Home
Microsoft

Announcing GA of Supervision in Office 365 Advanced Data Governance

Many organizations have the need to perform surveillance of employee communications. This need stems from internal security and compliance guidelines, or from regulatory bodies such as the FINRA. In both cases, failure to have a demonstrable supervision process in place, could potentially expose organizations to liability or severe penalties.

  

To address this need, we recently made the new Supervision feature generally available in Office 365 Advanced Data Governance. Supervision covers not just email communications, but also any 3rd-party communications streams such as Facebook, Twitter, Bloomberg, and many more.

 

Using the Supervision features, organizations can define multiple policies as befits their needs, to scope whose communications are to be reviewed, under what conditions, and by whom.  

 

  • Reviewees include individuals or groups of users.
  • Conditions include content searches, size limits, and advanced keyword query language (KQL) syntax.
  • For the reviewer, unlike other supervision solutions, Office 365 sports an innovative triaging experience right within familiar Office clients such as Outlook web app or Outlook desktop.
  • Finally, policy and reviewer activity views provide a rich set of reports.Supervision.jpg

     

Supervision is part of Office 365 Advanced Data Governance which is available as part of Office 365 E5, or the Office 365 Advanced Compliance SKU.

8 Comments

Congratulations, O365 Team.  Adding content supervision to O365 now provides the compliance officer the necessary tools for both FINRA's Rule 3110 and the SEC's Rule 203(e) regulatory compliance.    

Occasional Visitor
Supervisory module required by Compliance Managers at Financial Institutes was not available last time I checked. Any updates on the Supervisory module availability?
New Contributor

I see that Supervision is an E5 feature.  But I see it as an option in the Data Governance section of my E3 tenant.  Can you confirm whether it should be there or not?

Contributor

In the process of switching over, has anyone has to fill out any attestation or petition forms to the SEC or FINRA to switch from their current provider to EOP? We need to get a Microsoft signature that it meets the requirements before we switch. Is anyone else aware of this document? Is it available in the trust center? If, so i cannot find it. 

 

Thanks!

Microsoft

Hi Tom - Once you have validated that you need to complete these forms, work thru your account team to connect with Susan Brown from our customer experience team to get the required letters with Microsoft signature. Best, Nick

Contributor

@Nick Robinson Thanks for the response (Even though a little late), but I am back with another question. We have noticed a slight bug that is causing some pain for our compliance team. Would you or someone be able to confirm that this is expected behavior?

 

When e-mails are sent to a distribution list, the e-mail tagged for review does not indicate the employee who received the e-mail. It only shows the DL. Is there a way to see which employee(s) received the e-mail? Is this expected behavior? Or is it tracking this as it in was delivered to all DL members?

 

Thanks,

-Tom

Microsoft

Hi Tom - It might be need to understand some further details of your scenario. But at quick pass, it looks like the expected behavior is that all members of the DL would be expected to receive the email. We don't provide further visibility into recipients besides the existing DL membership. Exchange will deliver the email to right recipient per our general email execution processes. Are you thinking of a email read receipt type of functionality to verify that recipients consumed the information sent to them? If this is a longer conversation, let's find some time to discuss. 

thanks. -Nick

Contributor

@Nick Robinson So the issue here is that the DL is not within the email organization. It is an external vendor with clients that are all a member of their DL. When some of these get flagged in supervision. We have no idea who it was delivered to, other than it is in supervision. If we do an ediscovery search for the email we see the same details. The To: line has the DL name and not a user. 

 

I am all in for discussing this as it is causing some delays rolling out to production.