Identify/Remediate Microsoft Teams Channels with Public Access
search cancel

Identify/Remediate Microsoft Teams Channels with Public Access

book

Article ID: 220597

calendar_today

Updated On:

Products

CASB Securlet SAAS CASB Securlet SAAS With DLP-CDS CASB Security Standard Data Loss Prevention Cloud Detection Service for REST Data Loss Prevention Enforce

Issue/Introduction

Users have created Microsoft Teams and related SharePoint sites with "public access" in that anyone within the organization can access, view, and edit files stored within the associated SharePoint site. The customer would like CASB control that can identify these Microsoft Teams associated SharePoint sites and revoke Public Access back to Private.  

Environment

Component: CASB, Office 365 Securlet, Data Loss Prevention Enforce

Resolution

You need to follow Teams and channels from Microsoft to correctly create/manage channels. 

Teams can have standard, private, or shared channels

The Office 365 CloudSOC Securlet can track public and private team activity. Team activity violations appear as policy alerts in the Office 365 Securlet dashboard. A custom attribute can also be used in Symantec DLP policies to differentiate between public and private team activity.

To use the contextual attribute in a DLP policy, perform the following steps in Symantec DLP and Microsoft Office 365:

  1. Create a Symantec DLP policy and rule with the following options:
    - Attribute: string
    - Name: common.team.visibility
    - Match: team_type In the preceding option, team_type is Public or Private.
    - Match type: Match exactly
  2. Create a team in Office 365.

Example from DLP Enforce view:

Powered by Wolken Software