In the last 12 Month Microsoft Teams is in focus with topics like data privacy, Compliance, Encryption and Retention. Before these times the email and an email server is the main communication tool in combination with different messenger like WhatsApp, Telegram or Signal and video conference tools like WebEx. But if the modern work with Microsoft Teams is important, we don´t have to forget the good old email communication.
Email is legacy communication
Our Email communication is legacy today, everyone on this world has an email adress. Ok not everyone more an more has only a telephone number for their Messenger Account, but statistics said email is legacy. You can reach the most people on this planet with an email.
Legacy isn´t bad! It´s important for todays sensible and compliante communication.
A deeper look
Microsoft teams with its chats, teams with channels differ in many points from the classic email. The following content is taken from a 100 page report and strategy paper I wrote this year. It was about compliant communication and whether services like Microsoft Teams can be used as legacy tools.
Teams | ||
Access Management | low (Team architecture automatically allows external and internal members to work together freely) | high / good selection depending on application |
Archiving and storage in terms of the GobD | / | X |
Retention | / | X (easier / completely possible / much easier to enforce international and German rules. Much more tools on the market) |
Storage in the sense of the German laws | / | X (many 3rd party tools with appropriate certification and permission) |
Sending invoices and business correspondence | no recommendation | recommendation |
Dispatch of contracts | no recommendation | recommendation |
Sending draft contracts (just look, not print) | / (must be added manually / labeling) | X (via SharePoint sharing link directly from the message) |
Encryption of the individual message | (individually not possible) | X (various models up to the DE Mail) |
E2EE (end-to-end encryption) | no (no roadmap) | Yes (different solutions/ default ones) |
Exchange of own keys for E2EE between servers | no (no roadmap) | Yes (different solutions/ default ones) |
Extraction of a message for compliance purposes | no (no roadmap) | X |
Mark messages as private (e.g. for permitted or tolerated private use) | not possible | yes, possible |
Data protection assessment | critical (Regulatory authorities see the application critically or not applicable) | X ( Usually without problems applicable and this after h.M. data protection-conformal ) |
Supervisory authorities (data protection) | critical (Regulatory authorities see the application critically or not applicable) | no to few problems unproblematic |
OnPremises | No (not on the Backlog/Roadmap) | Yes |
Spam Proxy | No | Yes |
Proxy | No (only a few 3rd Party) | Yes |
Monitoring of Messanges | Yes, E5 like Communication Compliance | Yes default |
Extraktion of Messages | / (eDiscovery) | X (all / APIs) |
Working Council | Critical | no / only a few issues |
Comments on compliance and security
If you have been dealing with Microsoft teams for several years now, and all the longer with emails in a business and enterprise context, then I always come to the conclusion that Microsoft teams are the wrong communication tool. Microsoft teams simply have a lot of catching up to do in the area of compliance and security. Therefore it is often even more important today not to write off the email yet and to see it as a valid communication tool for some usecases. A multi-tool strategy stands out here.
Currently, email should be preferred to Microsoft Teams for sensitive and business sensitive communication. If the Email is encrypted (Proxy or PGP / S/MIME/protection template), Retention Polcies and attachmend encrpytion / sharing link to a secure storage and Backup is configurated.
Sometimes the Teams SharePoint storage can be more secure. This is the situation, when you sent email without encryption and with attachments and this is often a typical situation. In this situation it´s better, when you create a team invite the external and share the files and message into a Team.
Microsoft teams vs. email for works councils
This topic occupies me more and more, because even works councils prefer to rely on email than Microsoft teams. Here they know their way around and know what to do. They can exchange ideas with a great many works council members and know what to set up to protect their own colleagues. It’s just a system with few functions, which is now firmly integrated into everyday life and is part of every works agreement. Likewise, the email and the email server, if it is not operated by a US hoster, is little or not at all in the focus of the works councils and above all not in the public eye.
Of course, this does not mean that the email servers are all secure and have been approved by the works councils as part of their co-determination. Therefore also here the admonition to the work councils look at it the email.