Remediation Microsoft Teams with Public Access

book

Article ID: 220597

calendar_today

Updated On:

Products

CASB Securlet SAAS CASB Securlet SAAS With DLP-CDS CASB Security Standard Data Loss Prevention Cloud Detection Service for REST Data Loss Prevention Enforce

Issue/Introduction

Users have created Microsoft Teams and related SharePoint sites with "public access" in that anyone within the organization can access can view files etc stored within the associated SharePoint site. You are looking for CASB control that can identify these Microsoft Teams associated SharePoint sites and revoke Public Access back to Private.

Environment

Component: CASB, Office 365 Securlet, Dala Loss Prevention Enforce

Resolution

You need to follow Public and private team activity official guide. 

Office 365 Securlet can track public and private team activity. Team activity violations appear as policy alerts in the Office 365 Securlet dashboard. A custom attribute can also be used in Symantec DLP policies to differentiate between public and private team activity.

To use the contextual attribute in a DLP policy, perform the following steps in Symantec DLP and Microsoft Office 365:

  1. Create a Symantec DLP policy and rule with the following options:
    - Attribute: string
    - Name: common.team.visibility
    - Match: team_type In the preceding option, team_type is Public or Private.
    - Match type: Match exactly
  2. Create a team in Office 365.

Example from DLP Enforce view:

Attachments