Cloud & Networking
Reader small image

You're reading from  Microsoft 365 Security, Compliance, and Identity Administration

Product typeBook
Published inAug 2023
PublisherPackt
ISBN-139781804611920
Edition1st Edition
Concepts
System Administration
Right arrow
Author (1)
Peter Rising
Peter Rising
author image
Peter Rising

Peter Rising has over 25 years' experience in IT. He has worked for several IT solutions providers and private organizations in a variety of technical and leadership roles, with a focus on Microsoft technologies. Since 2014, Peter has specialized in the Microsoft 365 platform, focusing most recently on security and compliance in his role as a Consulting Services Manager for Insight. Peter is heavily involved in the wider Microsoft community and has been recognized by Microsoft as an MVP. He holds several Microsoft certifications, including MCSE: Productivity; Microsoft 365 Certified: Enterprise Administrator Expert; and Microsoft 365: Cybersecurity Architect Expert.
Read more about Peter Rising

Right arrow

Managing Regulatory and Privacy Requirements

Organizations need to be keenly aware of their obligations in relation to regulatory compliance. This can be challenging, especially for smaller businesses that may not have a dedicated compliance or data protection officer. It is important to recognize and implement the correct settings and controls in Microsoft Purview to ensure that you are observing the appropriate standards and regulations.

Equally (and increasingly) important is the awareness and implementation of privacy settings and controls. Data subjects have the right to privacy and are entitled to the expectation that data relating to them is appropriately protected, not overexposed, and only retained for as long as it is needed.

In this chapter, we will explore the available technologies in Microsoft Purview that allow you to plan for regulatory compliance and privacy within Microsoft 365. We will learn how to use the rich features of Compliance Manager within Microsoft...

Planning your regulatory compliance journey in Microsoft 365

To start planning for regulatory compliance using Microsoft 365, organizations should be aware of the rules and regulations to which they need to adhere to be considered compliant by regulatory bodies and standards. These include the General Data Protection Regulation (GDPR), which comprises rules for organizations that offer goods and services to people in the European Union (EU) or ones that collect and analyze data for EU residents regardless of where they or their organization may be located. The GDPR provides individuals with the right to manage any personal data that relates to them that has been collected by an organization. The individual can exercise these rights by lodging a Data Subject Request (DSR). The organization must respond in a timely fashion to DSRs and also perform Data Protection Impact Assessments (DPIAs).

Some of the terms and references you may encounter in relation to GDPR include the following...

Managing regulatory compliance in Microsoft Purview Compliance Manager

In this section, we will learn about Microsoft Purview Compliance Manager – first by accessing this feature and the required roles and permissions, then by viewing and implementing improvement actions, as well as the available assessments and assessment templates.

Access to Compliance Manager

Compliance Manager is accessed via the role-based access control (RBAC) model. When using Compliance Manager for the first time, it is recommended to log in as a global admin and then set the required access permissions to other users. To set the required access for Compliance Manager, complete the following steps:

  1. Log in to the Microsoft Purview compliance portal at https://compliance.microsoft.com and navigate to Permissions from the menu pane on the left:
Figure 16.1: Permissions within Microsoft Purview Compliance Manager

Figure 16.1: Permissions within Microsoft Purview Compliance Manager

  1. Under Microsoft Purview solutions, select...

Exploring Microsoft Priva

Microsoft Priva is one of the newer additions to the Microsoft Purview suite of products. Although privacy is a category of its own, strictly speaking, and not really under the banner of compliance as such, the Priva solutions are included within the Microsoft Purview compliance portal. This is an understandable decision from Microsoft considering that there is no dedicated privacy admin portal at this point in time. In the absence of a privacy admin center, Purview is the logical location for these solutions.

There are currently two Priva solutions: Privacy Risk Management and Subject Rights Requests. These solutions are not part of any existing subscription such as Microsoft 365 E5 and must be enabled as add-on licenses. First, let’s take a look at Privacy Risk Management.

Implementing privacy risk management

Microsoft Priva Privacy Risk Management allows organizations to set up policies to identify any privacy risks in their Microsoft 365...

Summary

This chapter introduced the principles of managing regulatory and privacy requirements using the features and solutions available in Microsoft Purview. We learned how to plan an organizational compliance journey in adherence to regulatory standards such as GDPR. We also learned about the capabilities of the Microsoft Purview Compliance Manager and how it can be used to work with improvement actions, assessments, and assessment templates to improve your compliance posture and score. Finally, we learned how to use Microsoft Priva to manage our privacy requirements in Microsoft 365 and how to create, manage, and edit policies to minimize and manage risks such as data exposure. We also examined how, with Subject Rights Requests, we can respond to requests from data subjects regarding any personal data that our organization may be storing about them.

The next chapter will cover the principles of managing the Insider Risk Management controls and policies in Microsoft Purview and...

