Announcing GA of Supervision in Office 365 Advanced Data Governance

Published 05-11-2017 01:56 PM 14.5K Views

January 29th, 2019 UPDATE: Please see the Use Supervision to monitor email, Microsoft Teams, manage risk, meet regulatory requirement and more...article here:


Many organizations have the need to perform surveillance of employee communications. This need stems from internal security and compliance guidelines, or from regulatory bodies such as the FINRA. In both cases, failure to have a demonstrable supervision process in place, could potentially expose organizations to liability or severe penalties.


To address this need, we recently made the new Supervision feature generally available in Office 365 Advanced Data Governance. Supervision covers not just email communications, but also any 3rd-party communications streams such as Facebook, Twitter, Bloomberg, and many more.


Using the Supervision features, organizations can define multiple policies as befits their needs, to scope whose communications are to be reviewed, under what conditions, and by whom.  


  • Reviewees include individuals or groups of users.
  • Conditions include content searches, size limits, and advanced keyword query language (KQL) syntax.
  • For the reviewer, unlike other supervision solutions, Office 365 sports an innovative triaging experience right within familiar Office clients such as Outlook web app or Outlook desktop.
  • Finally, policy and reviewer activity views provide a rich set of reports.Supervision.jpg


Supervision is part of Office 365 Advanced Data Governance which is available as part of Office 365 E5, or the Office 365 Advanced Compliance SKU.


Congratulations, O365 Team.  Adding content supervision to O365 now provides the compliance officer the necessary tools for both FINRA's Rule 3110 and the SEC's Rule 203(e) regulatory compliance.    

Occasional Visitor
Supervisory module required by Compliance Managers at Financial Institutes was not available last time I checked. Any updates on the Supervisory module availability?
Not applicable

I see that Supervision is an E5 feature.  But I see it as an option in the Data Governance section of my E3 tenant.  Can you confirm whether it should be there or not?


In the process of switching over, has anyone has to fill out any attestation or petition forms to the SEC or FINRA to switch from their current provider to EOP? We need to get a Microsoft signature that it meets the requirements before we switch. Is anyone else aware of this document? Is it available in the trust center? If, so i cannot find it. 




Hi Tom - Once you have validated that you need to complete these forms, work thru your account team to connect with Susan Brown from our customer experience team to get the required letters with Microsoft signature. Best, Nick


@Nick Robinson Thanks for the response (Even though a little late), but I am back with another question. We have noticed a slight bug that is causing some pain for our compliance team. Would you or someone be able to confirm that this is expected behavior?


When e-mails are sent to a distribution list, the e-mail tagged for review does not indicate the employee who received the e-mail. It only shows the DL. Is there a way to see which employee(s) received the e-mail? Is this expected behavior? Or is it tracking this as it in was delivered to all DL members?





Hi Tom - It might be need to understand some further details of your scenario. But at quick pass, it looks like the expected behavior is that all members of the DL would be expected to receive the email. We don't provide further visibility into recipients besides the existing DL membership. Exchange will deliver the email to right recipient per our general email execution processes. Are you thinking of a email read receipt type of functionality to verify that recipients consumed the information sent to them? If this is a longer conversation, let's find some time to discuss. 

thanks. -Nick


@Nick Robinson So the issue here is that the DL is not within the email organization. It is an external vendor with clients that are all a member of their DL. When some of these get flagged in supervision. We have no idea who it was delivered to, other than it is in supervision. If we do an ediscovery search for the email we see the same details. The To: line has the DL name and not a user. 


I am all in for discussing this as it is causing some delays rolling out to production. 

Occasional Visitor

We have been evaluating this as a replacement to Smarsh, but the policy searches are resulting in a 99.9% false positives. If we could exclude outside senders via email address and/or domain it would be more useful to us.


For those that are currently using this for SEC or FINRA, can you give some examples of the policies you are using?

Topry we are getting ready to launch in the coming month a significant update to our supervision solution, that will include the ability to filter out domains and use custom lexicons as conditions (for instance "insider information"), see a sneak peek in this video from last September:

Version history
Last update:
‎Jan 29 2019 11:20 AM
Updated by: