Microsoft 365 compliance capabilities for Adaptive Card content through apps in Teams now available

Summary:

Teams is built on the Microsoft 365 hyper-scale, enterprise-grade cloud, delivering advanced security and compliance capabilities. These capabilities can be managed across Microsoft services including Teams through a single pane of glass experience in Microsoft 365 Security and Compliance centers.

Currently these capabilities are available in Teams for chat and file content. As a collaboration hub, Microsoft Teams brings together apps & services you love into Teams. Adaptive Cards, being platform-agnostic, are preferred vehicles for sharing information between Teams and other apps and services whether you are using apps for project management, productivity, sales, support and more.

More than 70% of the apps today generate card content in Teams conversations. Much of this is business communication and would fall under the purview of regulations as it is with Teams chat and file content.

We are excited to announce that Microsoft 365 compliance capabilities are now available for Adaptive Card content generated through apps in Teams messages. The following capabilities are now generally available:

  • Legal hold: Preserve Adaptive Card content
  • eDiscovery: Identify, collect and produce card content in response to an investigation
  • Audit: Audit user activity on Adaptive Cards for forensics
  • Retention: Manage card content lifecycle in Teams

The above capabilities are built in platform and will be available for all apps including 1P, 3P and LOB apps. There is no additional work required from app developers to enable them. For the tenant admins, selecting Teams as a location in the above compliance workflows will now automatically include card content generated through apps in the corresponding Teams conversations.

Legal hold
When a reasonable expectation of litigation exists, organizations are required to preserve electronically stored information (ESI), including Teams chat messages that are relevant to the case. Selecting Teams as a location in a Litigation hold workflow will now automatically include Adaptive Card content generated through apps in the corresponding Teams conversations including 1:1 chat, 1:many or group chat, or a channel conversation.

For more information on Teams and eDiscovery holds, please see Create an eDiscovery hold.

Figure 1 – Creating a new Legal holdFigure 1 – Creating a new Legal hold

eDiscovery
Large Enterprises are often exposed to high penalty legal proceedings that demand submission of all Electronically Stored Information (ESI). Microsoft Teams content can be searched and used during eDiscovery investigations. Now in addition to chat and file content, Adaptive Card content generated through apps in Teams can be searched and exported.

Like Teams chat content, card content generated via Teams apps in 1:1 or group chats is journaled through to the respective user mailboxes and card content generated in channels is journaled through to the group mailbox representing the team. Adaptive Card content is converted to a html file and journaled as a message with the html file as attachment.

Selecting Teams as a location in Core eDiscovery or Advanced eDiscovery workflows will now automatically include card content generated through apps in the corresponding Teams conversations including 1:1 chat, 1:many or group chat, or a channel conversation.

For more information on Teams and eDiscovery, please see Conduct an eDiscovery investigation of content – Microsoft Teams | Microsoft Docs.

Figure 2 – Selecting Teams location for a custodian in eDiscovery (will automatically include card content from Apps)Figure 2 – Selecting Teams location for a custodian in eDiscovery (will automatically include card content from Apps)

Figure 3 – Card content in eDiscovery review setFigure 3 – Card content in eDiscovery review set

Audit
Audit log can help you investigate specific activities across Microsoft 365 services including Teams. Now inline input actions on Adaptive Cards will be available in the audit log. You can filter audit logs corresponding to actions on cards by selecting “Performed action on card” as the Teams activity.

Figure 4 – Audit log for actions on cardFigure 4 – Audit log for actions on card

Retention
Retention policies help you to effectively manage the information in your organization. Use retention policies to keep data that’s needed to comply with your organization’s internal policies, industry regulations, or legal needs, and to delete data that’s considered a liability, that you’re no longer required to keep, or has no legal or business value.

Now, in addition to Teams chat and file content, you can include card content in your retention policies. Selecting Teams as a location while setting up retention policy will now automatically include Adaptive Card content generated through apps in the corresponding Teams conversations including 1:1 chat, 1:many or group chat, or a channel conversation.

Figure 5 – Selecting Teams location while setting up a retention policy (will automatically include card content from apps)Figure 5 – Selecting Teams location while setting up a retention policy (will automatically include card content from apps)

What app developers are saying about these new capabilities
We are thrilled to extend these Microsoft 365 compliance capabilities to card content generated from Teams apps. To help highlight how great these capabilities are, take a look at a few testimonials from the app developers that we worked closely to enable this feature!

SurveyMonkey
“SurveyMonkey allows organizations to collaborate on rich insights uncovered using our integrations, while ensuring data remains secure. The latest platform capabilities from Microsoft Teams allowed us to bring our mutual customers the improved data governance and compliance features with no additional implementation effort.”

Fuze
"For organizations with specific compliance, risk, and legal concerns––from manufacturing to financial services––Fuze provides safe and secure collaboration across the distributed workforce," said Jed Brown, SVP of Product & Design at Fuze. "This extends to organizations utilizing the Fuze for Teams integration for click to call and click to meet. With Fuze for Teams, all interactions with the integration are compatible with Microsoft’s auditing and eDiscovery tools. By adhering to Microsoft’s development guidelines from the start, Fuze was able to easily comply with Teams controls for security and compliance and requires zero effort from customers to enable."

Medxnote
“We are excited for the roll out of compliance capabilities in 3rd party apps. Being able to integrate into a customer’s existing compliance framework is a real and tangible benefit for Medxnote and our customers!”

We’d like to hear your feedback on the product to keep improving functionality, adding new features, and enhancing existing ones. Sign in today using your Microsoft 365 account, and give us feedback via the Feedback button at the bottom right corner of Microsoft 365 compliance center.

Date: 2021-01-26 16:00:00Z
Link: https://techcommunity.microsoft.com/t5/microsoft-teams-blog/microsoft-365-compliance-capabilities-for-adaptive-card-content/ba-p/2095869