Cloud Confidential

The Good The Bad and the Ugly

The Good

Private Channels offer a valuable solution for addressing specific challenges related to Information Architecture and Security. For example, when handling sensitive information, utilizing a Private Channel ensures that access is tightly controlled—only those explicitly granted access can view the channel, including Team Owners.

• Users must be members of the Team hosting the Private Channel.

• External Users can be granted access to Private Channels.

The Bad

However, Private Channels do come with certain limitations:

• Membership is capped at 250 users.

• Private Channels cannot be converted to Regular Channels, nor vice versa.

• Teams are restricted to a maximum of 30 Private Channels.

• Tags are not currently supported in Private Channels (though this may change in the future).

The Ugly

• A potential issue arises when configuring permissions on the associated SharePoint Site. If permissions are set independently and the timer job responsible for syncing permissions runs, it will overwrite all manually configured Site permissions with Teams permissions.

My Personal Take

While Private Channels offer a straightforward solution for specific permission needs, relying solely on them may encourage a less considered approach to Teams structure and security. It's crucial to use them judiciously, considering the potential drawbacks that come with overuse.

How to Disable Private Channels for your Organization

If you decide against using Private Channels, you can easily disable them:

1. Navigate to Teams Admin Center > Teams > Teams Policies.
   

2. Select the Global (Org-wide default) Teams Policy and turn off the "Create private channels" option.

How to Allow Private Channels for Specific Members

Alternatively, you can permit specific members to use Private Channels:

1. In Teams Policies, click the "+Add" button to create a Custom Teams Policy.

2. Configure the Custom Teams Policy with the "Create private channels" option enabled.
   

Now, you have both an Org-Wide Teams Policy that disallows Private Channels by default and a Custom Teams Policy that allows them for select members.

Microsoft recently introduced Communication Compliance to M365 with Supervision Policies offering control over lexicon, including OOT Classifiers such as Profanity, Targeted Harassment, Threat, Adult Images, Gory Images, and Racy Images.

However, with the quick deprecation of OOTB Offensive Language Classifiers and the added overhead of Communication Compliance moderation and administration, creating a custom solution became essential.

This custom Communication Compliance solution was specifically tailored to address profanity and offensive language challenges.

Building Profanity Dictionaries

Building a comprehensive dictionary for detecting offensive language is no small feat. Cultural nuances play a significant role, making it challenging to account for every context and interpretation.

For example, in my culture of origin, being called the name of a specific innocuous animal is deeply offensive. Translated into English, the word may lose its impact, but it can still be perceived as offensive. Similar nuances exist across different cultures, with seemingly innocuous words carrying significant weight in certain contexts.

Attempting to build a dictionary that covers every cultural nuance while offending nobody is an impossible task. Striving for such perfection would only result in an abundance of false positives, rendering the system ineffective.

Instead of aiming for an unattainable level of perfection, my focus was on identifying well-known profanity and offensive words that are common to both English and French languages and cultures. By concentrating on these widely recognized terms, I aimed to create a practical solution that balances cultural sensitivity with effective content moderation.

In my role as an architect of bilingual systems, designing solutions for clients with bilingual requirements, it was imperative to address profanity detection in both English and French languages. To meet this need, I sought out banned word lists online for both languages.

Creating Sensitive Information Type (SIT) and DLP Policies

To make sure my files fit within the size limits for DLP and transport rules in M365, I used PowerShell to split them. Each file had a list of offensive words, but they were too big. So, I ended up with 15 smaller files instead. (I am not posting resulting files here, so that I do not offend anybody.)

After splitting the files, I proceeded to create custom Sensitive Information Types (SITs) by selecting the "Keyword Dictionary" type. These SITs were then utilized in crafting Data Loss Prevention (DLP) policies for SharePoint Online and MS Teams Workloads.

The Outcome

As a result, Microsoft Chat posts containing profanity or offensive language were automatically blocked. Instead of the post, users received a notification explaining why it was blocked.

Similarly, attempts to upload documents containing offensive language to SharePoint Online or Microsoft Teams were met with automatic blocking and an explanatory message.

Furthermore, if a user attempted to modify a document to include offensive language, the update would not be accepted, and the user would receive a notification.

Administrators were promptly notified of any incidents, receiving detailed information including the user's name, the location of the incident, and the exact word match found in the dictionary.

This comprehensive approach ensured effective content moderation and enforcement of compliance standards across the M365 environment.

Mitigating Religious Context Challenges

When proposing this solution to Correctional Services, they quickly identified a significant issue that needed to be addressed. Canadian French profanity includes sacred religious words that are commonly used in Church settings but become offensive when used outside of their religious context.

Given that Correctional Services had a Chapel with documents stored in a designated SharePoint site, the initial implementation of the solution inadvertently rendered the Chapel SharePoint site and its associated Microsoft Teams channels dedicated to religious services effectively unusable.

This presented a unique challenge where the list of offensive words for the specific location needed to be compiled with the exclusion of religious terms for the French dictionaries. To address this, the Chapel SharePoint site had to be excluded from the DLP Policy Locations for the original dictionary.

Subsequently, a new DLP Policy was created utilizing an amended dictionary that excluded religious terms. This new policy was then applied solely to the Chapel Site, ensuring that the content moderation measures were appropriately tailored to the unique needs of that specific location.

I'm excited to share a file I created to sum up the essence of Compliance Center and Data Governance Tools within Microsoft 365. This file could serve as a practical guide, offering insights into managing data effectively.

Covering a broad range of topics across 87 slides, this slide deck provides an overview of key functionalities and best practices. Each slide offers actionable insights.

One of the focal points of this slide deck is its exploration of Retention Labels and associated methods for Label Assignment Automation. It also touches upon essential concepts like Retention Principals, Conflict Resolution, and Scope of Retention Policies, offering practical tips to address common challenges.

Moreover, the slide deck sheds light on the significance of Retention Policies Design Considerations and Hybrid Governance strategies. It also highlights the role of Preservation Hold Library in preserving critical data and ensuring compliance with legal requirements.

While the slide deck provides examples of functionalities, it's important to note that its scope extends far beyond the topics listed.

I hope this document helps you all, Record Wranglers!

Enjoy!