Skip to main content

Netskope Help

Create a Microsoft Office 365 Teams Policy

To discover existing data residing within your sanctioned cloud services, create an API Data Protection policy with the desired options and actions. The Netskope UI guides you through the process of configuring policies for each of your cloud apps on a single web page.

To configure a Microsoft Office 365 Teams policy, follow the steps below:

  1. Once you log in to the Netskope UI, navigate to Policies > API Data Protection.

  2. Under the SaaS tab, click New Policy, and select the following options:

    1. Under APPLICATION, select Microsoft Office 365 Teams and select the Teams instance you created during the instance setup.

      Click NEXT.

    2. The USERS section specifies the users and groups that can trigger a policy violation. Select from the following options:

      • All Users: With this option, you can select all users from Teams.

      • Subset of Users: With this option, you can select specific users in Teams.

      • User Profiles: With this option, you can select a user profile. A user profile is a set of users you can create from Policies > PROFILES > User.

      • User Groups: With this option, you can select a user group. This option requires an integration with your organization's Active Directory and other directory servers to collect user and user activity information.


        To use the user groups option, you first need to install the Netskope Adapters Utility Tool. For more information, refer to Netskope Adapters.Netskope Adapters-OLD

      The Exclude Users and Exclude User Profiles options are available for All Users, User Profiles, and User Groups. The Exclude options excludes users or user profiles from triggering a policy.

      Click NEXT.

    3. The TEAMS section specifies the content to scan. Select either of the following options:

      • Channels: Channels are the collaboration spaces within a team in which the actual work is done. Select this option to scan messages shared in a channel. On selecting this option, you can select the following options:

        • All Teams: You can select all teams viz., private, and public teams.

        • Teams by Type: You can either select a private team or public.

        • Teams by Team Name: You can select specific team names.


      • Direct Messaging: Select this option to scan messages shared across 1:1 or 1:N users.


        If you select the Direct Messaging option, API Data Protection can scan in-meeting chat messages and attachments too.

      Click NEXT.

    4. The CONTENT section specifies the file sharing options and types of content to scan. Select the following options:


        • All Sharing Options: You can select this option to scan private, internally, and externally shared messages and attachments.

        • Specific Sharing Options: You can select this option to scan all or specific sharing types like Shared Internally and Shared Externally (with Guests).

          Important points to note:

          • An administrator can now trigger a policy if a DLP-sensitive chat message or attachment is shared with an internal or external user.

          • An external user is a user who is not part of the Office 365 organization using API Data Protection for Microsoft Office 365 Teams. This includes an anonymous user too.

          • The policy applies to chat messages and attachments originated or received by internal, external, or a combination of both user types.

          • Exposure for such violating chat messages and attachments are marked as either "Internally Shared" (shared with internal users) or “Externally Shared” (shared with external users) in Microsoft Office 365 Teams API-enabled Protection Dashboard and DLP incidents.


        • Text: You can select this option to scan text messages within a channel or direct messaging.

        • Attachment: You can select this option to scan attachments shared in a channel or direct messaging. You can select select All File Types or Specific File Types.


        API Data Protection policy for Microsoft Office 365 Teams scans all supported file types that are shared in Microsoft Office 365 Teams. Any modifications to the files outside the context of Microsoft Office 365 Teams are not processed as part of this policy.

      Click NEXT.

    5. The DLP section specifies the type of DLP profile that triggers a policy violation. Select DLP and click Select Profile. Search for a DLP profile or choose one from the list, which includes both predefined or custom profiles. After selecting a DLP profile, click Save.


      Microsoft does not provide any webhook notification for files uploaded through the files and wiki tab of Microsoft Teams. Due to this limitation, Netskope does not support DLP scanning for such file uploads. However, Netskope detects files sent as an attachment from a channel's chat window. For full DLP coverage, you should set up respective API Data Protection instances for Microsoft Office 365 OneDrive and SharePoint.

      Click NEXT.

    6. The ACTION section specifies the action to be taken when a policy violation occurs. Select from the following options:

      • Alert: Netskope sends a notification when a policy violation occurs.

      • Block Access: Netskope blocks channel, direct messages, and attachments that violate a policy.

      Click NEXT.

    7. The NOTIFICATION section specifies who and when to notify users about a policy violation. Select from the following options:

      • None: This option does not send any notification about a policy violation.

      • Notify once every <interval>: You can select this option to specify how often to notify recipients and who to notify. Click on the adjacent toggle to specify the time interval.

      • Notify after each event: You can select this option to send a notification to recipients after each event.

      Click NEXT.

    8. The SET POLICY section specifies the name of the policy and allows you to add a description if desired.

  3. Click SAVE.

  4. On the Policies > API Data Protection page, click APPLY CHANGES, then APPLY.