Up next in 10
Sharing and Securing Content on Microsoft Teams by Adnan Amin || Lightup Conference
4K views
Nov 16, 2023
If you want to learn about customizing security in Microsoft Teams and its content then this session would be helpful for you. In this session I will share different Tiers of Microsoft Teams security and also customization of security for Microsoft Team and it's associated SharePoint site protection to protect the secure content with ease of collaboration. Conference Website: https://www.2020twenty.net/lightup #lightup #2020twenty
View Video Transcript
0:00
Hello everyone. Good morning
0:02
Good evening. Good afternoon. And if you are joining from New Zealand
0:07
or Australia then it's good. Good morning for you and for me
0:11
it's right now it's midnight, so I and I welcome you all to my
0:16
topic on light up light up on this light of virtual conference on sharing
0:20
and securing content on Microsoft Teams. And but before that I just want to
0:26
show that because the light up have is coming up with a fantastic concept
0:31
of donating supporting UNICEF for the. For the cause, so especially on during the COVID-19
0:37
to save children's so do participate in this one and also thanks to all
0:43
those other sponsors who who are supporting this event to make it possible
0:50
So it's very thanks to them also, and especially C shop corner and the tech
0:54
platform who are the organizers. One of the organizers and the do take this screenshot of this screen and at the end of session you can share the feedback about me
1:05
and also about the event so that we can make it more better in future and now an overview about
1:13
me that my name is Adnan Amin and I'm a senior Microsoft consultant at PCM which is acquired by
1:19
Insight. Insight is a Fortune 500 companies and I having over 15 years of experience of working
1:25
Microsoft technologies. I started my career as a developer back in 2004 2005 and working on SharePoint for past 11 years
1:34
and working on Microsoft Cloud Server technologies for almost five or six years. I'm a Microsoft MVP since 2015 and I'm
1:43
also a Microsoft certified trainer for 2009. I'm MVP on for Office apps and services and earlier my core area of
1:51
Core area of expertise was SharePoint and I was also MCT regional lead for Pakistan for almost five years
1:58
from 2012 to 2017. And my favorite topics on which I usually speak
2:05
or SharePoint and I really love to work on our migrations, PowerShell, scripting, Microsoft Teams
2:12
custom development on SharePoint and and being an MVP and and expert on working on modern technologies
2:24
I am a technology evangelist and blogger at MSACtalk.com and speak at various events in local and also right on
2:32
I'm participating in various event virtually on online events and also a community contributor
2:39
community contributor on different tech forums. You can reach out to me on my Twitter on my
2:45
Yeah, my blog and also on my YouTube channel, which I recently started and I will be sharing all
2:52
these details which I am discussing today in more deeper way on my YouTube channel because we do not
2:58
have provision to complete all the services on one session because it could take couple of hours
3:04
So I will be sharing all those details on my YouTube channel. So let's start
3:10
So what we will be discussing today? I will give you an overview about security
3:15
which is available on Microsoft Teams because this is one of the key area for any application
3:22
especially when we are living in a world of data. We know that we need to keep everything secure and how to
3:29
manage it and how we can and can share it with the specific peoples
3:35
especially when we have secure content and some content for the public public use
3:40
How to manage those things? I will be sharing all these details with you today and then
3:45
if you already have worked on teams or not, this could be very beneficial for you
3:50
That way I will tell you that what are the public different type of teams which we can create
3:56
What is the difference between them? And I will also walk through through it on Microsoft Teams
4:02
by creating teams. Then I will allow you guys access because it's a possibility
4:08
that there are users in your organization who are or who are using teams
4:13
but there could be some other users who are not part of your organization
4:17
and they are participating in. They want to join some of the meetings
4:22
or some do some contribution for your company like for one of I want to join the team
4:30
of my customer or I'm joining them as a vendor. So whatever the case
4:35
if I give you example of this conference, I'm joining this team as a guest user
4:41
So how we can allow guest users for teams and some organization do not allow guest users
4:46
so I will be sharing those details with you and also. Customizing this permission
4:52
Now here comes the permissions that whenever there are few things that when you create a team
4:59
and all the members have all the members of the team, either those are external users or or from your organization
5:06
they all will have the same access, same contribute access or membership access
5:12
They can modify all the content and can view all the content. So how you can secure them that content also
5:19
And. Then I at the end, I will tell you about some of the key areas of
5:26
managing security in Microsoft Teams, which are some enabling sensitivity labels on on
