Microsoft Teams: New Workflows app experience in Teams and SharePoint

🚨 The Signal: A new Workflows app in Teams and SharePoint simplifies automation creation for end-users. This increases the potential for unmanaged automation, posing a risk of data exfiltration and privilege escalation if not governed.

The Impact

End-users are affected, increasing the risk of uncontrolled data flows and potential security vulnerabilities through simplified automation.

• End-users: Can create automations that may inadvertently expose sensitive data.
• Security Teams: Increased surface area for shadow IT and unapproved data movement.
• Compliance Teams: New challenges in maintaining data governance and audit trails.
• Admins: Requires new policies to manage user-created automations effectively.

The Action

1. Review and update existing Data Loss Prevention (DLP) policies to include Power Automate and Teams connectors.
2. Implement Power Platform tenant-level policies to restrict connector usage, especially for sensitive data sources.
3. Establish Data Loss Prevention (DLP) policies within the Power Platform Admin Center (admin.powerplatform.microsoft.com) to prevent data exfiltration.
4. Communicate acceptable use policies for automation creation to end-users.
5. Monitor Power Automate activity logs for unusual or high-risk automation flows.

Domain: Teams · Impact: high · Workload: Teams · Essential Eight: Application Control, Restrict Administrative Privileges · ISM: ISM-0445, ISM-0843, ISM-1175, ISM-1380, ISM-1490, ISM-1507, ISM-1508, ISM-1509, ISM-1544, ISM-1582, ISM-1647, ISM-1648, ISM-1650, ISM-1656, ISM-1657, ISM-1658, ISM-1659, ISM-1660, ISM-1686, ISM-1688, ISM-1689, ISM-1870, ISM-1871, ISM-1883, ISM-1897, ISM-1898