Forum Discussion

Cian Allner's avatar
Cian Allner
Silver Contributor
Jun 11, 2017

Divide Office 365 tenants with Compliance Boundaries

A https://products.office.com/en-us/business/office-365-roadmap?featureid=16145 on the Office 365 roadmap that's worth surfacing - Compliance Boundaries:

 

"Tenants can be divided into smaller tenants as defined by geographical boundaries or individual business units. This also includes full support of Compliance Security Filters for OneDrive for Business."

 

So rather than a monolithic approach to a tenant, it can actually be divided based on function or locales for management purposes. This can work with https://technet.microsoft.com/en-us/library/mt210915(v=exchg.160).aspx, though only OneDrive is mentioned they also apparently work with mailboxes and SharePoint Online.  

 

These filters can be used to set compliance search actions based on individuals or groups and in the future presumably, can be associated with these compliance boundaries. 

 

This sounds like a welcome feature, especially for those larger tenants spread across regions or those with particular compliance requirements.

microsoft 365
security

4 Replies

  • Mo Majad's avatar
    Mo Majad
    Copper Contributor
    Aug 24, 2017

    Hiya

    Seems like the wording of the feature has changed and does not mention "Tenants" anymore, seems like only searches and results will get boundaries not the actual data itself (via a different tenant located at a local region). Just hiding search results (if I understand this feature correctly) will not meet compliance requirements that everyone is after around data boundaries

     

    regards

    Mo

      • AndrewX's avatar
        AndrewX
        Iron Contributor
        May 12, 2022

        VasilMichev hi can I use these boundaries for administrative activity.

         

        ie, to separate US/UK/AU admin for their own users based on a country attribute.

         

        use case: I don't want my US admins modifying mailbox permissions for an AU user.

  • VasilMichev's avatar
    VasilMichev
    MVP
    Jun 12, 2017

    The compliance security filters work just fine with Exchange and SPO workloads, and they are relatively easy to set up. Although they are only avaialble via PowerShell for now.

     

    But if you are eager to test this, you can certainly configure a "compliance boundary" via compliance security filters, they are practically designed with this in mind.  They support a huge set of attributes, and you can even apply them based on the content of the document/item. Really cool stuff!