Microsoft Teams: share file in chat with external users

🚨 The Signal: Teams now allows sharing files and Loop components with external users in chats, automatically provisioning access. This expands data sharing vectors, requiring review of existing external sharing policies and data loss prevention controls.

The Impact

All users are affected, increasing the risk of unintended data exposure to external parties.

• End Users: Increased risk of inadvertently sharing sensitive data externally.
• Security Teams: New vector for data exfiltration requires policy review.
• Compliance Teams: Potential for non-compliance with data handling regulations.
• IT Admins: Need to validate and enforce external sharing controls for Teams and SharePoint.

The Action

1. Review and enforce existing Microsoft 365 external sharing policies for SharePoint and OneDrive, which govern Teams file sharing.
2. Configure or refine Microsoft Purview Data Loss Prevention (DLP) policies to detect and prevent sensitive information sharing with external users in Teams.
3. Educate users on responsible data sharing practices and the risks associated with external collaboration.
4. Regularly audit external sharing reports in the Microsoft 365 compliance center to monitor data egress.

Domain: Teams · Impact: high · Workload: Teams