To understand the value that Ethical Wall offers over and above the Microsoft built-in features, we need to address internal and external communication separately.
Microsoft Native controls
Microsoft allows organizations to control external communication in the following ways:
Allow all external communication
Block all external communication
Create lists of allowed external domains and blocked external domains
With Microsoft’s native controls, when an external domain is open for communication -
The whole external domain is open
Communication with that domain is allowed for everyone internally (org wide policy)
All types of communication are permitted
Ethical Wall Added Value
Ethical Wall adds flexibility to external communication control in 3 ways:
1- Open up external communication for a specific internal Group/Domain/User
2- Open up external communication to a whole external domain or even to just one external user from that domain
3- Open up external communication for limited communication capabilities. For example, allow IM’s but block file sharing and screen sharing
Microsoft Native controls
Microsoft offers the ability to block communication between specific internal groups with the Information Barriers product
This product is only available with the E5 Compliance package
Information Barriers, apart from being expensive, is limited to the following two options:
Allow communication completely between Groups
Block communication completely between Groups
Information Barriers is a rigid solution that also does not allow for exception policies.
It is also important to note that Information Barriers needs to be managed using PowerShell.
Finally, an important limitation of Information Barriers is that policies don't work for federated users: If you allow federation with external organizations, the users of those organizations won't be restricted by IB policies. If users of your organization join a chat or meeting organized by external federated users, then IB policies also won't restrict communication between users of your organization.
Ethical Wall Added Value
With Ethical Wall, organizations gain the flexibility to have granular control over the types of communication.
If the policy calls for a complete block, Ethical Wall will block communication even when federated users have initiated the chat or meeting.
You can also control the following types of communication:
Adding users to conversations
It is very common that organizations do not want to impose a complete block between internal groups. Rather, they want the flexibility to allow chat and meetings, but to block file sharing and screen sharing.
Policies can be based on AD Groups, Internal Domains and individual users based on the UPN.
Ethical Wall is managed in the SphereShield Admin Portal which has a GUI interface.
Microsoft Native controls
Microsoft has a DLP solution for MS Teams that is available with the E5 Compliance package
The solution is a reactive solution. This means that when sensitive data is sent in a file or message, the communication reaches the destination user and is deleted after the fact
The communication can be deleted quite quickly but also can take considerable time depending on various factors. Files can take up to an hour to be deleted.
Sensitive data appears in Windows and Mobile notifications and is not deleted at all.
In order for MS DLP to inspect external traffic, both the source organization and the destination tenant have to be on Teams Only Mode and using Native Federation.
MS DLP policies will not be enforced when a user is invited as Guest into an external tenant
MS DLP policies will not be enforced when a user joins a meeting that is hosted externally
SphereShield DLP Added Value
SphereShield offers a real time solution which blocks sensitive information from reaching the cloud and obviously the destination user. Sometimes this is needed as a matter of company policy and sometimes it is required by law.
SphereShield DLP applies regardless of whether the organization is on Teams Only Mode and using Native Federation
SphereShield DLP applies even when a user is communicating as a Guest in an external Tenant
SphereShield DLP applies even when a user joins a meeting that is hosted externally.
SphereShield DLP can also block files based on: A) file type B) file size C) Azure Information Protection labels and classifications
SphereShield DLP includes an anti harassment and Workplace safety feature that can block profane language and inappropriate images
SphereShield DLP can inspect Audio in real time using transcripts
SphereShield DLP can inspect video (on screen text) using Video OCR
SphereShield DLP can be integrated with other DLP vendors such as Forcepoint, Symantec, McAfee. This integration means that customers can use their existing DLP rules and infrastructure and cover MS Teams at the same time. Incidents will also appear in the existing Vendors incident manager.
SphereShield DLP policies can be applied to a subset if users, they do not need to be org wide.
SphereShield DLP violations are audited and integrated with the SphereShield eDiscovery. This is useful to see the entire context of a DLP incident.
