Microsoft Teams: Inline preview of files shared

🚨 The Signal: Microsoft Teams now allows inline preview of shared files within chats and channels. This feature enables users to view file content without leaving the conversation, potentially increasing exposure of sensitive information if not properly governed.

The Impact

All Teams users are affected by this change, increasing the risk of inadvertent data exposure if existing DLP and access controls are not robust.

• End users: Increased risk of viewing sensitive data in unapproved contexts.
• Security teams: Need to review and potentially update DLP policies for Teams.
• Admins: Must ensure file access permissions are correctly applied and enforced.
• Compliance teams: Requires re-assessment of data handling procedures within Teams.

The Action

1. Review existing Microsoft Purview DLP policies for Teams to ensure they adequately cover inline file previews.
2. Verify sensitivity labels are correctly applied to documents and enforced within Teams.
3. Educate users on the importance of file permissions and not sharing sensitive data in inappropriate channels.
4. Audit Teams channel and chat permissions to restrict access to sensitive content.
5. Consider implementing stricter sharing controls for sensitive information within Teams via SharePoint/OneDrive settings.

Domain: Teams · Impact: medium · Workload: Teams