We have previously explored the implementation of DLP and Supervision policies to the Team. We will now look at applying Sensitivity Labels - currently in Public Preview. By definition, Sensitively Labels allow Teams admins to regulate access to sensitive organizational content created during collaboration within teams. In other words, it can keep Teams private (removing the ability to be set as public) and block Guests from being added. The best thing is that labels can be set at a tenant label and easily applied when creating the Team. It gives administrators so much more control over the Team in terms that users cannot simply join the Team and Owners cannot simply add guests which are not authorised to access it's content. It's another layer of protection which should be added in any Teams roll-out. It's also an answer for blocking guest access on a Team by Team basis: this works well if the creation of Teams are regulated.
Data Loss Prevention (DLP) is a strategy for ensuring that team members do not send sensitive or critical information outside of the corporate network or to other team members. This could include financial information, personally identifiable information (PII) such as credit card numbers or information pertaining to Intellectual Property (IP) such as the design for a new application. It could even be extended to use cases such as barring profanity to be used in communications. Whilst Teams is a powerful application for users to be able to communicate and collaborate with guests and with other users in other Teams tenants, organisations also need to protect themselves against data leakage and the infringement of compliance regulations such as GDPR. Applying a DLP Policy to Teams is an essential step in any Teams deployment
Supervision policies in Microsoft 365 are defined as capturing employee communications for examination by designated reviewers (docs.com). In layman's this means policies can be set up for someone to review team members communications who may be disclosing sensitive information or violating HR policy in the use of profanity, racial slurs, taunts or sexually explicit language in Teams channels and private messages.
I must admit I enjoyed the security administration exam. I enjoyed studying for it. In fact, I congratulate Microsoft for introducing a Security certification which is so much more than a fundamentals exam (98-367).