lack of retention and controls for users when they guest into other tenant
When our Teams users guest into another company's tenant, our tenant doesn't capture the eComms for private or channel chats and channel files viewed, edited, or shared which could present compliance, retention, auditing and legal issues.Retaining that data , providing audit logs showing who guested into which tenants when, being able to disable our users ability to guest into other company's tenants and being able to configure whitelists of allowable tenants for our users to guest into along with graph apis for pulling the captured retention data is a must have,
Note: We do not require a copy of another company's retention data. There should be no concerts around GDPR or data transfer here.
We want to maintain a parallel copy of the conversations our staff have with external parties. Much like we have a “sent items” folder for email comms, we need to have a sent messages record for our regulated users using Teams client with company IDs on company PCs. This record would be 100% independent of the other parties o365 retention data.
This is a problem in regulated firms where flow of information must be managed and business comminications must be recorded (for investigations)
There is Audit event in AAD logs when staff accept invite to another tenant: App name is : Microsoft Invitation Acceptance Portal
But can't filter this with Conditional access policy.
Considering blocking the URL: invitations.microsoft.com (but mobiles...)
At least enable us to block if the communicaitons can't be recorded.
I strongly caution any regulated firm from using Teams until this DLP issue is resolved.
Osayawe Ogbebor commented
John Tullo's comment above is my current frustrations with Teams. It is completely flawed with regards to that. Microsoft support Engineers are very bad with their response of "its by design"
Brad Knight commented
This is a huge DLP issue that needs to be dealt with. No regulated firm should be using Team cause of this.