5:34
the organization and how we can restrict gas access and the on sites and down gas
5:41
access and also secure risk user access on secure content on documents
5:47
which having NPA data or social security numbers, things like that. So that would be very interesting
5:55
with how we can create policies which could be applied on the teams
6:01
So before that, I would like to. I like that you can
6:06
you all can submit this fill in this survey because this will be very
6:11
helpful for me to get your feedback at the very start so that I can
6:15
understand it and I can understand the audience level. I'm also copying this on my chat. Wonderful
6:36
I just also copied it on the chat, so if you can on the question
6:41
answers in session so you can just go there and fill up the survey
6:49
And why I need this. I need this to verify that what is
6:54
the level of the audience which were joining the session so that
7:00
I can go accordingly. It will hardly take one minute for you guys
7:16
So you guys are quick. And why I went for this survey I am I doing this away because because because before that when I was speaking to any public event we will interact with the audience directly
7:37
but now due to COVID-19 I do not have. I do not know that your experience
7:42
on how I can interact with you. So these service are very useful
7:45
If you are going to speak in any future event, you should be using these sort of
7:50
these sort of service to engage the audience with you and also get
7:54
from them on various locations. So now I have to. This one snow
8:04
So everyone have obviously web tenant that's very good so. Yeah, so all are having good access
8:13
on understanding about Microsoft teams and SharePoint. So all having administrative access
8:20
that's good. So good to know that the almost all having the very good
8:28
expertise on the teams already. So more are so that would be a good interactive sensation then
8:39
So I'm going back to the slide now. And. They will just need the permissions
9:11
They will ask you to join and they can join the teams and they can see the teams on your site and
9:18
And the private teams are those where user need access and organization your site and team owner can
9:27
inspect can only add the members to the team and those members can be from your organization
9:32
or can be external users which we call as guest users. And the third one is organization wide users
9:39
It means that an every user in your organization will be automatically will be added to that team
9:45
Either that could be an external user or part of you or part of your organization
9:50
Then all those will be automatically added to the teams and the
9:55
We can enable and disable on the gas access from for the team from the organization setting of Office 365 tenant
10:04
And also from team admin tenant as you already have expert experience of working on teams
10:09
So you you already know most of you already know that how to
10:14
manage these things. And then allowing specific organizations for guest access and you can also restrict organizations that which only
10:22
which organization will be allowed to have guest access. You can specify the domains for those organizations and set
10:30
those domain. no one will be allowed on your organization as an external user
10:35
This could be restricted from especially from the SharePoint site that you can verify you can modify them
10:41
You can apply these things and the last one is. We see using security labels
10:47
sensitivity labels. You can easily secure your sites, your teams, you can specify the policies that
10:55
which teams could have. Could allow guest access and access could allow sharing and within documents you can also
11:05
specify that which documents could be viewed by the guest which could be viewed by the
11:14
By the team members which team members are allowed to view and
11:18
either they are allowed to copy the content or print up printer documents and how they review the document like they
11:25
can only view document on web or they want to or they can view
11:29
on their client applications and we can also manage the sensitivity labels in a way that the documents can only be
11:39
viewed on managed devices. Managed devices are those which are linked with your active directory on Azure Active
11:47
identity like in Tunes you have already all those devices are registered like your smartphones or your laptops or tablets
11:56
tablets and any device which is not registered with your network, the document will not be open on that one. I will show
12:04
before you about that one because I already have prepared my demo environment for that purpose so that we can. We can
12:11
also have a quick walkthrough on that one. And one more thing which I will tell you had the customization
12:17
which I mentioned earlier that how we can customize the security because if you already have experience of on SharePoint
12:24
then it will be very easy for you to understand that how you can
12:28
especially customize the security on the document libraries on the documents and can restrict user access on certain areas
12:38
And let me move to next that now what I will do that I will walk through that
12:44
how we can create the teams and what action and how we can customize the security
12:50
Let me check what will be the next one. OK. So now I'm going to
12:56
So there are multiple ways for creating teams and. If I if you go to the
