Private Channels shall be utilized to restrict access to sensitive information
Access controls are a fundamental part of any compliance regulation. Giving access to certain Teams channels where users are collaborating on sensitive topics or sharing critical documents should follow a model of least privilege. Microsoft Teams allows you to create private channels where users can request access to the owners and all other users are prohibited from seeing the content.
- Follow these steps to create a private channel in Teams as detailed in the article Create a standard, private, or shared channel in Microsoft Teams on Microsoft Support.
- For an overview, refer to the Private channels in Microsoft Teams documentation on Microsoft Learn.
Teams Channels shall have an expiration policy
Organizations with a large number of Teams often have Teams channels that are never actually used. This can happen because of several reasons including product experimentation, short-term team collaboration, or team owners leaving the organization. Over time, such teams can accumulate and create a burden on tenant resources. To curb the number of unused teams, as an admin, you can use group expiration policy to automatically clean up unused teams. Because teams are backed by groups, group expiration policies automatically apply to teams as well.
- For an overview, read about the Microsoft 365 group expiration policy on Microsoft Learn.
- To define group expiration policies, follow the steps listed in the section How to set the expiration policy in the article “Microsoft 365 group expiration policy” on Microsoft Learn.
When you apply an expiration policy to a team, a team owner receives a notification for team renewal 30 days, 15 days and 1 day before the team's expiration date. When the team owner receives the notification, they can click Renew now in team settings to renew the team. To prevent accidental deletion, auto-renewal is automatically enabled for a Team in the group expiration policy. When the group expiration policy is set up, any team that has at least one channel visit from any team member before its expiration date is automatically renewed without any manual intervention from the team owner.