Introduction to Microsoft 365 compliance

Microsoft provides a range of robust compliance and data governance solutions to assist organizations in effectively handling risks, safeguarding, governing sensitive data, and meeting regulatory obligations.

Microsoft 365 has thorough compliance and data governance solutions to protect valuable data across multiple clouds, applications, and endpoints while being able to detect and address significant risks within small and medium businesses and large enterprises. With these tools, compliance professionals are able to examine and address legal obligations using pertinent data, as well as evaluate compliance and address regulatory requirements.

The Microsoft Purview compliance portal is a central place for all compliance tools and organizational needs. It is available to users with one of the following roles: Global Administrator, Compliance Administrator, and Compliance Data Administrator:

Figure 1.2 – Microsoft Purview compliance portal

Microsoft Purview is now the common prefix for Microsoft 365 compliance and risk management solutions, for protecting and governing sensitive data and addressing regulatory standards requirements.

Microsoft Purview Data Loss Prevention is a solution that detects and prevents sensitive organizational data loss via DLP policies across multiple locations, using deep content analysis:

• Teams, Exchange, SharePoint, and OneDrive accounts and other Microsoft 365 services
• Office applications such as Word, Excel, and PowerPoint
• Windows 10, Windows 11, and macOS (three latest released versions) endpoints
• Non-Microsoft cloud apps
• On-premises file shares and on-premises SharePoint libraries
• Power BI

Microsoft Purview Information Protection is an all-inclusive solution that enables organizations to do the following things:

• Know their data or understand the data landscape, identify sensitive information types using trainable classifiers, custom regular expressions, or functions, and gain data classification information
• Protect organizational data by applying sensitivity labels automatically, encrypting data end email messages, applying access restrictions, and using Customer Key
• Prevent data loss through detecting risky behavior that is extended to endpoints and extend DLP monitoring on-premises and Teams
• Govern data via automatic actions

Microsoft Purview has numerous components and features used for governance and compliance. Here, we have introduced and described some of the most important parts:

• Data Lifecycle Management enables customers to retain content using event-based retention, for example, when employees are leaving the company, when their contract expires, or when the retention is tight to a product lifetime.
• Message Encryption: By utilizing Advanced Message Encryption in Office 365, customers can effectively fulfill compliance requirements that necessitate enhanced control over external recipients and their ability to access encrypted emails. This feature empowers users to regulate sensitive emails shared outside the organization through automated policies, while also providing the capability to track these activities via access logs in the encrypted message portal.
• Communication Compliance: Microsoft Purview Communication Compliance is a solution designed to mitigate communication risks originating from within your organization. It assists in identifying, capturing, and taking action on potentially inappropriate messages, enabling compliance personnel to proactively address any concerning communication incidents.
• Customer Lockbox: With Customer Lockbox, you retain full control over your content, as Microsoft is unable to access it for service operations without your explicit consent. It involves you in the approval workflow utilized by Microsoft to guarantee that only authorized requests grant access to your content.
• Microsoft Purview Audit: The audit feature within Microsoft Purview offers organizations enhanced visibility into a wide range of audited activities across various Microsoft 365 services. The audit functionality allows for comprehensive monitoring and tracking of different types of activities within the organization.
• Compliance Manager: Microsoft Purview Compliance Manager is a component within the compliance portal of Microsoft Purview that assists in automating the evaluation and oversight of compliance throughout your multi-cloud environment, enabling you to efficiently assess and manage compliance requirements across multiple cloud platforms.
• Customer Key: This helps you meet regulatory or compliance obligations for controlling root keys and provides extra protection against accessing data by unauthorized parties.
• Insider Risk Management: Microsoft Purview Insider Risk Management is a compliance solution designed to mitigate internal risks by empowering you to identify, investigate, and take appropriate action against both malicious and unintentional activities occurring within your organization, aiding in proactively addressing potential threats originating from within the organization.
• Information Barriers: To establish necessary restrictions to prevent unauthorized or undesired interactions within your organization, Microsoft Purview Information Barriers (IB) is a compliance solution that provides the capability to limit bidirectional communication and collaboration between groups and individual users.
• eDiscovery: The eDiscovery feature presents a comprehensive workflow that covers the entire process of preserving, collecting, analyzing, reviewing, and exporting relevant content for internal and external investigations conducted by your organization. Furthermore, it provides legal teams with the ability to effectively manage the complete workflow for legal hold notifications and communication with custodians involved in a case.