Connectors · Salesforce Private Preview

Slack

Rencore monitors Slack across 25 governance policies, 8 reports, and 10 inventories, detecting channel sprawl, orphaned guest access, and file sharing risks automatically.

Digital Workplace

Published 16 May 2026 For IT Admin, Head of IT, CISO

Slack is in private preview. Join the waiting list and we will reach out when access opens up.

Join the waiting list

Rencore Slack governance is a set of 25 policies, 8 reports, 14 segments, and 10 inventories that continuously audit Slack workspaces for channel sprawl, guest access violations, file sharing risks, and user lifecycle issues. It detects members deactivated in Entra ID who retain Slack access, workspaces with too many admins, external guest members without business justification, and files shared via public URLs.

74 governance capabilities: 10 inventories · 25 policies · 8 reports · 14 segments · 9 automations

Why govern Slack with Rencore

Control channel sprawl

Detect inactive channels without messages in 90+ days, channels without purpose descriptions, and archived channels still consuming workspace resources. Automate cleanup with approval workflows.
Manage guest access

Find external guest members without business justification, guests with access to too many channels, and members deactivated in Entra ID who still have active Slack accounts.
Secure file sharing

Detect files shared via public URLs, files with external access beyond policy, and workspaces where file sharing settings bypass organizational data protection controls.
Enforce workspace standards

Flag workspaces with too many admins, workspaces missing required app restrictions, and user groups with stale membership. 25 policies cover every aspect of Slack governance.

What Rencore discovers

Rencore automatically inventories these Slack object types.

Slack Workspace

A Slack workspace; top-level container for members, channels, user groups, apps and files.
Slack Member

Individual accounts with access to a Slack workspace.
Slack Channel

A Slack channel; public, private, shared or multi-party DM.
Slack User Group

A Slack user group (formerly IDP group).
Slack App

A Slack app installed in the workspace.
Slack File

A file uploaded to a Slack workspace.
Slack Workflow

A Slack Workflow Builder workflow.
Slack Session

An active Slack user session on the Enterprise Grid org.
Slack Connect Invite

A pending Slack Connect (cross-org) invitation.
Slack Audit Event

An entry from the Slack Enterprise Grid Audit Logs API.

How Slack governance works in Rencore

Rencore connects to Slack via the Slack API and inventories workspaces, members, channels, user groups, apps, and files. It links Slack members to M365 users by email for cross-platform identity governance. Policies run on every scan cycle and flag sprawl, access, and sharing issues.

The multi-platform messaging challenge

Organizations using Slack alongside Microsoft Teams face fragmented messaging governance. A guest in Slack may already be terminated in Entra ID but invisible to Teams-focused governance. Rencore governs both platforms from a single dashboard, detecting identity mismatches that span messaging tools.

Who uses Slack governance

IT administrators use it to maintain clean workspace hygiene and manage channel lifecycle. CISOs rely on guest access and file sharing policies to detect data exposure risks. Heads of IT use the reports to compare messaging governance posture between Slack and Teams.

Getting started

Provide Rencore with Slack API credentials (OAuth tokens). All 25 policies activate on first scan, covering workspaces, channels, members, and files. Rencore links Slack members to Entra ID automatically.

Policies

25 governance rules that detect violations and risks.

Severity Category

Slack file with public URL shared

Detects Slack files with a public shareable URL.

High Security
Slack app with sensitive scopes (unapproved)

Detects Slack apps holding sensitive scopes that are neither directory-approved nor internal.

High Security
Private Slack channel shared externally

Detects private Slack channels that are shared with external organizations.

High Security
Repeated failed Slack logins (last 24h)

Detects Slack login_failed audit events in the last 24 hours.

High Security
Slack user elevated to admin

Detects Slack role_change_to_admin audit events in the last 7 days.

High Security
Slack login without geolocation

Detects Slack user_login audit events in the last 7 days with no resolved country.

High Security
Slack workspace without admin

Detects Slack workspaces that have no admin user assigned.

High Operation
Slack member deactivated in Entra ID

Detects Slack members whose linked Entra ID account is deactivated.

Medium Security
Slack workspace has too many admins

Detects Slack workspaces with more than 5 admins or owners.

Medium Security
Slack external guest member

Detects Slack members marked as multi- or single-channel guest.

Medium Security
Slack external-shared channel

Detects active Slack channels shared with external organizations.

Medium Security
Slack user without 2FA

Detects active Slack members without two-factor authentication enabled.

Medium Security
Stale Slack session

Detects Slack sessions with no activity in the last 30 days.

Medium Security
Slack guest without expiration

Detects guest Slack members that do not have an expiration timestamp set.

Medium Security
Slack workflow by deactivated user

Detects Slack workflows whose creator has been deactivated.

Medium Security
External Slack file share spike

Detects Slack file_shared_externally audit events in the last 7 days.

