Enhanced File Sharing Microsoft Teams
Proofpoint CASB provides enhanced visibility and control over external sharing of files within Microsoft 365 for direct and indirect sharing of files with group.
File sharing in Microsoft Teams is done via:
-
Direct Message
-
Group Chat
-
Teams Channel
CASB provides enhanced file sharing visibility for Teams including share level, collaborator user and domain visibility when sharing files in MS Teams. CASB calculates the share level of direct/group chats and Teams channels based on their participants to determine the share level of files sent via Teams. This can trigger alerts when sensitive data is shared via teams with external collaborator email addresses or domains.
Microsoft Teams utilizes OneDrive for file sharing via direct/group chats and SharePoint for file sharing via Teams channels.
Teams file sharing activity mapping:
For file sharing activities via Teams direct and group chats, CASB provides the share level, list of chat participants and their domains. For file sharing activities via Teams Channel, CASB provides the channel name and share level.
The table describes the exact fields that hold the sharing information:
|
Direct Chat (OneDrive) |
Group Chat (OneDrive) |
Channel Massage (SharePoint) |
|
|---|---|---|---|
| Event Types containing relevant information | Sharing Set | Sharing Set | File upload |
| Share Level | activity.resources Insights | activity.resources Insights | activity.resources Insights |
| Chat participants domains | activity.resources Insights | activity.resources Insights | N/A |
| Chat participants | activity.resources relations labels | activity.resources relations labels | N/A |
| Channel name | N/A | N/A | activity.resources relations labels |
| Rule Activity Type | Content Sharing | Content Updates | Content Updates |
| Related Rule Attributes | Collaborators (event) | Collaborators (event) Visibility (share level) | Visibility (share level) |
| Supported Remediation Action | Undo Share | Make Internal Make Private Remove Public Link | Make Internal Make Private Remove Public Link |
Important Notes
Prerequisites:
-
Two new M365 scopes are required (TeamMember.Read.All, ChannelMember.Read.All). customers with existing M365 connectors need to disconnect and re-connect the Microsoft 365 CASB connector while providing the newly required scopes to utilize the enhanced share level visibility in Teams.
-
Forwarding Shared files via Teams:
-
Group Chats: M365 will generate a File Access event as such CASB cannot associate this activity as to a file sharing activity in Teams.
-
Channels:M365 does not generate any events for this action.
-
Group Chat file sharing behavior: For file sharing via group chats Teams creates a sharing link and shares it with group participants. You will see Secure Link Create / Company link Create / Anonymous link create activities based on your organization’s default SharePoint site settings (Only People in my organization or Anyone with the link). Refer to this article for information. These activities can be ignored and do not contain collaborator/channel info.
For group chats CASB cannot perform Undo Share remediation action because the file does not contain direct sharing permissions. Alternatively select a remediation action that remove sharing links like make internal, make private or remove public link.
Related Topics: