Compliance solutions in Microsft 365 are collections of integrated capabilities you can use to help you manage end to end compliance scenario.
A solution’s capabilities and tools might include a combination of policies, alerts, reports, and more
The solution catalog is organised into sections that contain information cards for each compliance solution available in your Microsoft 365 subscription. Each section contains cards for solution grouped by compliance.
When you select view for a solution card, you will see detailed information about the compliacne solution and how to get started. The information includes an overview, pre-configuration requirements, learning resources controls that allow you to pin the card to the navigation pane, and an option to share the solution as a link, email, or Microsoft Teams Message.
Govrnment agencies and industry groups have issued regulations to help protect and govern the use of data. Organisations can be accountable for meeting dozens of regulations ranging from persona and financial information to data protection and privacy.
Data Residency regulations govern the physical locations, where data can be stored, as well as how and when it can be transferred, processed, or accessed internatinoally. These regulations can differ significantly depending on jurisdiction.
- Ensures customers can access diagnostic, service-generated, and support data, and can manage access to their own data
- Microsoft protects customer data from unauthorised access, and handles challenges from government requests and other third-party orders.
- Provides tools customers can use to restrict, protect, and encrypt data at rest, in transit, and in some cases, in use.
- Enforce strict policies and practices that Microsoft follows for the retention and deletion of customer data.
Data Sovereighnty: The concept that data, particularly personal data, is subject to the laws and regulations of the country/region in which it is physically collected, held, or processed. This can complicate compliance because the same piece of data can be collected in one location, stored in another, and proecessed in another, making it subject to laws from different countries and regioins.
Data Privacy: Providing notice and being transparent about the collection, processing, use, and sharing of personal data are fundamnetal principles of privacy laws and regulations.
- Personal data means any information relating to an identified or identifiable natural person
- Privacy laws previously referenced “Pil” or “personally identifiable information “, but the laws have expanded the definition to any data that is directly linked or indirectly linkable back to person.
- Organisations are subject to, and must operate consistent with, a multitude of laws, reguations, codes of conduct, industry specific standards, and compliance standards governing data privacy.
Microsoft Purview information protection
Microsoft Purview Information Protection (MPIP) is a colleciton of features within Microsoft Purview (formally Microsoft 365 Compliance) to help you discover, classify, and protect sensitive information wherever it lives or travels. MPIP capablilities are
- Know your data
- Protect your data
- Prevent data loss
- Govern your data
Know your data
Understand your data landscape and identify important data across your hybrid environment.
- Sensitive Information type: Identifies sensitive data by using built in or custom regular expression or a function. Corroborative evidence includes keywords, confidence levels, and proximity. One example is built-in sensitive lables.
- Trainable classifieres: Identifies sensitive data by using examples of the data you are interested in rather than identifying elements in the item (pattern matching). You can use built in classifiers or train a classifer with your own content. One example is trainable classifiers
- Data classification: A graphical identification of items in your organisation that have a sensitivity label, a retention label, or have been classified. You can use this informatoin to gain insights into the actions that your users are taking on these items for example, Content explorer.
Protect your data
Apply flexible protection actions that include encryption, access restriciton, and visual markings.
- Sensitivity laebles
- Azure information protection unified labeling client
- Double Key Encryption
- Office 365 Message Encryption (OME)
- Service Encryption with customer key
- Sharepoint information Rights Management. (IRM)
- Rights Management connector
- Azure information Protection unified labeling scanner
- Microsoft Defender for Cloud Apps
- Microsoft information Protection SDK
Prevent data loss
Prevents accidental oversharing of sensitive information
- Microsoft Purview Data loss prevention (DLP)
- Endpoint data loss prevention
- Microsoft Compliance Extension Chrome Extension
- Microsoft Purview data loss prevention on premise scanner
- Protect Sensitive information in Microsoft Teams chat and channel messages
Microsoft Purvew Data Lifecycle Management (formally Microsoft Information Governance)
Microsoft Purview Data lifecycle Management is a collection of features to govern you data for compliance or regulatory
Microsoft Purview Data Lifecycle Management
To keep what you need and delete what you don’t need
- Retention policies and retention labels
- Inactive mailboxes
- Archive mailboxes
- Import service for PST files
Microsoft Purview. Records Management
Manage high-value items for business, legal or regulatory record keeping requirements.
- File Plan
- Retention labels for individual items, retension policies. If needed for baseline retention
- Disposition review and proof of disposition
Data Classsification Capabilities
Sensitive information types are classifications (categories) of data by sensitivity. They have patterns that can be used to identify them. Within Microsoft Purview data Classification, you get a breakdown of the distribution of sensitive info types.
Types are identified based on regular expression (regex) or a function. There are hundreds of built in information types
- Credit card numbers
- Passport or identification numbers
- Bank account numbers
- Health service numbers
- IP address
- Azure storeate account key
- Driver’s license number
Sensitive information types are used in
- Data loss prevention policies
- Sensitivity labels
- Retention labels
- Insider risk management
- Communication compliance
- Auto labeling policies