Medium External Access
Slack unapproved app

Detects third-party Slack apps that are not app-directory approved and not internal.

Low Operation
Slack archived channel

Detects archived Slack channels.

Low Sprawl
Empty Slack user group

Detects Slack user groups that contain zero users.

Low Sprawl
Slack orphan channel

Detects unarchived Slack channels with fewer than 2 members.

Low Sprawl
Stale Slack Connect invite

Detects Slack Connect invites that have been pending for more than 14 days.

Low External Access
Inactive Slack workflow

Detects Slack workflows with no updates in the last 180 days.

Low Sprawl
Orphan Slack file (deactivated owner)

Detects Slack files whose owner has been deactivated.

Low Sprawl
Slack admin/owner without 2FA

Detects Slack members with admin or owner role that do not have 2FA enabled.

Critical Security
Mass Slack file download

Detects Slack file_downloaded audit events in the last 24 hours.

Critical Security

Need a rule that isn't listed? Rencore's Policy Builder lets you create custom policies tailored to your organization. Learn more about the Policy Builder

Reports

8 analytics views and dashboards.

Slack members by role

Distribution of Slack members across owner, admin, member, guest and bot roles.

Donut Chart · Operation
Slack channels by type

Distribution of active Slack channels across public, private, shared and external-shared.

Donut Chart · Operation
Slack storage by file type

Total file size by Slack file type across the workspace.

Bar Chart · Costs
Slack 2FA adoption by role

Count of active Slack members by role, broken down by whether 2FA is enabled.

Bar Chart · Security
Top Slack channels by member count

The 20 largest active Slack channels by member count.

Bar Chart · Adoption
Slack workflow activity over time

Count of Slack workflows updated per month over the last 12 months.

Line Chart · Adoption
Slack sign-in activity (last 90 days)

Count of Slack user_login audit events per week over the last 90 days.

Line Chart · Security
Slack audit events by type (last 7 days)

Distribution of Slack audit events across event types over the last 7 days.

Donut Chart · Security

Automations

9 automated remediation workflows.

Remove Slack Member

Automatically removes a member from the Slack workspace after approval
Archive Slack Channel

Automatically archives a Slack channel after approval
Remove Slack App

Automatically removes a Slack app from the workspace after approval
Delete Slack File

Automatically deletes a Slack file after approval
Revoke Slack Session

Automatically revokes an active Slack session after approval
Set Slack User Expiration

Automatically sets an expiration timestamp on a Slack guest member after approval
Remove User from Slack Channel

Automatically removes a member from a Slack channel after approval
Disable Slack User Group

Automatically disables a Slack user group after approval
Unpublish Slack Workflow

Automatically unpublishes a Slack workflow after approval

Segments

14 data groupings for targeted filtering.

Deactivated Slack members

Slack members flagged as deleted in the workspace.
Slack workspace admins

Slack members with admin or owner privileges.
Slack guest members

Slack members marked as multi-channel or single-channel guests.
External-shared Slack channels

Slack channels shared with one or more external organizations.
Public Slack files

Slack files that have a public shareable URL.
Slack users without 2FA

Active, non-bot Slack members without two-factor authentication enabled.
Slack admins without 2FA

Slack admins or owners without two-factor authentication enabled.
Active Slack sessions (last 7 days)

Slack sessions with activity within the last 7 days.
Slack apps with sensitive scopes

Slack apps holding sensitive OAuth scopes (e.g. files:read, admin).
Published Slack workflows

Slack workflows that have been published and are runnable.
Slack guests without expiration

Slack guest members without an expiration timestamp set.
Failed Slack logins (last 7 days)

Slack login_failed audit events in the last 7 days.
External Slack file shares (last 30 days)

Slack file_shared_externally audit events in the last 30 days.
Slack role elevations (last 30 days)

Slack role_change_to_admin audit events in the last 30 days.

Frequently asked questions

What governance areas does Rencore cover?

Rencore covers six governance pillars: visibility and inventory across all Microsoft 365 services, ready-to-go policies with over 100 pre-built governance checks, compliance and audit evidence collection for regulatory requirements, extensibility and customization through custom policies and automations, cross-department collaboration with shared dashboards and role-based access, and AI and Copilot readiness to prepare tenants for secure AI adoption.

What is Rencore governance?

Rencore governance is a SaaS platform that continuously monitors your Microsoft 365 tenant for policy violations, configuration drift, and security risks across SharePoint, Teams, Power Platform, Copilot, and AI Agents. It automates compliance evidence collection, surfaces oversharing and sprawl, and provides actionable remediation workflows, reducing manual audit effort by up to 80%.

How do Rencore policies work?

Rencore ships with hundreds of pre-built policies that detect governance violations across every connector, oversharing, sprawl, cost overruns, security risks, and compliance gaps. Policies run on a continuous schedule, evaluate each discovered object against configurable rules, and flag violations with severity (High, Medium, Low), category, and a recommended action.

Trusted by