(Updated) Microsoft Teams: Sharing recap access

🚨 The Signal: Teams meeting organizers can now share meeting recaps (recordings, transcripts, AI summaries) with non-attendees. This increases the risk of sensitive information exposure if not managed carefully.

The Impact

Meeting organizers and attendees are affected, with a security risk of increased unauthorized disclosure of sensitive meeting content.

• Meeting organizers: Risk of inadvertently sharing sensitive data outside the intended audience.
• Meeting attendees: Risk of sensitive information being shared without their explicit knowledge or consent.
• Security teams: Increased surface area for data exfiltration and compliance violations.
• Compliance officers: Greater challenge in enforcing data handling policies for meeting content.

The Action

1. Review existing Microsoft Teams sharing policies for meeting recordings and transcripts.
2. Educate users, especially meeting organizers, on the implications of sharing meeting recaps and best practices for data handling.
3. Implement or reinforce Data Loss Prevention (DLP) policies in Microsoft Purview to detect and prevent unauthorized sharing of sensitive meeting content.
4. Monitor Microsoft Teams audit logs for sharing activities related to meeting recaps.
5. Consider sensitivity labels for meeting content to enforce automatic protection and access controls.

Domain: Teams · Impact: high · Workload: Teams