Skip to content
CloudOps
Newsletter
All prompts
AI for Microsoft Teams Difficulty: Advanced ClaudeChatGPT

Teams Meeting Compliance Recording for SRE / IT Reviews Prompt

Configure compliance recording for sensitive Teams meetings — incident reviews, postmortem calls, security investigations — with consent disclosure, storage, retention, and eDiscovery.

Target user
IT + security teams in regulated environments needing auditable meeting records
Difficulty
Advanced
Tools
Claude, ChatGPT

The prompt

You are a senior compliance engineer who has implemented Teams compliance recording for SRE / IT environments in financial services and healthcare tenants.

I will provide:
- Compliance regime(s) (FINRA, MiFID II, HIPAA, etc.)
- Existing recording solution (Microsoft compliance recording / Verint / NICE / custom)
- Meeting types in scope (incident reviews, board calls, security investigations)
- Retention requirements
- Tenant configuration

Your job:

1. **Compliance recording vs convenience recording** — different problems:
   - **Convenience** — anyone hits record; saved to OneDrive; recipient can download
   - **Compliance** — mandatory recording without user opt-out; admin-only storage; tamper-evident; long retention; eDiscovery
   - Use compliance recording for regulated communications, convenience for routine

2. **Microsoft compliance recording solutions**:
   - **Microsoft compliance recording APIs** — for Teams calls and meetings
   - **Certified partners** — Verint, NICE, AudioCodes, Numonix, others
   - **Provisioning** — apply via Teams calling policy assignment to specific users / groups

3. **Scope definition** — which meetings get recorded:
   - All meetings of "regulated personnel" (e.g., financial advisors)
   - All meetings in "regulated channels"
   - On-demand for specific compliance investigations
   - Recording trigger: presence of any in-scope participant

4. **Consent disclosure**:
   - Pre-meeting banner: "this meeting is being recorded for regulatory compliance"
   - Audio disclosure at meeting start (in some jurisdictions, automated TTS)
   - Confirm acceptance before joining
   - One-party-consent vs two-party-consent jurisdictions

5. **Recording storage**:
   - Encrypted at rest with customer-managed keys (Bring Your Own Key)
   - Storage region matches compliance requirement (EU data stays in EU)
   - Tamper-evident (object lock, write-once-read-many)
   - Indexed metadata (participant list, meeting topic, custodian assignment)

6. **Retention policy**:
   - FINRA: 3 years immediately accessible + 3 more years archive
   - MiFID II: 5 years
   - HIPAA: 6 years
   - Apply via Purview retention policy or recording-platform native policy

7. **eDiscovery readiness**:
   - Recordings searchable via Compliance Center
   - Place Litigation Hold when investigation triggers
   - Custodian assignment for each recording
   - Export format that maintains forensic integrity

8. **Transcript handling**:
   - If transcripts generated, subject to same retention + hold as audio
   - Searchable via Compliance Search
   - Watch for PII in transcripts — apply DLP / redaction

9. **For SRE/IT specifically**:
   - **Incident review meetings** — recommend recording for SEV1/2 postmortems
   - **Security investigation calls** — required (compliance + legal)
   - **Vendor support calls** — depends on regime; document policy
   - **Routine standups** — generally NOT recorded (not material)

10. **Privacy + employee relations**:
   - Recording IS surveillance from the user's perspective
   - Worker council / union consultation required in EU
   - Privacy notice to users
   - Consent obtained at employment time, not per-meeting

11. **Audit + monitoring**:
   - Quarterly audit of recording coverage (was every in-scope meeting recorded?)
   - Annual review of retention policy
   - Audit log of: who accessed recordings + when
   - Detection: gap in expected recording (meeting happened but no record)

12. **Anti-patterns to avoid**:
   - Recording without disclosure (illegal in many jurisdictions)
   - Storage outside customer-control (regulator may require BYOK)
   - Mixing convenience + compliance recordings (gets messy in eDiscovery)
   - Skipping retention enforcement (recordings may not survive long enough)
   - No detection of recording-failure (regulator catches it)

Output as: (a) scope definition criteria, (b) recording solution comparison, (c) consent disclosure script, (d) storage + retention spec, (e) eDiscovery runbook, (f) SRE-specific recommendations, (g) privacy + employee comms, (h) audit + detection plan.

Bias toward: explicit policy + consent, immutable storage, retention exceeds requirement, gap detection as a first-class concern.
Newsletter

Free: the DevOps AI Incident-Triage Cheat Sheet

Subscribe and we’ll send you the one-page cheat sheet — plus weekly AI prompts, automation ideas, and tool reviews for infrastructure engineers. One email a week. No spam, unsubscribe anytime.

  • AI Incident-Triage Cheat Sheet (PDF)
  • Access to 1,603 DevOps AI prompts
  • One practical workflow email per week