Block File Sharing: Prevent Information Leaks in Microsoft Teams

In this blog, we will answer questions on how it is possible to block file sharing in OneDrive and Sharepoint, the core  of the Office 365 cloud for companies

  1. Introduction: What are OneDrive and SharePoint? What are their differences?
  2. Compliance and security issues emerging from OneDrive and SharePoint usage
  3. The limitations in the existing solutions, Focus on Information Barriers
  4. How to block specific users and groups from file sharing in OneDrive and SharePoint

A small piece of advice: If you are just interested in blocking specific users and groups in MS OneDrive and SharePoint click here to skip the first part of the article.


Microsoft OneDrive and SharePoint are easily confused, while the 2 fulfill the same function of being the cloud storage offered by Microsoft, both have some differences and it’s worth noting them.

OneDrive tends to be used more for personal private documents SharePoint is a central location for managing files for a group of people that can happen within Teams, Yammer, and Outlook or directly in SharePoint as a file management system. SharePoint also can be used for designing sites with or without documents

OneDrive and Sharepoint in Teams

Inside the MS Teams environment, OneDrive and SharePoint play 2 different roles that can be noticed.

OneDrive handles files in personal and group chats or in the Files Tab while SharePoint handles files that are sent in channels, chats, or posted in their respective Files Tab

This difference although technical will play an important role when having to deal with file permissions on these platforms

Compliance and security issues emerging from OneDrive and SharePoint usage

Let’s take a look at some of the most common problems that emerge with OneDrive and SharePoint.

In a simple scenario, let’s suppose we are dealing with 2 teams at the company: HR and Finance

The HR department may be handling documents with sensitive information: Payroll, employees’ private information, medical records, and the like.

Companies are aware of the issues of not controlling Private Information (PI & PII) that can result in regulation breaches or major data leaks. This is why, for example, an organization would ideally like to prevent anyone other than  HR employees from accessing that information.

Another example may be the finance department not being able to share information with a specific team, like the stock research departments (see our article on Finra for more information on this kind of policy) or company policy that does not allow any finance document to be stored in the cloud.

Basically, any information that has to be controlled between a team or more, or any information that can’t leave a specific team represents a serious threat when using OneDrive and SharePoint

The limitations in the existing solutions, Focus on Information Barriers

Once I was told that the definition of a system is that, any good or even a great system can collapse. For example, a building has a specific number of elevators, but if everyone is in need at the same time, that system collapses.

The analogy can be applied to our case in Microsoft Teams, while there are some solutions such as Information Barriers that address blocking people and groups from communicating, it doesn’t completely prevent them from possible threats and risks..

It is important to note, it only takes a matter of seconds for an employee to share OneDrive and SharePoint files externally without the organization being aware 

How to block specific users and groups from file sharing in OneDrive and SharePoint

Companies that are interested in controlling file sharing and access in OneDrive and SharePoint can check at SphereShield for OneDrive SharePoint.

SphereShield works in real-time, meaning it will not allow, for even a second for the shared file to be seen or noted. What is more, its granularity allows for unlimited policies to be set with different employees or groups.

AGAT’s compliance product addresses problems like

-Preventing specific groups (like finance) from uploading files to SharePoint or OneDrive (and MS Teams through SphereShield Ethical Wall for MS Teams).

-Limiting a specific group from sharing with any other group or any specific group.

-Blocking 2 teams from sharing files with each other.

SphereShield for OD & SP contains a governance feature that allows assigning policies to any SharePoint site inside the company. These policies are designed to determine which groups are allowed to be members of which sites.

Eg. prevent the finance group from accessing the SharePoint site of the HR group.

If you would like to learn more about SphereShield contact us today to see a live demo from one of our experts.

User case of blocking groups while still allowing them to meet together.

Exceptions of specific sites allow people to communicate.


Microsoft TeamsL: DLP Limitations

If you’re looking for additional software protection, this video blog is a great resource.

