We have several new updates to help you achieve your compliance goals, including complying with the General Data Protection Regulation (GDPR), along with enhancements to Advanced Threat Protection, eDiscovery and Advanced Data Governance. Read on to learn more!
Achieve your compliance goals and prepare for the GDPR
Achieving organizational compliance can be very challenging. We have several new capabilities that will help you stay up-to-date with the regulations that matter to your organization – and help you define and implement the right controls to protect and manage your data.
Preparing for the GDPR
In a world where the evolution of technology and cloud innovation is democratizing data and fueling digital transformation, the increased use of personal data to deliver better customer experiences means new compliance laws – such as the General Data Protection Regulation (GDPR) – require you to better govern and manage your data. Microsoft 365 offers a comprehensive set of services to help you with GDPR compliance, and the recently announced Compliance Manager helps you assess and manage your compliance risk. To learn more about how Microsoft 365 can help accelerate your journey to compliance, watch our latest webcast.
Compliance Manager Public Preview is now available
Data protection compliance is a complicated and disjointed process – often requiring deep knowledge of regulatory standards and numerous technology solutions. To help your organization manage its compliance requirements – from a single place – we released the Compliance Manager public preview back in November. Compliance Manager enables you to perform a risk assessment of your organization's compliance with regulations and standards, such as GDPR, ISO 27001 and ISO 27018. It helps connect data protection solutions with the regulatory requirements that matter to you, as well as enabling you to evaluate Microsoft’s cloud services (such as Office 365) with detailed audit information. To simplify your compliance workflow, Compliance Manager also enables you to assign, track, record compliance-related activities, and produce detailed reports that can help you be more prepared for audit activities. Learn more about Compliance Manager here.*
Office 365 Advanced eDiscovery – Analysis of non-Office 365 data is now available
Many organizations have data that resides outside of Office 365, including legacy file shares, archives or in other cloud services, that may be relevant to an eDiscovery case. Analysis of non-Office 365 data, which was announced back in September, is now available and allows organizations to import the case-specific copy of such data into a specifically assigned Azure container and analyze it using Office 365 Advanced eDiscovery. Having one eDiscovery workflow for both Office 365 and non-Office 365 data provides organizations with the consistency they need to make defensible decisions across the entire data set of a case. Please note that in addition to Advanced eDiscovery licenses, this feature requires the purchase of the eDiscovery Storage plan for all non-Office 365 data imported into the specifically assigned Azure container for analysis by Advanced eDiscovery. The eDiscovery Storage plan comes in increments of 500GB of storage and is priced at $100 per month. Read more here.
Protect against advanced threats
Recent updates to Office 365 threat protection services helps protect your Office 365 users.
Updates to Office 365 Advanced Threat Protection (ATP)
- Expansion of ATP to additional Office 365 workloads – As announced back in September, Office 365 ATP has now expanded coverage to SharePoint Online, OneDrive for Business and Microsoft Teams, leveraging our signal strength, smart heuristics, machine learning, file detonation and reputation filters. Learn more about this significant enhancement to ATP.
- Enhanced reporting – Starting this month, Office 365 ATP will also launch powerful new reporting capabilities. Reports will now be provided in near real-time and will also include a new set of reports:
- Malware report – provides visibility into the malware families that have attacked a tenant
- Submissions report – provides a report on potentially malicious emails which have been submitted to Microsoft by end-users
- Phish report – provides information on all emails that are considered to be phishing emails
- Enhanced anti-phish capabilities – ATP is also adding several new capabilities to mitigate phish. We recently deployed new advanced anti-spoof capabilities, link detonation capabilities, brand and user anti-impersonation capabilities and new machine learning models for determining phish. Many of these updates are already live, and more are launching this month and into early 2018. Learn more of how Microsoft mitigates phish from our white paper.
Enhanced Advanced Threat Protection reporting capabilities
Office 365 Threat Intelligence – Threat Tracker
Threat Tracker provides a trend summary of different categories and indicators of threats (e.g. noteworthy, targeted, queries, etc.). The capabilities launching this month will enable you to:
- Track changes in the threat landscape for your tenant so that you can identify important changes in trends and targeted attacks (Trending Campaigns)
- For custom indicators (like senders or URLs), you can track changes in trends and get alerted when trends change (Saved/trending queries)
Join the Security, Privacy and Compliance Tech Community
If you haven’t already, join the Security, Privacy and Compliance Tech Community to further evolve your organization’s security and compliance with these capabilities – and learn and contribute to security, privacy, and compliance best practices. The Tech Community is a great resource to communicate and learn from your peers—as well as offer your insights on the growing importance of security, privacy and compliance.
*Compliance Manager is a dashboard that provides a summary of your data protection and compliance stature and recommendations to improve data protection and compliance. This is a recommendation, it is up to you to evaluate its effectiveness in your regulatory environment prior to implementation. Recommendations from Compliance Manager should not be interpreted as a guarantee of compliance.