gold Sponsors
Accessibility
Event Lunch Data Analytics
Data Quality

56. #ScottishSummit2022
Thank you!