Microsoft Teams: Personal message reminders for chat and channels

🚨 The Signal: Teams now allows users to set private reminders on chat and channel messages. This feature is user-specific and includes message context, potentially increasing the risk of sensitive information being retained outside formal retention policies.

The Impact

All users are affected, with a low security risk related to data sprawl and potential retention policy circumvention.

• End Users: May inadvertently retain sensitive data outside official channels.
• Security Team: Increased complexity in identifying and managing all data retention points.
• Compliance Team: Potential for non-compliance with data retention and eDiscovery policies.

The Action

1. Review existing Microsoft Teams data retention policies in Microsoft Purview to ensure they adequately cover user-generated content.
2. Communicate to end-users about appropriate use of personal reminders, emphasizing that sensitive data should not be stored there indefinitely.
3. Consider monitoring for unusual data retention patterns if concerns arise about sensitive information being stored in personal reminders.

Domain: Teams · Impact: low · Workload: Teams