13:06
I'm just going to my you can go to the team admin center from here
13:10
And also you can open teams at Microsoft dot com. Like if I go from it
13:18
it will open the team application. But I'm already connected to this meeting to teams
13:25
so I will open it in browser instead of the client application. So here you can see that my team is connected here
13:35
And there already if you this is a team admin center. I think also create team from here
13:43
direct from here that I will go to manage teams and can create a teams from from here
13:47
But from but this is this view is only available to the team administrators
13:53
not to the normal users so they can go to they can go here and
14:17
You can see here there are already two teams which I already have created
14:21
And one more thing if you see here when I create a team because I
14:27
And here on previous screen. You you can you can create a team
14:33
with specific template where you can define already have defined. For example
14:37
if I tell you about the example of a classroom, for example
14:41
if there's a cloud gates, I already have created a team Team template for gate 6 where I have defined all the all
14:50
different channels with channels. I can recall call as subjects where different users have permissions or main users are already added to next time instead of recreating all that that thing I can use the templates
15:06
But now right now I'm going to create a team from scratch and because
15:10
I already have enabled sensitivity labels on my on my demo tenant
15:15
so I will not have option to select anything directly I need to select
15:21
one of the seven sensitivity level And here few of them are already here and I will tell you
15:28
details about them later on that. What is the purpose of this one and how I'm using them
15:34
But let me tell you that if I'm selecting this one, it will only allowing me to create private teams because I
15:40
I I configured it in a way that it will only allow to be
15:45
created private teams only. Like I already have given some description on this one for
15:51
the level for private teams, for private teams and for internal and guest users
15:56
So this will also enable only private teams. This will allow level for teams and internal users
16:03
with no file. This is a different one. And if I enable this one public internal
16:10
it means that this will be for the public. Anyone from the organization can join
16:16
And the last one is anyone within your organization Can automatically will automatically will be joined
16:24
so I'm creating one the public one. And naming it as. Light on
16:36
In green. So it will create it will create the team and
16:48
Start working on the on creating that. Creating on the SharePoint site at the back end
16:58
I'm adding a user here with Alex. As admin user. And. And I am also adding a guest user
17:16
So here you can see that I can. I do not have option to add a guest
17:20
user because it is configured in a way that it is not allowing a guest user
17:32
You can see it saying that I am unable to match the account so
17:39
I'm just creating a team here. Adding these users. I'm assigning one as their owner
18:14
Let me. Sorry for because I have to select I think private Internet
18:28
This could happen on Lydermos because I created it through this big and I have because of the similar names
18:41
Yes. Here you can see that I can add the guest users here
18:53
Because I already have added myself as a guest user, so you can see here that because of the sensitivity
18:58
label it blocked my access on other teams, but now it allowing the guest access here
19:04
and I haven't specified any of the restricted by domains, but it can be restricted that only
19:36
Let me move on also on slide that what's next from there
19:42
So we went to the. And meanwhile, we are going to
19:53
For this one, I will also show you that we will get the guest access here
19:59
The documents here. I will show you that how we can define the guest access for the organizations
20:06
So there are multiple ways to enable gas access for teams for
20:10
offices to their groups or SharePoint sites. So one of the way is one is that
20:15
you go to the organization settings. And from teams here you can and it is
20:23
also required when you are applying sensitivity labels that you already have configured gas properly because
20:30
they are there are few of the settings which need to be conquered properly. Once
20:38
These are configured properly, then you can you can work on sensitivity
20:43
labels and create them and it is not. If your organization policy is not
20:47
required and guest users, then you do not need to configure the guest guest accounts
20:54
So I'm going to Microsoft Teams here. You can this can also be modified
20:59
from the team team organization setting. I will show you also you need to
21:04
enable the allow guest users in teams. This is the company wide company
21:10
wide settings and also you can. I love. I'm here on the organization
21:17
setting on Office 365 admin center. And here on the office district groups here
21:27
I also have added that lack group owners to groups. We need to enable this option
21:39
And this also is in setting for SharePoint on this page. Where you can also enable guest users from directly from here
21:51
And here you can. I have selected the option that the new and
21:55
existing gaps that there could be new guest can join the the shape on site and there could be
