Detections
Analytics

3.2.2 Ensure DLP policies are enabled for Microsoft Teams

Information

The default Teams Data Loss Prevention (DLP) policy rule in Microsoft 365 is a preconfigured rule that is automatically applied to all Teams conversations and channels. The default rule helps prevent accidental sharing of sensitive information by detecting and blocking certain types of content that are deemed sensitive or inappropriate by the organization.

By default, the rule includes a check for the sensitive info type Credit Card Number which is pre-defined by Microsoft.

Rationale:

Enabling the default Teams DLP policy rule in Microsoft 365 helps protect an organization's sensitive information by preventing accidental sharing or leakage Credit Card information in Teams conversations and channels.

DLP rules are not one size fits all, but at a minimum something should be defined. The organization should identify sensitive information important to them and seek to intercept it using DLP.

Impact:

End-users may be prevented from sharing certain types of content, which may require them to adjust their behavior or seek permission from administrators to share specific content. Administrators may receive requests from end-users for permission to share certain types of content or to modify the policy to better fit the needs of their teams.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

To remediate using the UI:

Navigate to Microsoft Purview compliance portal https://compliance.microsoft.com.

Under Solutions select Data loss prevention then Policies.

Click Policies tab.

Check Default policy for Teams then click Edit policy.

The edit policy window will appear click Next

At the Choose locations to apply the policy page, turn the status toggle to On for Teams chat and channel messages location and then click Next.

On Customized advanced DLP rules page, ensure the Default Teams DLP policy rule Status is On and click Next.

On the Policy mode page, select the radial for Turn it on right away and click Next.

Review all the settings for the created policy on the Review your policy and create it page, and then click submit.

Once the policy has been successfully submitted click Done.

Note: Some tenants may not have a default policy for teams as Microsoft started creating these by default at a particular point in time. In this case a new policy will have to be created that includes a rule to protect data important to the organization such as credit cards and PII.

Default Value:

Enabled (On)

See Also

https://workbench.cisecurity.org/benchmarks/15279

Item Details

Category: AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|AU-11, 800-53|SI-12, CSCv7|13, CSCv7|14.7

Plugin: microsoft_azure

Control ID: ba491a6ce156cb523b96fee5385a510f46e64cb89b6797415aa5a0e48101b7d5