Questions

  1. Which of the following is not one of the options within an assessment in Compliance Manager?
    1. Microsoft actions
    2. Controls
    3. Custom actions
    4. Your improvement actions
  2. Which of the following are available policy templates in Microsoft Priva Privacy Risk Management (choose two)?
    1. Data compliance
    2. Data management
    3. Data overexposure
    4. Data minimization
  3. True or false? Microsoft Priva Subject Rights Requests licensing must be allocated on a per-user basis:
    1. True
    2. False
  4. What should you create to batch assessments together?
    1. An improvement action
    2. A group
    3. A product
    4. A template
  5. True or false? Users with the Privacy Management role group can access all the features of Microsoft Priva:
    1. True
    2. False
  6. Which of the following are types of assessment templates (choose two)?
    1. Premium templates
    2. Included templates
    3. Standard templates
    4. Advanced templates
  7. True or false? Improvement actions can be assigned to other users to test and implement:
    1. True
    2. False
  8. How many hours can action points in an improvement...

Further reading

Please refer to the following links for more information:

lock icon
The rest of the chapter is locked
Previous Chapter
Chapter 21 of 25
Next Chapter
You have been reading a chapter from
Microsoft 365 Security, Compliance, and Identity Administration
Published in: Aug 2023Publisher: PacktISBN-13: 9781804611920
© 2023 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
undefined
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at $15.99/month. Cancel anytime

Author (1)

author image
Peter Rising

Peter Rising has over 25 years' experience in IT. He has worked for several IT solutions providers and private organizations in a variety of technical and leadership roles, with a focus on Microsoft technologies. Since 2014, Peter has specialized in the Microsoft 365 platform, focusing most recently on security and compliance in his role as a Consulting Services Manager for Insight. Peter is heavily involved in the wider Microsoft community and has been recognized by Microsoft as an MVP. He holds several Microsoft certifications, including MCSE: Productivity; Microsoft 365 Certified: Enterprise Administrator Expert; and Microsoft 365: Cybersecurity Architect Expert.
Read more about Peter Rising

Personalised recommendations for you

Based on your interests and search pattern

Designing and Implementing Microsoft Azure Networking Solutions

Designing and Implementing Microsoft Azure Networking Solutions

Designing and Implementing Microsoft Azure Networking Solutions Exam Ref AZ-700 is an all-encompassing guide to the AZ-700 exam and contains all the information you need to succeed in the world of virtual networking with Azure. With this book, you will be fully prepared for the exam and the world of cloud networking.

BookAug 2023524 pages
Microsoft 365 Security, Compliance, and Identity Administration

Microsoft 365 Security, Compliance, and Identity Administration

The Microsoft 365 Security, Compliance, and Identity Administration is a comprehensive guide that helps you employ Microsoft 365's robust suite of features and empowers you to optimize your administrative tasks.

BookAug 2023630 pages
Zero Trust Overview and Playbook Introduction

Zero Trust Overview and Playbook Introduction

Get started on Zero Trust with this step-by-step playbook and learn everything you need to know for a successful Zero Trust journey with tailored guidance for every role, covering strategy, operations, architecture, implementation, and measuring success. This book will become an indispensable reference for everyone in your organization.

BookOct 2023240 pages
The Self-Taught Cloud Computing Engineer

The Self-Taught Cloud Computing Engineer

This self-study book helps you master multiple clouds, including AWS, Azure, and GCP, and serves as a roadmap to becoming a certified cloud computing expert. The book will guide you to develop a professional cloud career by helping you build a broad cloud knowledge base, developing hands-on cloud computing skills, and getting cloud certified.

BookSep 2023472 pages
Technology Operating Models for Cloud and Edge

Technology Operating Models for Cloud and Edge

This book will help you build and create ownership of a technology operating model, as well as connect your leadership with engineering and operations, keeping your internal and external customers in mind. It provides practical tips on why, where, and how to make the cloud and edge platform paradigm sing for you, your team, and your organization.

BookAug 2023228 pages
Azure Architecture Explained

Azure Architecture Explained

Azure is the preferred platform to build mission-critical and secure apps. This book provides comprehensive coverage of essential Azure products, services, and solutions vital for every solution architect's success. Elevate your knowledge and master the critical components of Azure to excel in your role with Azure Architecture Explained.

BookSep 2023446 pages
Pentesting Active Directory and Windows-based Infrastructure

Pentesting Active Directory and Windows-based Infrastructure

This practical guide helps you explore the pentesting of Microsoft infrastructure in detail, and enhances your offensive skillset by showing you the different ways to perform security assessment. This book will help blue teamers and IT engineers get up to speed with possible security issues they may encounter in their Windows environments.

BookNov 2023360 pages
Practical Ansible

Practical Ansible

In Practical Ansible, you'll work with the latest release of Ansible and learn to solve complex issues quickly with the help of task-oriented scenarios. You'll start by installing and configuring Ansible to automate monotonous and repetitive IT tasks and get to grips with concepts such as playbooks, inventories, plugins, collections, and network modules.

BookSep 2023420 pages
Windows 11 for Enterprise Administrators

Windows 11 for Enterprise Administrators

Microsoft’s launch of Windows 11 is a step toward satisfying the enterprise administrator’s needs for better management and enhanced user experience customization. This book provides the enterprise administrator with the knowledge needed to fully utilize the advanced feature set of Windows 11 Enterprise.

BookOct 2023286 pages
The Linux DevOps Handbook

The Linux DevOps Handbook

This book is for software and IT professionals seeking knowledge on Linux systems and DevOps practices. This book will provide you with guidance and tools to learn and gain proficiency in managing Linux-based infrastructures and knowledge of DevOps.

BookNov 2023428 pages2