Microsoft Native features
Using MS eDiscovery for MS Teams your organization can search for Teams communication from Public Channels
Private Channels and Guest communication needs to be managed using PowerShell
eDiscovery results, split up every line of communication into a separate downloadable file. A conversation with 100 lines of communication will be searchable with 100 files containing one line of communication each.
SphereShield eDiscovery Added Value
All communication can be archived as a backup (and even deleted from the cloud) . This can be stored on premise, in private cloud or as a backup in the cloud.
All communication is searchable including private channels and guest communication
In additin to standard file and message capturing, SphereShield eDiscovery also captures -
reply messages as well as the message that is being replied to
Reactions (Thumbs up etc)
Edited messages - original message and new edited message
Deleted messages and that message was deleted (includes if delete was undone - “undo”)
Messages that are marked as Important/Urgent
The results are extremely user friendly. You can scroll through the communication seeing who said what, when they said it where they said it and to who it was communicated.
Results can be exported to easy to read PDF or Excel.
The solution can be managed by non O365 admins e.g. HR or Compliance
Audio and Video communication is also searchable
Meeting metadata information, including participants, screen shares etc are searchable.
Integrated with SphereShield DLP to see the entire context of a DLP violation
Microsoft Native features
N/A - it is not possible to move, copy, archive, export or merge channels natively in MS Teams
SphereShield Channel Management Added Value
Users have the flexibility to manage their Channels and perform the following actions
Move Channels to other Teams
Copy Channels to other Teams
Merge Channels together
Export Channel content to PDF
SphereShield offers unique advanced governance capabilities that can be suited for a variety of needs.
Microsoft`s native governance gives the ability to do a few things, such as:
Adding a Team/s.
Adding or removing members from a Channel/s.
Assigning and reverting member`s roles.( Member Owner)
See list of Teams and their Metadata.
Upload Apps to MS Teams, with the ability to Block or Allow Apps.
Turn on/off external communication with Skype for Business and Teams users.
Create lists of allowed and disallowed external domains.
Control Guest Access ( Allowed / Not Allowed), and manage settings for guests.
However, SphereShield`s governance solution offers capabilities for a variety of scenarios and requirements. Such as:
Creation and Ownership
Which Groups/Users are allowed to create Teams
Which Groups/Users are allowed to create Channels
Which Groups/Users are allowed to be Teams Owners
Adding users (internal and external) and permissions
Which Groups/Users are allowed to add users to Teams
Which Groups/Users are allowed to add Guests to Teams
Which Groups/Users are permitted Guest Access to other tenants
Which Groups/Users are allowed to upload files to OneDrive / SharePoint
Which Groups/Users are allowed to upload files to MS Teams
Data is an extremely important, if not the most, valuable asset for any company. The fact that employees, and sometime guests, can access it and instantly share on collaboration platforms such as MS Teams, should raise a flag to have a system to control it and prevent any undesirable scenario. Also for other regulation (or internal policy) purposes, it may be necessary to restrict file uploading capabilities to a limited amount of users. Plus, save your tenant from future problems by establishing who can create teams and channels and Avoid Team/Channel Clogging.
Virtual Assistant - AGI
Microsoft Native Features:
A meeting will create a chat that can be found in the chat section
The participants, files, chat and other tabs are available in the chat
The Meeting Notes tab is available for manual note taking
The recording and transcript will also be posted to the chat automatically
With Microsoft Premium license you can also see suggested tasks and summary points
SphereShield Virtual Assistant Added Value
AGI automatically creates meeting content including Notes, Summary, Agenda and Decisions
AGI automatically create notes & tasks which are synced to your preferred Task Management / CRM System – Planner, Asana, Monday, Trello, Zoho etc.
AI Sentiment Analysis – identify positive and negative interactions for extra attention or cloning positive behavior
Post meeting items for discussion in MS Teams Group Chat
Tasks are also suggested from MS Teams chats.
Microsoft Native features:
SphereShield Sentiment Analysis Added Value:
Sentiment analysis of chat in Chats and Channels
Sentiment analysis of a Teams Meeting transcript
Sentiment analysis of one-on-one Teams messages as personal insights report