22:01
new the existing ones and one more thing. If you go to teams
22:06
On team channel, you have the organization setting options available. I am on team admin panel here
22:12
You can also enable the gas access. Allow gas access here and there are so
22:22
many other settings which you can configure which could be discussed in some other sessions And similarly if I go to the SharePoint admin center for the organization setting if this is the SharePoint organization I will go to the sharing setting on the policies
22:40
And here we can define what access I want to give to SharePoint and also for the OneDrive
22:47
We need to keep the policy same throughout the organization so that it will not make any mess
22:55
And here on the more external settings you can by default it
22:59
is selected to the to this option. By default it is selected with this option that allow guests to
23:10
share item they don't create. So you need to remove this one
23:14
You can select this one. This option that you want to allow
23:18
and get access on your SharePoint sites and also if you want to
23:22
any specific domains. You can also define security the domains here. Even you can create the security groups here
23:31
This is for the security group. So the above option is for the domains
23:35
Where you can add domains here. Allow. Like I'm I'm going to allow MS check top
23:43
Dot com. It will allow MS check top. On the allowed list you can see here
23:52
I can also add this couple of domains which I do not want to allow
23:57
And these are required when you want to make sure that no one can be added
24:02
from any other XYZ domain. Now I'm going back to the. Teams here which I have created
24:18
Is that team? So I'm going to SharePoint site
24:34
So here you can. OK, now I am on teams and this is the view of Alex
24:41
You can see here Alex and see all the teams because I have I have added Alex as a owner here
24:47
You can see the view of. Of Adelie. She is also on a hair
24:58
Let me just refresh the page here. To make sure that she is logged in
25:03
So she can see the recently created teams where I I added her
25:08
I added on on this one and. Lightning team green. And this is the guest account
25:17
which I have created and here you can see the. Guess user and from guess user I can
25:24
also comment something. So what I will do now if I go to SharePoint
25:31
site, SharePoint security here. I have the option to customize the security for the team also because so
25:40
why this customization is required? Because with the start of COVID-19 I
25:44
got couple of queries from different institutes where we have just as a
25:50
to make the only learning possible. We created the steam sites for them
25:55
so that they can get maximum maximum things from them. So the challenges which are teacher
26:01
because right now we are the technical people and we know that how we can
26:06
manage things but for the non technical users for the end users how they
26:10
can get the benefit of these things that they had the requirement that
26:14
they have a few teams which they they want to give access to users
26:18
but they don't want to allow users to modify any of the
26:22
content, any of the document and they were. There were also teams
26:27
which like so far students that student can only upload content on their folders only
26:35
The teacher teacher don't want to create separate channels for the for each of the student, but they want to make sure that
26:44
the student don't go to other other students folders and can submit assignment to their channels
26:50
So how we can manage these things? If you check this on teams
26:54
it could look tough, but if you go to the SharePoint site
26:59
it would be and you have if you have the expertise on SharePoint site
27:03
and security management that it would be very, very easy and could have
27:07
very interesting output. So I'm going to SharePoint site now. Opening it in SharePoint
27:15
Look what I will be going to do. I'm going to do site security
27:23
site permissions. Instead of site permissions, I'm going. So if you go to the site permissions
27:30
you will see that. I went to advance. Here there are two security groups which are added here
27:43
One is I think this one having. I think I haven't added the
27:50
Honor here. Just a second. Sector administration group
28:23
So I'm going to the members group here. You can you will see all the all the
28:27
guests account and all the editors in this member group. If I remove this group from here
28:36
Will there be any change for the Alex? No. If I refresh the page for Alex here
28:44
if I go to Alex page. Alex and type in. But. If Alex, I go to move to files
28:57
Alex and see all the files here, whatever the files are uploaded here
29:01
and let me also upload two files here so we can have some better understanding
29:08
And Alex and also viewed wiki wiki portion here. There's nothing in wiki
29:19
So now I'm going to Adelaide page. So here if you go to the homepage
29:34
Adelaide, she can see the. See the chat and she can type in
29:42
But if she go to files, you will see that it. She do not have any access here
29:47
Because we block her access and same with Viki. And similarly, if I go to the
29:56
To add non the guest account, I'm we will see the same. So what I need to do now to give them limited access
30:07
One thing is that. If I have more users, then it's better to have more separate