Microsoft Data Loss Prevention is feature-rich and widely used. We’re not talking about Microsoft’s Data Loss Prevention add-on for Microsoft Teams for the first time. When your business users are guests in another company tenancy, their data is not reviewed. As a visitor, an employee from business A interacts with an employee from company B.

While a visitor at business B, an employee from company A will be able to transmit messages or files that violate the company’s DLP without any restrictions. When your company’s users meet with other firms anonymously, MS DLP does not check the data. This implies that if a user attends an external meeting, the native Microsoft Data Loss Prevention will not be able to manage it. Although DLP infractions inside the organization are already significant, breaches to other companies will be far more damaging.

Please contact AGAT Software for more information
Write us an email at:
And don’t  hesitate to contact us !




Interfaz de usuario gráfica, Aplicación

Descripción generada automáticamente


1. Most common information risks during external meetings.

2. Information Barriers and complying with regulations (FINRA, MiFID II, HIPAA).

3. How do Information Barriers work on Microsoft Teams?

4. Capabilities and Limitations of the Information Barrier in Microsoft Teams.

5. How do you address risks when communicating externally?

In this article, we’ll talk a bit about how our Information Barriers can help your company during external meetings to avoid information leaks.

Most of the network security challenges are nothing new. What is new, however, is that the reality that the users, systems, and information teams are trying to protect is, in many ways, no longer under their control. Users are calling the shots, and network teams don’t see it happening. This type of situation, which most organizations are experiencing, is riddled with risk.

Experiencing a breach, or receiving a fine for non-compliance, can be a huge blow to the upstanding reputation your brand has worked hard to build. Both customers and industry peers will have doubts about doing business with your organization for years to come, and at AGAT we would like to help you avoid that.

Most common information risks during external meetings

  • Leaks of information: The first risk is a leak of information avoiding traditional network security technologies, such as firewalls and intrusion prevention systems, through files shared, video and audio interactions, or even chats.
  • Password sharing: Users share passwords among websites and other users especially when personal devices are involved.
  • Software: Software that is installed on computers, tablets, and phones may violate an organization’s security standards and put sensitive information, VPN connections, and more at risk.
  • Personal devices: Laptops, tablets, phones, and other devices may not be encrypted and, therefore, could expose corporate assets and network connections.
  • Screen Sharing: When sharing the screen, other users can see your screen and watch your activity in real-time which can unintentionally show private information on the screen like passwords, projects names or client names, and other sensitive data that you would like to avoid sharing.
  • Vulnerable backups: Another risk is the data that isn’t backed up or is being backed up to vulnerable or unsupported media, such as USB hard drives and consumer-based cloud services.
  • Phishing attacks: In addition to the above risks, teams also increasingly face phishing threats and related attacks, including smishing and vishing.

Combine these issues with all the distractions of working from home, and enterprises have a formidable security challenge on their hands.

Information Barriers and complying with regulations (FINRA, MiFID II, HIPAA).

Is critical for businesses to understand how they can establish the information barriers in communication platforms so they can prevent data loss and comply with regulations. Negligence can be reduced with the right policies to proactively restrict and monitor employee activities for unethical or risky behaviors. This makes it important to comply with legal and commercial rules that are constantly changing and becoming more complex.

Blurred-businessman finger touch padlock protect icon,and virtual screen interface,protecting data personal and network information,cyber security technology with data protection privacy concept

Regulations such as Europe’s MiFID or the USA’s FINRA state that financial services organizations must have an “Ethical Wall” in place to restrict communications between people with conflicts of interest. 

HIPAA compliance is more important than ever, and the Ethical Wall exists to protect the privacy of individual health information, while at the same time allowing covered entities to adopt new technologies to improve the quality and efficiency of patient care. 

Although it started as a common practice in the financial services sector, the concept of Ethical Walls also exists in other areas such as call centers, journalism, law, insurance, and computer science.

How do Information Barriers work on Microsoft Teams?

As you might be aware, not every Information Barrier solution for Teams, Webex, and Slack out there can work in Real-Time, and what is more, many DLP’s fail to prevent your employees from sharing sensitive information with external companies.

