(Updated) Microsoft Teams: Viva Engage communities in Teams

🚨 The Signal: Viva Engage communities are now integrated directly into Microsoft Teams, centralizing asynchronous communication. This change consolidates communication channels, potentially increasing data sprawl and the attack surface for social engineering within Teams.

The Impact

All Teams users with Viva Engage access are affected, increasing the risk of unmoderated content and information leakage.

• Security Teams: Increased surface area for data governance and content moderation.
• Compliance Teams: New pathways for information sharing require policy review.
• End Users: Potential for increased exposure to unmoderated or malicious content.
• Admins: Need to review and potentially update existing Teams and Viva Engage policies.

The Action

1. Review existing Viva Engage content moderation policies for applicability within Teams.
2. Assess current data loss prevention (DLP) policies in Microsoft Purview for Viva Engage content.
3. Communicate acceptable use policies for Viva Engage communities within Teams to end-users.
4. Evaluate the need for specific security training related to social engineering risks in integrated platforms.

Domain: Teams · Impact: medium · Workload: Teams