Surely people are gradually getting back to their offices and meetings have started to take place in person. Just imagine, during the lockdown period, you must have conducted a bunch of meetings that had confidential things being discussed. What if the data ever gets leaked and falls into the wrong hands? What if falls in the hands of your competitors and sensitive information gets leaked and they make the move ahead of you?
You need to have a policy set in place which blocks external sharing of data and prevents data leaks. This is where something like DLP comes into play.
Microsoft Stream, launched in 2017, was the source where all Teams recordings used to get stored as soon as the meeting ended. At Ignite 2020, Microsoft had made an announcement wherein they said that now tenants can opt to use OneDrive to store the latest recordings. Then 3 months later, it was announced that all recordings will be now stored in OneDrive unless the organization chooses to continue using Stream. But in August 2021, all tenants were switched and the latest Teams meeting recordings will now be stored in OneDrive even if the organization has set to Stream.
All recordings will now be explicitly stored in OneDrive for Business and SharePoint Online. As for the Microsoft Stream links, the links will be completely redirected to OneDrive and SharePoint Online.
The whole idea behind Microsoft is to make everyday work seamless. Although Stream was created with the purpose of users being able to create, upload, view, store, and manage video files. The issue with Microsoft Stream was that it does not integrate well with the other M365 apps and used to get stored separately.
This is where Data Loss Prevention (DLP) comes into play.
DLP detects sensitive information through deep content analysis. Even while the analysis is going on, it won’t affect the work of the people who are currently working on the content. In short, it protects confidential, sensitive data to reduce inadvertent risks and prevents users from sharing data and files with people who shouldn’t be having it. DLP Policies are stored and synced to OneDrive for Business, Exchange Online, SharePoint Online Sites etc. Once synchronized, it can block sharing of data and Teams recordings (in this scenario) with people outside the organization.
When creating policies, choose the locations to apply and then create rules where the condition is defined in the form of sensitive info types and then you can choose to encrypt the file, remove it etc.
The rule looks for any file with the property value ProgId:Media.Meeting that is shared with someone outside the organization. The rule action blocks sharing the data or file with people external to the organization. In the below-attached image it shows what the rule conditions look like. Optionally, the rule can allow users to override the block by justifying explaining why they need to share a recording with an external person.
|# Connect to Teams and update the meeting policy
Connect-MicrosoftTeams -Credential $O365Cred
# Update the Teams meeting policy for US employees so that their meeting recordings are stored in OneDrive
Set-CsTeamsMeetingPolicy -Identity “U.S. Region Workers” -RecordingStorageMode OneDriveForBusiness
Once you’ve created the DLP Policy, it’ll take up to an hour for it to come into effect. Also keep in mind that once a meeting has ended and a recording is created, it’ll take a few minutes for the new file to get encrypted. So if somebody shares a file before the encryption is in place and shares it with any external party, it is possible for them to view it but as soon as the block is in place, the link shared previously will get nullified.
We keep uploading new blogs every week on our website- keep an eye out for those.
Lastly, if you need help with more such IT Solutions, feel free to reach out to us. We’ll be happy to resolve your queries.