3.5 Ensure DLP policies are enabled for Microsoft Teams

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version


Enabling Data Loss Prevention (DLP) policies for Microsoft Teams, blocks sensitive content when shared in teams or channels. Content to be scanned for specific types of data like social security numbers, credit card numbers, or passwords.


Enabling DLP policies alerts users and administrators that specific types of data should not be exposed, helping to protect the data from accidental exposure.


Enabling a Teams DLP policy will allow sensitive data in Teams channels or chat messages to be detected or blocked.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.


To enable DLP policies, use the Microsoft 365 Admin Center:

Select Compliance under Admin centers to open Microsoft 365 compliance center.

Under Solutions select Data loss prevention

Click Policies.

Click Create policy.

Either start with a template or create a custom policy.

Provide a Name for your policy

At the Choose locations step, either choose Protect content in Exchange email, Teams chats and channel messages and OneDrive and SharePoint documents or select Let me choose specific locations. If you select Let me choose specific locations, ensure that Teams chat and channel messages is selected.

Ensure that the proper DLP rules are created for the type of content to be detected and what actions should be taken.

Default Value:

This is not enabled by default.

See Also