Microsoft’s Information Barriers policies don’t work for federated users: If you allow federation with external organizations, the users of those organizations will be able to communicate without any restrictions. This means if users of your organization join a chat or meeting organized by external federated users, then Information Barriers policies also won’t restrict communication between users of your organization.

AGAT’s Ethical Wall and DLP are the only solutions in the market that offer Real-Time Information Barriers for Teams, Webex, and Slack.

What is more, AGAT’s Ethical Wall offers flexible control over which internal groups can communicate with specific external domains. This means that you can federate with a domain partially, and only allow communication between specific groups. In short, our Ethical Wall offers the following features:

  • Granular control is offered based on groups, domains, and users and applied dynamically based on the context of the communication
  • Policies can also be applied to flexibly control the types of communication such as direct messages, file sharing, screen sharing, audio, and video
  • Policies can be applied to chat, channels, and meetings depending on participant type (employee, external, or guest)
  • What is more, it works in real-time to comply with some of the strictest regulations such as FINRA, MiFID II, and HIPAA.

Capabilities and Limitations of the Information Barrier in Microsoft Teams.

Microsoft Information Barriers works by blocking files, and messages and adding team members using customizable filters such as department, alias, and email address. Many custom filters can be set to manage the policies.

As for Information Barriers and limitations, these are the general aspects:

  • Policies can only be set using PowerShell. No UI. It can be very difficult for a compliance officer to use.
  • No control of communication with the external domain during meetings.
  • No control over external users and guests.
  • No auditing of blocked operations that can assist in training. 
  • No notification for compliance admin.
  • No granular control of specific operations such as screen sharing.
  • Policies can be set only to either block files or messages. There is no control over functionalities such as audio, video, and screen sharing.
  • If previous address book policies are present, they must be deleted before configuring.
  • Policies can take several hours to apply after configuration.

As for users that want to know how to overcome these limitations and gain extra functionality from the Information Barriers, we recommend checking out SphereShield Ethical Wall for Microsoft Teams.

SphereShield Ethical Wall for Teams is a solution that provides organizations with the ability to control information flow in Teams using granular policy controls, including restricting the communication type (audio, video, or chat messages) between specific groups of users, as well as restricting communication with external contacts. In addition, the solution offers extensive auditing and reporting capabilities to give compliance officers complete visibility into Teams communication.

How do you address risks when communicating externally?

When it comes to phishing, malware, and data leakage, Microsoft Teams is no exception. When you’re not actively using Teams or are away from your computer, Teams will send an email notification containing a link to the missed message. Threat actors can exploit these Teams features to launch phishing attacks using malicious code.

The guest access functionality in Teams could also lead to data leaks and unauthorized access. For instance, sharing files with external users or guests through channels even when it is no longer required, or continuing to provide access to Teams even after the meeting has ended, could result in data leakage or the visibility of confidential files.

Microsoft also allows third-party apps to integrate with Teams to enhance the platform’s experience, which expands the attack surface. However, these apps could also be potential entry points for unauthorized access.

Side view of beautiful positive man dressed casual sitting at dining table in kitchen and having video call over laptop with his girlfriend. on table next to laptop are glass of water and coffee.

AGAT offers a Real-Time DLP and Ethical Wall solution that will back up your information, and support audio, chat, and video during meetings using OCR to avoid data leaks even orally. Also, our DLP can limit certain file types (eg: .exe .zip) from being shared while communicating with internal and external users. Our Ethical Wall covers both, internal and external communication, so policies can be created allowing one internal team to talk to outsourced employees while blocking all the other teams.

What is more, it works in real-time to comply with some of the strictest regulations, such as FINRA, MiFID II, and HIPAA.

Contact us today to see how SphereShield can help in security, compliance, and governance on your Unified Communications platform (MS Teams, Webex, Zoom, Slack, and Skype for Business).


Get a Free Trial

Sign-up for a free trial and demo with a AGAT expert