30:13
security groups for those purpose. But what I will do here. I'm going to add
30:22
Because I want to give access user access to the. One thing is that I'm going
30:29
Let me show you quickly here. If I go to the visitors group here
30:37
and I give them. If that member security group as lead access
30:41
then they will have the lead access. I just added the group here and now on what will what will
31:13
output for Alex here that Alex in view the files. But she will not have option to upload a file or make a name or
31:23
But if she go to wiki. She should not have she's. She should not be having access on wiki
31:35
Let me verify what has. Some how. So now I hopefully it will not be
33:52
showing the edit option to Alex on the. Vicky. If I go to the
34:01
Channel here. You can see that user having the. View access on documents and same
34:10
I think user will not have the option to modify the wiki files, but she can only view the
34:17
document same thing will be with the without none so but I will move bit quicker here
34:23
because I need to cover a few more things here because we only have 25 minutes left
34:28
So now I'm going to. The second option that I will go to the documents here
34:35
where all the documents for the channels are listed here. And because we do not have any specific any other channels
34:43
so I'm going to general channel here and will go to its properties
34:50
His permissions here. And we'll stop the inheritance here and you may many of you might have done this on SharePoint
35:04
So this will be the same way. And here you can remove the
35:10
You can remove the access for the users from here. For example, I only want to
35:17
Allow Alex here added access, but I do not want to allow Adnan as
35:22
I only want to allow Adnan as gas access so sorry Adlai
35:28
If Alex is already part of the members group. Read access. And the big
35:41
That we repeat here and here at the back end, you can see the visitor group is already there
35:46
it had the read access, so I do not need to assign
35:50
Read access to it non directly, so if I go back to the
35:59
This one. And I will click on documents for the for Adlai
36:06
So here you will see that she will have she will be having options
36:16
It seems that I making some changes on the wrong team Oh sorry but I have done that because I have given her
36:52
Access the wrong access. That's why she only having read access. I should have given her
36:58
Contribute access. Now she will be having
37:12
Option to upload the files and all these things, and if I go to the Adnan account here
37:17
you will see that. In this user can view the the guest account
37:21
can view the documents, but do not have X option to modify the documents
37:26
But the but meanwhile user can view other parts of the teams
37:30
So this is how we can specify the security for the document level content level
37:35
Now I will go to the next part, which is for the sensitivity levels
37:54
Now what are sensitivity levels? Because these are these are useful. There are two ways of applying
38:02
sensitivity levels on Office 365. One is on containers and the other is on content
38:07
Containers means it could be either Office 365 group or it's Microsoft Teams
38:14
or it could be. It could be a SharePoint site collection, and when I talk about content
38:21
content means the documents which are stored in Office document which is
38:25
stored in Microsoft in SharePoint. Either you uploading it to teams or
38:29
directly in SharePoint or in OneDrive All within or also for your email that you can also protect
38:36
your emails by sensitive sensitivity labels. And and and for the documents you can also mark them. You can
38:44
also learn brand them like you can add some for the secured
38:49
content. You can add some watermark on them or can add some header and footer text when someone print those documents
38:57
on or can or try to copy them. And also you can receive as I told you and I told at that start
39:03
that you can also receive the access that only manage devices on your file can only be accessed from the managed devices or
39:11
either or from the browser only. These files can only be allowed
39:15
from the browsers, but there are sometimes we get some limitations because of the file size or formulas used in an
39:23
Excel file or could be any other reason that we do. We cannot
39:27
only so but manage devices option is a very good file secure the content
39:33
And you can also get access on the secure content. So I will show you that how I configured this thing
39:41
And the. What are the options which I have selected and what you need to do for different tasks
39:48
So I'm going if I go to the Office 365 tenant here
40:00
I need to. I told you about the sharing that there are
40:04
multiple ways to enable external sharing and now if you if you
40:08
go to the active directory, there is one more thing that you
40:12
need to enable the. You need to create the sensitivity labels and also need to enable the
40:19
Oh, some permissions for the and allow which users are allowed to create the
40:27
Add the users. I have to go to the. This option. I went to the external identities
40:44
then click on external collaboration And here we need to do some kind of organization wide settings
40:49
like by default members can invite to external users. You need to disable this option
40:55
Guests can invite you need to disable this option and you have to select these two options
