MS Teams

Overview

LightBeam Spectra users can connect various data sources to the LightBeam application and these data sources will be continuously monitored for PII, PHI data.

Example: MS Teams, MS Outlook, Gmail, Slack, etc.

Connecting MS Teams Data Source

1. Log in to your LightBeam Instance.

2. Click on DATASOURCES on the Top Navigation Bar.

3. Click on Add a Data Source.

1. Search for “Teams”.

   
2. Click on Teams.

1. Fill in the details as shown below and click on Next:

Basic Information

1. Data Source Name: This is the unique name given to the data source.

2. Description: This is an optional field needed to describe the use of this data source.

3. Primary Owner: Email address of the person responsible for this data source which will get alerts by default.

4. Entity Creation: LightBeam Spectra detects and associates attributes based on the context and identifies whose data it is; these are called entities. Example: Jane Doe is an entity for whom LightBeam Spectra might have detected Name and SSN in a monitored data source.

5. Source of Truth: LightBeam Spectra would have monitored data sources that contain data acting as a single point of truth and that can be used for looking up entities/attributes that help to identify if the other attributes/entities found in any other data source are accurate or not. A Source of Truth data set would create entities based on the attributes found in the data.

6. Location: The location of the data source.

7. Purpose: The purpose of the data being collected/processed.

8. Stage: The stage of the data source. Example: Source, Processing, Archival, etc.

Datasource Configuration

1. Provide the credentials as shown below and click on Test Connection.

Connection Details

• Client Id: It refers to the unique identifier assigned to the Azure portal application that is used for integrating LightBeam with the Teams data source. It is generated when you register an application in the Azure portal.

• Client Secret value: It is a confidential key or password associated with the Azure portal application. It is used to authenticate and authorize the application when accessing Teams resources. The Client Secret value is generated when you create a new client secret in the Azure portal.

• Tenant Id: It is a unique identifier assigned to the Azure Active Directory (AAD) tenant associated with the organization. It represents the organization's directory or identity store in Azure AD. The Tenant Id is obtained from the Azure portal.

• Event Hub Name: Name of the Azure EventHub entity. It can be found under Azure EventHub Namespace's entity tab.

• Event Hub Notification URL: URL of the Azure Vault secret where we stored the Event Hub Notification connection string primary key as value.

1. Verify that you get the message “Connection Success!”. Click on Next.

2. In this step, you can choose :

   1. Domain which you want to scan for: This is an optional field where you specify the domain name that you want to scan from total detected domains.

   2. Scan selected members and groups: Email address of members and groups which you want to include or exclude from scanning.

i) Scan all channels.

ii) Scan selected channels

To choose option (i), select Scan all channels, and click on Save.

Under EXCLUSION LIST FOR SCANNING, you can select the channel names you want to exclude from the scan.

To choose option (ii), select Scan selected channels. You can select the channels in the drop-down menu.

Select the inputs by ticking the checkboxes next to them.

1. Click on Save.

Now, we are ready to browse through the onboarded Teams datasource dashboard.

Appendix

Steps to Generate MS Teams Data Source Credentials

1. Log in to https://azure.microsoft.com/en-gb/

2. Click on Portal.

1. Click on the Search box on the Top Navigation bar. Type and search for “App Registrations”.

2. Click on App Registrations.

1. Click on New Registration. Add details as shown below and click Register.

1. Click on Certificates and secrets.

2. Click on New client secret.

3. Fill in the client secret details in the Description and Expires fields.

4. Click on Add.

1. Copy the Client Secret value and keep it secure for future use as you will not be able to retrieve it later.

Example: x_sWncr4m~.2lFeKlWR1pu3SgT32lg.254

1. Configure API Permissions.

Click API permissions -> Add a permission -> Microsoft Graph -> Application permissions -> Add following permissions

Then add the following permissions:

1. Once permissions are added, click on Grant admin consent for “Lightbeam.ai.”

Now, your application is ready to register.

Setting up Azure EventHub service to support Live Sync

To support live sync functionality, LightBeam requires the setup of an Azure EventHub service. Follow the steps below to configure the necessary components:

1. Create Azure EventHub Namespace

1. Create an Azure EventHub Namespace with the following details and leave the advanced settings at their default values:

1. Create a Shared Access Policy (ensure that Manage, Send, and Listen permissions are enabled):

2. Create EventHub and Obtain Connection String

1. Within the EventHub Namespace, create an EventHub entity (Entities -> Event Hubs).

1. Create a Shared access policies and copy the Connection String–Primary Key, as it will be required later. (ensure that Manage, Send, and Listen permissions are enabled):

3. Set Up Azure Key Vault

1. Set up an Azure Key Vault (ensure that Vault Access Policy is selected on the Access Configuration tab). Other values can be left as default.

1. Add two access poliiesy for key vault created.

   1. Policy for the newly registered application (for example: lb-teams) with following permissions.

1. Add second access policy (Microsoft Graph Change Tracking), For Secret permissions, select Get, and for Select Principal, select Microsoft Graph Change Tracking. Select Add.

1. Create a secret in the newly created Azure Key Vault (Objects -> Secrets) and set the value to the Connection String–Primary Key copied from the Event Hubs Namespace -> Entities -> Your Azure EventHub Instance -> Shared Access Policy -> Connection string–primary key. Example: Endpoint=sb://<Event Hubs Namespace name>.servicebus.windows.net/;SharedAccessKeyName=access-policy;SharedAccessKey=<generated by Azure>=;EntityPath=<Your Event Hubs Instance name>

4. Obtain Required Parameters

After completing the above steps, you will have all the required parameters to create the MS Teams integration with LightBeam:

✔️ Client ID: Obtain from the application overview page. ✔️ Client Secret value: Obtain from the application overview page. ✔️ Tenant ID: Obtain from the application overview page. ✔️ Event Hub Name: Obtain from the name from Event Hubs Namespace -> Entities -> Name of the Event Hubs Instance created for LightBeam. ✔️ Event Hub Notification URL: Create using the vault URL with the following structure:

For example,

5. IP Whitelisting in Restricted Environments

To set up IP whitelisting in a restricted environment, consult the following Microsoft documentation links for the respective services:

• Microsoft Graph: https://graph.microsoft.com/*

• Microsoft Azure Active Directory: https://login.microsoftonline.com/.onmicrosoft.com/*

• Microsoft 365 and Office 365 IP Address Ranges: https://learn.microsoft.com/en-us/microsoft-365/enterprise/urls-and-ip-address-ranges?view=o365-worldwide#skype-for-business-online-and-microsoft-teams

• Azure Key Vault: https://learn.microsoft.com/en-us/azure/key-vault/general/access-behind-firewall

About LightBeam

LightBeam automates Privacy, Security, and AI Governance, so businesses can accelerate their growth in new markets. Leveraging generative AI, LightBeam has rapidly gained customers’ trust by pioneering a unique privacy-centric and automation-first approach to security. Unlike siloed solutions, LightBeam ties together sensitive data cataloging, control, and compliance across structured and unstructured data applications providing 360-visibility, redaction, self-service DSRs, and automated ROPA reporting ensuring ultimate protection against ransomware and accidental exposures while meeting data privacy obligations efficiently. LightBeam is on a mission to create a secure privacy-first world helping customers automate compliance against a patchwork of existing and emerging regulations.

For any questions or suggestions, please get in touch with us at: [email protected].