Microsoft Teams: Chat Notes

🚨 The Signal: Microsoft Teams now includes 'Chat Notes' for real-time collaboration within 1:1 and group chats. This feature introduces new unstructured data storage, increasing the risk of sensitive information sprawl and potential data exfiltration.

The Impact

All Teams users are affected, increasing the risk of sensitive data exposure and non-compliance due to new unstructured data locations.

• End Users: Increased risk of inadvertently sharing sensitive data in unmanaged notes.
• Security Team: New data storage locations complicate data loss prevention and eDiscovery.
• Compliance Team: Challenges in maintaining data classification and retention policies.
• Admins: New vectors for data sprawl and potential exfiltration via unmanaged content.

The Action

1. Review existing Microsoft Teams data governance policies for unstructured content.
2. Assess Microsoft Purview Data Loss Prevention (DLP) policies for Teams chat content.
3. Communicate updated data handling guidelines to end-users regarding 'Chat Notes'.
4. Monitor Microsoft 365 audit logs for 'Chat Notes' activity and content sharing.

Domain: Teams · Impact: high · Workload: Teams