Microsoft Teams is unlike any other collaboration application you might have used in the past. It is the hub of all collaboration services in Microsoft 365 — right from channels, tabs, groups, voice, video, whiteboarding, rich presence, and persistent chat to file storage, guest users, and third-party application integrations. More importantly, it is still evolving, with protecting and securing its data proving to be no small tasks.
Amid the ongoing global pandemic, organizations have pivoted to cloud-based platforms like Microsoft 365 to help facilitate more immersive collaboration and ensure undisrupted productivity for a workforce that is fast adapting to remote working. Microsoft Teams itself has seen phenomenal growth in terms of both licensing and usage as it offers functionalities and applications that promise a better hybrid meeting experience.
As of October 2020, Teams reached more than 115 million daily active users who were generating 30 billion collaboration minutes per day.¹ This persistent collaboration is supported by a complex backend process that poses new, unforeseen challenges with a greater probability for security failures. For example, every time a user creates a new Team, a new security group with its members gets created in Azure AD. A hidden mailbox is created in Exchange Online to store the Team chats. If there is a private chat between two persons, that chat data is stored in the individual mailboxes of both the users. A new SharePoint site gets created for each new Team and each private channel gets its own SharePoint site.
Microsoft Teams connected sites
This complex ecosystem of connected Team and channel sites make it extraordinarily difficult to store, search for, and restore data.
6 critical challenges in Microsoft Teams data protection
There are several aspects to protecting Teams data. First, while it facilitates borderless collaboration, in today’s environment where organizations are facing multiple threats to their sensitive data, Teams greatly increases the attack surface by allowing web services to connect to channels and teams through connectors and webhooks. Second, the sheer scale of active engagement by users on Teams means that voluminous data is created in multiple formats and stored across Teams, Exchange, OneDrive, and SharePoint. Third, Microsoft deliberately designed Teams with an open permissions model – meaning anyone in your organization can create a Team, all Team members will have access to public channels, including chat messages, meeting content and shared files, and any third-party/guest user can access and upload files within the Team. Against this backdrop, let us look at some of the key challenges to protecting Teams data:
- Complexity: With chats, channels, tabs, voice, video, and more, data is generated and stored across a diverse array of applications. This makes data location, backup and restore complex.
- Evolving API support: The application programming interface (API) for Teams data backup is still evolving, with Microsoft not supporting certain data types. Until recently, voice and video content recorded and stored in Stream could not be backed up. However, Microsoft is in the process of changing storage processes and locations, adding functionality and removing some of these API-related bottlenecks.
- Accidental data deletion: There is a growing risk of users accidentally deleting/sharing confidential information, or providing backdoor access to unauthorized third parties via the platform.
- Data loss from ransomware and malware: Over the last several months, there has been a rise in the number of Teams-specific attacks as ransomware and malware can be delivered through a number of routes into the application. While Microsoft 365 Defender scans URLs/attachments in emails, those delivered directly to Teams chats are not scanned for malware.
- Compromised Teams profiles: Compromised Teams profiles pose an immense danger to organizations as these accounts provide legitimate access to confidential data. Microsoft does not make any assurances for recovering/restoring customer data residing within Teams and the broader Microsoft 365 ecosystem in the event of permanent data loss.
- Rule-based native data loss prevention: For data loss prevention (DLP), Microsoft offers only the following options:
- Rule-based detection methods (as against powerful machine learning techniques of third-party security vendors that use correlation, behavioral analysis, natural language processing/NLP, and anomaly detection)
- Incident management
- Remediation workflows
Teams data restore and retention limitations
Teams is built around the fundamental belief that communication and collaboration should be “open,” which is counter-intuitive to the best practices related to secure data governance. Most larger companies follow stringent policies regarding backup, usage, retention, and deletion of data. Data restore becomes especially important for organizations that need to adhere to security and compliance standards such as CCPA, HIPAA, GDPR, SOX, and FedRAMP.
Customers will need to have a Microsoft 365 E3 or E5 license to use Microsoft’s retention policies, which can be applied to chat and channel messages. In addition to these, many other links, messages, and file types can be retained for compliance purposes. However, this does not include code snippets, voice memos, thumbnails, announcement images, reactions from others in the form of emoticons, emails, and files used with Teams.
Though Teams data gets stored across SharePoint, OneDrive, and Exchange Online, retention policies configured within these applications do not automatically apply to Teams, which makes retention of Teams data a fuzzy process riddled with uncertainty.
Overcoming Teams’ native data protection gaps
Druva offers the speed, flexibility, and granularity to facilitate data protection, retention, and recovery. With Druva, Microsoft 365 customers can back up all Teams data within all channels, including all metadata associated with individual Teams, and user permissions.
Druva supports two different restore functionalities — in-place restore (to the same Team from where the data was backed up), and restore as a copy (to a new channel or Team). This allows for the simple restoration of the following key assets:
- Entire Teams
- Teams’ settings
- Entire channels or files/folders within a channel
- Message or post previews
- Wiki folders, including individual Wiki files within the folder
Overcome complexity and chaos
There are two critical pieces missing from Microsoft’s approach to data protection and governance for Teams:
- The platform supports user self-service for data recovery and admin-driven bulk restores are a problem.
- There is no data immutability – your data can be modified, deleted, or encrypted; I have heard customers say they have retention policies in place to counter this, but even then, retention policies can be modified, deleted, or intentionally disabled unless you have subscribed to Microsoft’s Preservation Lock.
With Druva, customers overcome the complexity of managing Teams data by:
- Gaining complete visibility of what data is being generated across this complex collaboration ecosystem, how it is being used, shared, stored, and modified
- Building context – the ability to identify and classify sensitive data for quick, targeted restores
- Surfacing all insights related to their data on a single interface for simple, automated management
Customers no longer need to worry about retention time or storage quota excesses, which would have previously resulted in permanent data loss. Built-in immutability and ransomware protection ensure data in the cloud is always protected.
As your organization evaluates its Microsoft 365 and Teams data protection strategy, take a look at these helpful resources: Microsoft Teams data protection white paper, or read the Teams Q&A blog for finding answers to your most common questions.
¹Microsoft, “Microsoft Teams reaches 115 million DAU—plus, a new daily collaboration minutes metric for Microsoft 365,” Jared Spataro, October 28, 2020.
²Microsoft, “Manage Teams connected sites and channel sites,” Holland Kaviani, June 16, 2021.