As with all internet delivered services, the most important question to ask is “Am I protected?”
Consuming cloud products, particularly a collaboration service, presents more questions of “Where in the world is my data… physically”?
Understanding your Office 365 data sovereignty from a geographical and Microsoft SaaS point of view in critical for any IT security and Compliance Officer. This blog is part one of a two part series and will help you understand how to gain insight into identifying where your Microsoft Teams data resides.
Microsoft Teams Sign-In and Data Sovereignty
Microsoft Teams follows the standards of ISO 27001, ISO 27018, SSAE16 SOC 1 and SOC 2, HIPAA, and EU Model Clauses (EUMC). Teams leverages SSO (Single Sign On), MFA (Multi Factor Authentication) and data encryption (in transit and at rest) to the very least with SharePoint and OneNote offering their own encryption protocols. Microsoft Teams supports Conditional Access as a separate cloud service in Azure Active Directory. Conditional Access policies that are set for Microsoft Teams apply when a user signs in. However, without the correct policies on other apps like Exchange Online and SharePoint Online, users may still be able to access those resources directly. So, where does your business data reside in Teams? That all depends on which data you’re actually auditing as Microsoft Teams has ties into Exchange, Stream, Office 365 Groups, SharePoint and OneDrive for Business. The below table provides an overview of where your Microsoft Teams data resides within the varying Microsoft SaaS services.
The following figure indicates the ingestion flow of Teams data to both Exchange and SharePoint for Teams Files and Messages. You will notice that Microsoft’s Security and Compliance covers the Exchange and SharePoint properties of Microsoft Team, specific to eDiscovery, Legal Hold, Compliance Content Search, Archiving, Retention and Audit logging.
But what about Geographically? Okay, so it’s in Microsoft’s Datacentre… But where? The physical location of your Teams data will be established based on your region – which is especially important if you live in an area with stricter data security regulations than other regions e.g. China. Teams currently supports regional data allocation (using Azure) for users located in the Australia, Canada, France, India, Japan, United Kingdom, South Korea, South Africa, Americas, APAC and EMEA regions. Australian has four Microsoft Data Centres.
|Australia Central 2||Canberra|
|Australia East||New South Wales|
|Australia South East||Victoria|
To see where your Microsoft Teams data is located in your Office 365 Tenancy, head to the Microsoft 365 admin centre > Settings > Organization profile and Scroll down to data location.
Join us for part two of Microsoft Teams Security where we dive into management of key security features within Teams such as policies, guest access and channel security.