41:00
That the guest users permissions are limited so that they cannot move on
41:05
They will be having restricted access on the on your tenant and also admin and users in the guests invited role can invite
41:14
So there is a guest inverter role which we create, and only those users can invite a guest
41:20
It's not possible that if I do not have, I am not part of that invited group
41:25
then I cannot invite any guests to the to any of the team. So this is how you can also restrict users to add
41:33
to invite others, excellent guest users on a team. And now if I go to the settings again
41:41
I'm just closing these ones. And I need to go to compliance to security or compliance
41:48
I can also go from from the Compliance Center. I'm going to security here and here under
41:56
Classifications, you can see that there is option to create sensitivity labels
42:08
And here if I can show you that I already have created a couple of sensitivity labels here
42:13
So just say on high level I created the first four of which I
42:18
have created are for the container level and the last two are for the documents I created. I created separate sensitive
42:25
levels for the containers like for the teams and team level settings and separate for the documents which I will be. I
42:33
will also show you shortly. So what you need on when you create a send, create a label
42:39
here you need to enter name. Let me show you that the
42:43
because when we create a sensitive sensitivity level it will take some time to provision
42:50
And when you are creating it for the first time. You will see these options
42:57
but this site and group option will be missing. This is for the container where you want to
43:04
deploy it, apply it so for that one, you need to enable some of the roles
43:08
on using PowerShell. I am I'm showing you some of the PowerShell commandlets here
43:13
Like if you move for this machine where I'm I'm giving you
43:45
Let me check if it asks for authentication. OK, here you can see it
43:51
It lists the different settings which on the system by default. The first one which is for enable
43:57
MIP labels is set to false. You need to enable this one by simply
44:03
calling this calling this parameter. Within the parameter on settings and marking it true
44:10
And the. Once it is done, it will take some time. About 10 to 20 minutes or 30 minutes and you will
44:20
after that you will see this option site and group settings on the screen
44:25
And if I move next and you can name it something and you can add a description so that you can
44:30
easily understand that what is the purpose of this permission? So here I'm not doing any encryption encryption
44:38
done on the documents and if I select this option, then you will see that it will be showing me different options here
44:46
So I will be discussing on the document where I have applied it
44:50
I am marking it as none and this is not required here because
44:56
content marking is applied on documents because it's a container level. So here I am here is where I am applying the settings here
45:05
There are two types of policies. One is for public. Anyone can access the site
45:14
Site or team, whatever you say. Private only members can access means
45:19
only members of this site can access more edit. On none let user choose who can access the size
45:27
It means that I will allow that who will have the access
45:31
So I'm selecting the person public and allow full access from desktop apps, mobile apps, and web
45:38
means I'm not accepting it to any device. And similarly allow limited or web only
45:45
where I am going to block X and block X's meant only managed devices are allowed
45:50
And if I enable this one, this option, it will allow guest users on to to be added to the team
45:57
I'm deserving this one. I'm now going to next one. I'm not auto labeling the documents
46:04
so leave this leaving this for now. And I can review the settings from here
46:10
And similarly, if I quickly review the other options, other sensitive levels which I have created so that we can
46:18
have a quick overview on those also. So here you can see that I created one where I have allowed
46:27
limited and web only and named it as a. It is a private one
46:36
Let me know if you can hear me properly because I'm just getting the option
46:43
of some bad bad network connectivity here. Yes, Adnan, we can hear you
46:50
OK, thank you. You just have 15 more minutes, so I think people ask questions as well
46:58
If you can see in your Q&A sections, did you answer all those questions
47:02
What's the team more would guess needs Microsoft account? I will just soon complete this one and then I will
47:09
switch back to those questions. OK, sure. I just need few more minutes here
47:13
And similarly for the external one. I can show you the settings of this one
47:30
So this is how I have allowed the guest access where I am
47:34
I did the guess one and if I go to the confidential documents
47:38
here here I I have created two type of documents, one which are
47:42
highly secured and one are confidential that where I am applying some of the watermarks
47:47
So I'm not encrypting the document here, but I'm adding some bending here like I'm I have edits the watermark here
47:56
and also text here and I'm not applying it on any of the site
48:00
and setting because this will be on for the document only. And this is a simple settings here and for this one
