**Communication Compliance is a solution in Microsoft Purview. Some assets and past recordings may refer to it as Communication Compliance in Microsoft 365 or in Microsoft Compliance; these all refer to the same solution. **
** Updated June 2023 **
In this Ninja page, we share the top resources for Communication Compliance users to become more proficient with the Microsoft Purview Communication Compliance solution. For official documentation please check http://aka.ms/CommunicationCompliance.
We are very excited and pleased to announce this rendition of the Ninja Training Series. There are several videos and resources out there and the overall purpose of the Communication Compliance Ninja training is to help you get the relevant resources to get started and become more proficient in this area.
After each section, there will be a knowledge check based on the training material you’ve just finished! Since there’s a lot of content, the goal of these knowledge checks is to help you determine if you were able to get a few of the major key takeaways.
Lastly, this training will be updated on a semi annual basis to ensure you all have the latest and greatest material! We are continuously delivering product updates and thus you should check both the public roadmap and message center posts to stay up to date.
Let us know what you think below in the comments!
Latest Communication Compliance blog – https://aka.ms/communicationcomplianceblog
|Docs on Microsoft
|Blogs on Microsoft
|⤴ External Sites
With the shift towards a hybrid work environment, organizations seek out technology like Microsoft Teams to empower their employees to do their best work digitally. At the same time, organizations also need to manage risk in communications to help detect regulatory compliance violations (e.g. SEC or FINRA), such as sensitive or confidential information, harassing or threatening language, and sharing of adult content. With a solution that is built with privacy in mind.
In a Microsoft Market research study done in May 2021, 60% of information workers stated that detection of offensive language would boost company morale. It also stated that 74% of organizations are likely to adopt risk detection models for Insider trading, offensive content, and bribery. In addition to that customers tell us they need to reduce blind spots around data security risks introduced by these new ways of working. As hybrid work becomes the norm across enterprises, fewer internal reports of compliance violations during the same timeframe suggests risks may be going unreported at larger scale. According to Gartner® research, in 2020 and 2021 compliance teams learned of about 31 fewer instances of potential violations per 1,000 employees than in 2018 and 2019, before the COVID-19 pandemic massively accelerated remote and hybrid work transformations.
Corporate communication channels continue to proliferate as a result of hybrid collaboration and engagement with customers across multiple mediums and devices. This has also resulted in regulatory agencies, such as the Securities and Exchange Commission (SEC), shifting their regulatory requirements to include work-related communications on all devices and platforms. With stronger enforcement stances and increases in communication volume across platforms, organizations are finding it difficult to sift through volumes of communications to help meet regulatory compliance requirements. These elevated compliance standards also result in higher fines. For example, in the United States, the SEC imposed $1.8B in fines on Wall Street firms because employees violated communication requirements by discussing business matters using personal devices and text messages.
Ready for the Why do I need Communication Compliance knowledge check?
Protecting sensitive information and detecting potential risky incidents is an important part of compliance with regulatory, internal policies and organization standards. Communication Compliance helps minimize these risks by helping you quickly detect, capture, and take remediation actions for Microsoft Teams communications, email, Viva Engage (Yammer), and even non-Microsoft communications. These include helping organizations detect potential business conduct and regulatory compliance violations, such as sensitive or confidential information, harassing or threatening language, and sharing of adult content being shared over communications both inside and outside of your organization. Protecting the privacy of users that have policy matches is important and can help promote objectivity in data investigation and analysis reviews for communication compliance alerts. That is why Communication Compliance allows for pseudonymized users, allows you to control who can review policy matches and set up role-based controls.
Ready for the Overview knowledge check?
This section will focus on considerations and tasks for a successful deployment, setup, and investigation of Communication Compliance, including licensing requirements, user permissions, audit log configuration, and policy configuration. Once you have the licensing, permissions, and audit logs configured, you can create a Communication Compliance policy. Communication Compliance policies allow you to scope which communication locations and users are subject to review in your organization, define which custom conditions the communications must meet for further review, and specify who should be reviewing the policy violations.
After you've configured your Communication Compliance policies, you'll start to receive alerts in the Microsoft Purview compliance portal for messages that match your policy conditions. Alerts are reviewed by individuals who you assign as analyst or investigator and have been explicitly assigned to a policy. These users review the alerts and take the appropriate remedial actions such as sending a notification to the user, removing a message from Teams, escalating to another reviewer, or in severe cases, creating a Microsoft Purview eDiscovery (Premium) case for possible legal action.
We are happy to share that there is now an easier way for you to try Microsoft Purview solutions directly in the Microsoft Purview compliance portal with a free trial (an active Microsoft 365 E3 subscription is required as a prerequisite). By enabling the trial in the compliance portal, you can quickly start using all capabilities of Microsoft Purview, including Insider Risk Management, Communication Compliance, Records Management, Audit, eDiscovery, Information Protection, Data Lifecycle Management, Data Loss Prevention, and Compliance Manager.
Ready for the Getting Started knowledge check?
Communication Compliance allows you to analyze communications for data imported into mailboxes across Microsoft and non-Microsoft sources, like Instant Bloomberg, Slack, Zoom, SMS/MMS, and many others. You must configure a third-party connector before you can assign the connector to a Communication Compliance policy.
Communication Compliance can ingrate with other tools such as Microsoft Insider Risk Management which can allow your look at a much larger risk profile beyond just communication, security incident and event management (SIEM) integration using the Office 365 Management APIs or PowerAutomate, which can be configured to take repeatable actions as part of the remediation process. You may also identify trends in Communication Compliance that you want to block or take more proactive action on using Microsoft Purview Data Loss Prevention. Communication Compliance can utilize the same sensitive information types that can be used across Microsoft Purview solutions such as Data Loss Prevention, Information Protection, Information Governance, and others. If the policy match warrants further investigation, then you can escalate the policy violations seamlessly from Communication Compliance to an eDiscovery (Premium) case for deeper legal review or action.
Ready for the Integrating with other tools knowledge check?
With the conditions you have in Communication Compliance policies and the flexibility you have with sensitive information types, you can work to fine-tune your policies and reduce false positives. You can also provide feedback on the trainable classifiers models to help improve their accuracy.
Ready for the Fine-tuning of your conditions knowledge check?
Communication Compliance has a central reporting area for viewing all Communication Compliance reports. Report widgets provide a quick view of insights most needed for an overall assessment of the status of Communication Compliance activities such as recent policy matches and policy with most matches. Detailed reports provide in-depth information related to specific Communication Compliance areas and offer the ability to filter, group, sort, and export information while reviewing.
For more custom reporting to meet your audit or reporting needs customers can also run and export per policy detailed reports.
In some instances, you must provide information to regulatory or compliance auditors to prove supervision of user activities and communications. This information may be a summary of all activities associated with a defined organizational policy, anytime a Communication Compliance policy has been updated or settings have been changed. Communication Compliance policies have built-in audit trails for internal or external audits. Detailed audit histories of every create, edit, and delete action are captured by your communication policies to provide proof of supervisory procedures.
Ready for the Reporting and auditing knowledge check?
Once you’ve finished the training and the knowledge checks, please go to our attestation portal to generate your certificate; you'll see it in your inbox within 3-5 business days.
 Gartner, Encouraging Reporting in a Hybrid World: Building a Reporting Value Proposition, 29 June 2022
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.