Microsoft Teams eDiscovery limitations: Content from external meetings not archived
No company can leave content out of their eDiscovery when they need it for compliance. Deploying the native Microsoft eDiscovery solution requires some attention to scenarios that are not covered and might generate compliance issues when validated or needed. This blog post will discuss all those current limitations.
So, what do we know about these issues, and what solutions does AGAT Software offer?
Table of contents
1- External collaboration in Microsoft Teams
To manage collaboration with external MS Teams users, Microsoft lets companies define which domains are allowed or restricted for communication through their External Access functions, also known as “domain federation”.
The configuration options for administrators are:
- Allow all external domains: the default setting in Teams lets people in your organization find, call, chat, and set up meetings with people external to your organization in any domain.
- Whitelist: you select which external domains you add to an Allow list, so external access is limited to them.
- Blacklist: Adding domains to a Block list so users can communicate with all external domains except the blocked ones.
- Block all external domains: You can also turn off external access completely in your organization, but people will still be able to join meetings through anonymous join.
In the next section, we will cover some scenarios Microsoft’s native eDiscovery won’t cover under some of these configurations, posing issues for compliance regulations and internal policies.
2- Limitations in Microsoft Teams
a- Joining external meetings through invitations
Scenario: the internal user “employee A” is invited to join a meeting hosted externally. For compliance purposes, the company needs to archive all messages from ‘employee A’ including those sent during the meeting.
When you choose to whitelist domains, users can still join any external tenants through invitations and the native Microsoft eDiscovery engine won’t capture the messages sent during the meeting since it is hosted externally. Therefore, ‘employee A’ will not be able to get the required content from the meeting he participated in.
b- Joining meetings anonymously
Scenario: a user from your company, “employee A” joins a meeting hosted by an external tenant using the anonymous join option, and your company has a requirement to archive all written communication.
The gap is that when users join anonymously in a meeting, all their written communication (messages in chats) and all the content they provide won’t get captured for archiving with Microsoft eDiscovery.
3- Ways in which AGAT Software deals with limitations:
SphereShield for Microsoft Teams has an Archive and eDiscovery solution with the ability to overcome these limitations.
1- If users join meetings externally
There are three ways SphereShield for Microsoft Teams can be used to overcome this issue
a- Capture meeting chat:
This feature is no longer only controlled by the admins of the organization who are hosting the Teams meeting. SphereShield for Microsoft Teams allows users who have joined an external meeting to also capture the meeting chats and keep them for future reference.
b- Blocking chat:
SphereShield for MS Teams allows organizations to block meeting participants from communicating during the meeting by setting rules to completely block them from the chat.
c- Guest Access:
Lastly, it’s important to note that MS Teams also has the Guest Access option to collaborate with external users. This means that someone from an external organization can invite one of your employees to be a guest to a Team, and they will be able to chat, call, and collaborate on files. With AGAT’s solution, you can prevent company users from accessing external tenants as Guests, choosing to set a company-wide policy or just for specific users, depending on your needs.
2- Content not being archived when joining meetings anonymously
SphereShield can help in three ways to address this issue. First of all, SphereShield allows the setting of rules to block users from joining meetings anonymously. Secondly, with SphereShield it’s possible to completely block chatting during meetings whether they are hosted internally or externally. Lastly, AGAT Software developers are working on providing a new and more effective option to help tackle this issue by blocking all meeting chats for anonymous users only.
4- Importance of archiving chats of external meetings
From all the gaps we discussed above, we believe the external meeting is the most important one to pay attention to, as it is the most accessible for users. Any user simply getting an invite through digital media will be able to join any meeting without an archiving solution to capture their communications.
All content from meetings can have crucial information you might need in the future. It is essential for companies to get all the content shared by employees in every situation and later search through it easily with a variety of parameters. This helps organizations make better audits and comply with regulations.
Contact us today to learn more about AGAT’s eDiscovery solution!
Category Post=> Archiving data for US regulations while complying with GDPR
=> Data Loss Prevention in a Remote Work Environment: Adapting to the New Normal
=> The Future of Information Barriers: Emerging Technologies and Trends