Microsoft Teams: Inline search in compose box

🚨 The Signal: Teams now allows users to search and insert files, chats, channels, and meetings directly within the compose box using @mentions. This change increases the ease of sharing internal content, potentially raising the risk of inadvertent data exposure.

The Impact

All Teams users are affected by an increased risk of accidental oversharing of sensitive information.

• End-users: Increased risk of inadvertently sharing sensitive files or chat content.
• Security Teams: New vector for data exfiltration or accidental exposure requiring DLP policy review.
• Compliance Teams: Potential for non-compliance with data handling policies if DLP is not updated.

The Action

1. Review existing Microsoft Purview Data Loss Prevention (DLP) policies for Teams to ensure they adequately cover content shared via inline search.
2. Assess sensitivity labels applied to files and chats to ensure appropriate protection for content that might be shared more easily.
3. Communicate best practices to users regarding sharing sensitive information within Teams, reinforcing data handling policies.
4. Monitor Teams audit logs for unusual sharing activities or policy violations related to content sharing.

Domain: Teams · Impact: medium · Workload: Teams