48:10
Which is which I marked as highly confidential. Here you can see that I applied encryption here
48:25
and assign permission now I have selected it and let the user and user can and can access the content expiry
48:33
You can also set them that when the content will expire and
48:37
who will have offline access. I'm only describing the offline access that no one can access
48:42
the document offline and here at the bottom. We can also define that which users will have the access
48:50
Like authenticated users, it means that also the guest users will have the only have the read access on the view axis and
48:59
I also have defined some of the users here that. that Adley will be the reviewer of them of the reviewer and Alex
49:08
as a corner and here are the different permissions which are here and I can show you the permissions here for different
49:16
users. Like on or having full permissions. We were having limited permissions and similarly for
49:24
the viewer only had can be with the document. So these are the policies which can we can define at the
49:33
And now how and you can also define the security groups here
49:37
that were domains which are allowed here. And from the sensitivity from this page you can offer creating
49:44
the sensitivity levels you can. You can publish those those labels. I already have created published the sensitivity
49:55
labels, so now how you are going to apply these ones. If you remember that I already shown you that there are some which I will also tell you that when I create a team set from here I have option to select the sensitivity level you can You have seen
50:13
from here, but if you're going to create a team set from from
50:17
the. From team admin center, you will not have that option. OK, so there are some limitations on which Microsoft is
50:26
already working and they will be providing these options on all all the locations and similarly if you
50:33
go to the SharePoint admin center. And I will show you the sites here
50:39
which we just have created for the team. The teams which we have created and their sites
50:46
You will see that sensitivity label is applied for those teams. So this is one of the team
51:08
And I can show you here. You can see the sensitivity level applied here and now I'm going to the
51:17
because we have not have much time here. I'm going to the documents section to one of the
51:29
Things to have created. How we can apply documents on sensitivity
51:39
on the documents here. For example, I'm going to this one. And the I have opened the document on
51:52
browser and you will see that sensitivity option showing up here. So I'm just selecting the confidential here
52:00
We can also do configuring the organization in the way that auto labeling will be applied
52:05
And I'm just closing this document. Now if I go to Alex
52:15
actually Adley and open this document. On this one I have applied the watermark
52:24
and also some text on the. On the footer so it's showing
52:31
the sensory label and if I click. You know, try to print this one
52:42
Let's see what some what will output. You can see that it it shown the
52:50
watermark on the page and also showing some text on the footer
52:56
And similarly, if I go back to the second document and change
53:01
that to. The sensitivity level to highly confidential then see what will
53:10
be a difference here. Meanwhile, you have any questions you can post it on so that I
53:16
will start answering you. And now I'm checking this this one with again with Alex so that will will check that if
53:26
she having the access to this in that highly confidential document. Sorry, Adelaide Adelaide is part of the of the same tenant
53:34
So organization, so she should be having the required access. To be a viewer document
54:11
So and if I go to now with to to guest account
54:19
And you can see the guests can view the documents, but when I try to do the highly secure document
54:26
from guests, I will I will get an error message. So here you can see that
54:32
And it's not giving me the relevant message, which should be like that
54:36
What type of error is it? So I will go back. and try to open it in SharePoint
54:44
But I will show you that you can the user can still see the second
54:49
document because that was not highly secure. So here if I open
54:54
try to open this document, the message will be different. It means showing that the document
55:02
is protected by a rights management service. And set as your information system
55:08
And if the user tried to save the document on local machine
55:12
and try to access it again, it will be in the the the output
55:17
will be totally different. So this is about this how we apply the sensitivity levels on
55:22
the or Microsoft Teams and on especially on tenant level that how things work within SharePoint and because we can also apply
55:31
this on a SharePoint site only. And even in teams only or on the content only that's all
55:38
So now I'm open for questions. If you have any questions you can ask
55:42
I can see one that can we enable one time passcode for guests on teams
55:48
or it supposed to work actually passcode thing could become configured from the admin center because I'm not
55:55
I'm someone from the consistency side of SharePoint and implementing SharePoint site so any anyone who is
56:03
managing the active directory can can guide you better on that one
#Business Operations
#Enterprise Technology