SaaS Security - Microsoft Teams

Avanan provides a full suite of security solutions for customers that use Microsoft Teams. Microsoft Teams offers different collaboration tools that allow employees and outsiders to  collaborate online. Avanan adds layers of security, privacy, and compliance not offered by Microsoft.

Avanan Cloud Security for Teams

Microsoft Teams is part of Office 365, a service that offers employees and external collaborators to chat and share files (as well as online meetings). Microsoft Teams provides some security solutions, but still does not provide other necessary security solutions. Avanan adds a layer of security that provides the following security features for Teams:

  • Data Leak Prevention (DLP): protecting text messages and files including images (OCR)

  • Malware Sandboxing: scanning of files for malicious content

  • URL Scanning: blocking malicious links within files and messages

  • User Behavior Anomaly: Identifying suspicious logins and compromised accounts

  • Remediation: Tombstoning sensitive data and quarantining malicious files and messages

  • End-user education workflow: notifying users on policy violations, quarantine requests and more

Scans are performed on the following communication scenarios:

  • file that was shared on a chat or on a team

  • message that was sent on a chat or a team


  • Monitor Teams files by scanning for Malicious files and Data Leakage (DLP).

  • Generate events on Teams malicious content.


Default Policies

There are 2 default Security Policies for Teams:

  1. Teams DLP: scans posted text messages for potentially leaked information, such as Credit Card and SSN.

  2. Teams Threat Protection: scans files loaded to Teams for malicious content.


The policies include an option to skip generating events on internal communication.


Supported Actions

  1. Tombstone of files and text messages

  2. Alert owner: sends an email to the owner of an affected file or message.



  1. Teams Admin access is required to complete the onboarding process.

  2. Required License: Licensed users of Office 365 E5/A5, Microsoft 365 E5/A5, Microsoft 365 Information Protection and Governance, and Office 365 Advanced Compliance can benefit from Communication DLP for Teams.




  1. Navigate to SaaS Apps and click Start on the Teams app.

  2. The Avanan platform then redirects the user to the Microsoft Online authorization page.

  3. Login using the company’s Microsoft Online admin account, and approve access for Avanan.



Service Configuration

It is possible to customize the tombstone messages, for both messages and files.

To configure the service:

  1. Go to Configuration > SaaS Apps, select Microsoft Teams, and click Configure.


New Policy Creation

  1. Navigate to Policy page.

  2. Add new policy by clicking on the + button near Teams.

  3. On “Choose Security” combo-box select DLP or Malware.

  4. Next.

  5. On “Mode” combo-box select protection mode (Detect and Protect or Monitor).

  6. Based on the policy type:

    • DLP

      1. Select the requested DLP rules.

      2. Choose if you want to activate the scans on internal files (not shared with external users).

    • Malware

      1. Select the tools you want to activate in the scan.

  7. Activate the Tombstone File action, if you want to tombstone the detected files.

  8. Click “Save and Apply”.


Stop Teams protection

  1. Go to SaaS Apps and click Stop on the Teams app.


Forensics and Analytics

Teams detections are recorded as events for forensic and auditing purposes. The events types depend on the policy type that created the event. For DLP the events include what type of sensitive information was potentially leaked (PII, HIPAA, etc.).


Avanan Teams dashboard presents statistics on the different aspects of the service protection, including the number of scanned messages and files.