Microsoft 365 Compliance Solutions

Leave a Comment / By / February 28, 2023

Compliance solutions in Microsft 365 are collections of integrated capabilities you can use to help you manage end to end compliance scenario.

A solution’s capabilities and tools might include a combination of policies, alerts, reports, and more

The solution catalog is organised into sections that contain information cards for each compliance solution available in your Microsoft 365 subscription. Each section contains cards for solution grouped by compliance.

When you select view for a solution card, you will see detailed information about the compliacne solution and how to get started. The information includes an overview, pre-configuration requirements, learning resources controls that allow you to pin the card to the navigation pane, and an option to share the solution as a link, email, or Microsoft Teams Message.

Compliance Concepts

Govrnment agencies and industry groups have issued regulations to help protect and govern the use of data. Organisations can be accountable for meeting dozens of regulations ranging from persona and financial information to data protection and privacy.

Data Residency regulations govern the physical locations, where data can be stored, as well as how and when it can be transferred, processed, or accessed internatinoally. These regulations can differ significantly depending on jurisdiction.

  • Ensures customers can access diagnostic, service-generated, and support data, and can manage access to their own data
  • Microsoft protects customer data from unauthorised access, and handles challenges from government requests and other third-party orders.
  • Provides tools customers can use to restrict, protect, and encrypt data at rest, in transit, and in some cases, in use.
  • Enforce strict policies and practices that Microsoft follows for the retention and deletion of customer data.

Data Sovereighnty: The concept that data, particularly personal data, is subject to the laws and regulations of the country/region in which it is physically collected, held, or processed. This can complicate compliance because the same piece of data can be collected in one location, stored in another, and proecessed in another, making it subject to laws from different countries and regioins.

Data Privacy: Providing notice and being transparent about the collection, processing, use, and sharing of personal data are fundamnetal principles of privacy laws and regulations.

  • Personal data means any information relating to an identified or identifiable natural person
  • Privacy laws previously referenced “Pil” or “personally identifiable information “, but the laws have expanded the definition to any data that is directly linked or indirectly linkable back to person.
  • Organisations are subject to, and must operate consistent with, a multitude of laws, reguations, codes of conduct, industry specific standards, and compliance standards governing data privacy.

Microsoft Purview information protection

Microsoft Purview Information Protection (MPIP) is a colleciton of features within Microsoft Purview (formally Microsoft 365 Compliance) to help you discover, classify, and protect sensitive information wherever it lives or travels. MPIP capablilities are

  • Know your data
  • Protect your data
  • Prevent data loss
  • Govern your data

Know your data

Understand your data landscape and identify important data across your hybrid environment.

  • Sensitive Information type: Identifies sensitive data by using built in or custom regular expression or a function. Corroborative evidence includes keywords, confidence levels, and proximity. One example is built-in sensitive lables.
  • Trainable classifieres: Identifies sensitive data by using examples of the data you are interested in rather than identifying elements in the item (pattern matching). You can use built in classifiers or train a classifer with your own content. One example is trainable classifiers
  • Data classification: A graphical identification of items in your organisation that have a sensitivity label, a retention label, or have been classified. You can use this informatoin to gain insights into the actions that your users are taking on these items for example, Content explorer.

Protect your data

Apply flexible protection actions that include encryption, access restriciton, and visual markings.

  • Sensitivity laebles
  • Azure information protection unified labeling client
  • Double Key Encryption
  • Office 365 Message Encryption (OME)
  • Service Encryption with customer key
  • Sharepoint information Rights Management. (IRM)
  • Rights Management connector
  • Azure information Protection unified labeling scanner
  • Microsoft Defender for Cloud Apps
  • Microsoft information Protection SDK

Prevent data loss

Prevents accidental oversharing of sensitive information

  • Microsoft Purview Data loss prevention (DLP)
  • Endpoint data loss prevention
  • Microsoft Compliance Extension Chrome Extension
  • Microsoft Purview data loss prevention on premise scanner
  • Protect Sensitive information in Microsoft Teams chat and channel messages

Microsoft Purvew Data Lifecycle Management (formally Microsoft Information Governance)

Microsoft Purview Data lifecycle Management is a collection of features to govern you data for compliance or regulatory

Microsoft Purview Data Lifecycle Management

To keep what you need and delete what you don’t need

  • Retention policies and retention labels
  • Inactive mailboxes
  • Archive mailboxes
  • Import service for PST files

Microsoft Purview. Records Management

Manage high-value items for business, legal or regulatory record keeping requirements.

  • File Plan
  • Retention labels for individual items, retension policies. If needed for baseline retention
  • Disposition review and proof of disposition

Data Classsification Capabilities

Sensitive information types are classifications (categories) of data by sensitivity. They have patterns that can be used to identify them. Within Microsoft Purview data Classification, you get a breakdown of the distribution of sensitive info types.

Types are identified based on regular expression (regex) or a function. There are hundreds of built in information types

  • Credit card numbers
  • Passport or identification numbers
  • Bank account numbers
  • Health service numbers
  • IP address
  • Azure storeate account key
  • Driver’s license number

Sensitive information types are used in

  • Data loss prevention policies
  • Sensitivity labels
  • Retention labels
  • Insider risk management
  • Communication compliance
  • Auto labeling policies

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top