Become a Communication Compliance Ninja
Published Apr 19 2022 10:00 AM 5,071 Views
Microsoft

Become a Communication Compliance Ninja

Patrick_David_0-1650650581705.png

**Communication Compliance is a solution in Microsoft Purview. Some assets and past recordings may refer to it as Communication Compliance in Microsoft 365 or in Microsoft Compliance; these all refer to the same solution. **

 

** Updated Nov 2022 **

 

In this Ninja page, we share the top resources for Communication Compliance users to become more proficient with the Microsoft Purview Communication Compliance solution.  For official documentation please check http://aka.ms/CommunicationCompliance

 

We are very excited and pleased to announce this rendition of the Ninja Training Series. There are several videos and resources out there and the overall purpose of the Communication Compliance Ninja training is to help you get the relevant resources to get started and become more proficient in this area. 

  

After each section, there will be a knowledge check based on the training material you’ve just finished! Since there’s a lot of content, the goal of these knowledge checks is to help you determine if you were able to get a few of the major key takeaways.  

  

Lastly, this training will be updated on a quarterly basis to ensure you all have the latest and greatest material! We are continuously delivering product updates and thus you should check both the public roadmap and message center posts to stay up to date.

 

Let us know what you think below in the comments!

 

Latest Communication Compliance blog – https://aka.ms/communicationcomplianceblog  

 

Legend:

Patrick_David_0-1649769151968.png Product videos Patrick_David_1-1649769152003.png Webcast recordings Patrick_David_2-1649769152004.png Tech Community
Patrick_David_3-1649769152005.png Docs on Microsoft Patrick_David_4-1649769152005.png Blogs on Microsoft Patrick_David_5-1649769152006.png GitHub
Patrick_David_34-1649773893525.png New items Patrick_David_6-1649769152007.png Interactive guides Patrick_David_32-1649773418716.png Learning path
⤴ External Sites    

 

Why do I need Communication Compliance?

With the shift towards a hybrid work environment, organizations seek out technology like Microsoft Teams to empower their employees to do their best work digitally. At the same time, organizations also need to manage risk in communications to help detect regulatory compliance violations (e.g. SEC or FINRA), such as sensitive or confidential information, harassing or threatening language, and sharing of adult content. With a solution that is built with privacy in mind.

 

In a Microsoft Market research study done in May 2021, 60% of information workers stated that detection of offensive language would boost company morale. It also stated that 74% of organizations are likely to adopt risk detection models for Insider trading, offensive content, and bribery. In addition to that customers tell us they need to reduce blind spots around data security risks introduced by these new ways of working. As hybrid work becomes the norm across enterprises, fewer internal reports of compliance violations during the same timeframe suggests risks may be going unreported at larger scale. According to Gartner® research, in 2020 and 2021 compliance teams learned of about 31 fewer instances of potential violations per 1,000 employees than in 2018 and 2019, before the COVID-19 pandemic massively accelerated remote and hybrid work transformations[1].

 

Ready for the Why do I need Communication Compliance knowledge check?

 

Overview

Protecting sensitive information and detecting potential risky incidents is an important part of compliance with regulatory, internal policies and organization standards. Communication Compliance helps minimize these risks by helping you quickly detect, capture, and take remediation actions for Microsoft Teams communications, email, Yammer, , and even non-Microsoft communications. These include helping organizations detect potential business conduct and regulatory compliance violations, such as sensitive or confidential information, harassing or threatening language, and sharing of adult content being shared over communications both inside and outside of your organization. Protecting the privacy of users that have policy matches is important and can help promote objectivity in data investigation and analysis reviews for communication compliance alerts. That is why Communication Compliance allows for pseudonymized users, allows you to control who can review policy matches and set up role-based controls.

 

Ready for the Overview knowledge check?

 

Getting Started

This section will focus on considerations and tasks for a successful deployment, setup, and investigation of Communication Compliance, including licensing requirements, user permissions, audit log configuration, and policy configuration. Once you have the licensing, permissions, and audit logs configured, you can create a Communication Compliance policy. Communication Compliance policies allow you to scope which communication locations and users are subject to review in your organization, define which custom conditions the communications must meet for further review, and specify who should be reviewing the policy violations. 

 

After you've configured your Communication Compliance policies, you'll start to receive alerts in the Microsoft Purview compliance portal for messages that match your policy conditions. Alerts are reviewed by individuals who you assign as analyst or investigator and have been explicitly assigned to a policy. These users review the alerts and take the appropriate remedial actions such as sending a notification to the user, removing a message from Teams, escalating to another reviewer, or in severe cases, creating a Microsoft Purview eDiscovery (Premium) case for possible legal action.

 

We are happy to share that there is now an easier way for you to try Microsoft Purview solutions directly in the Microsoft Purview compliance portal with a free trial (an active Microsoft 365 E3 subscription is required as a prerequisite). By enabling the trial in the compliance portal, you can quickly start using all capabilities of Microsoft Purview, including Insider Risk Management, Communication Compliance, Records Management, Audit, eDiscovery, Information Protection, Data Lifecycle Management, Data Loss Prevention, and Compliance Manager. 

 

Ready for the Getting Started knowledge check?

 

Detecting potential violations of non-Microsoft Communications

Communication Compliance allows you to analyze communications for data imported into mailboxes across Microsoft and non-Microsoft sources, like Instant BloombergSlackZoom, SMS/MMS, and many others. You must configure a third-party connector before you can assign the connector to a Communication Compliance policy.

 

Ready for the Detecting Violation on non-Microsoft communications knowledge check?

 

Integrating with other tools

Communication Compliance can ingrate with other tools such as Microsoft Insider Risk Management which can allow your look at a much larger risk profile beyond just communication, security incident and event management (SIEM) integration using the Office 365 Management APIs or PowerAutomate, which can be configured to take repeatable actions as part of the remediation process. You may also identify trends in Communication Compliance that you want to block or take more proactive action on using Microsoft Purview Data Loss Prevention. Communication Compliance can utilize the same sensitive information types that can be used across Microsoft Purview solutions such as Data Loss Prevention, Information Protection, Information Governance, and others.  If the policy match warrants further investigation, then you can escalate the policy violations seamlessly from Communication Compliance to an eDiscovery (Premium) case for deeper legal review or action.

 

Ready for the Integrating with other tools knowledge check?

 

Fine-tuning your conditions

With the conditions you have in Communication Compliance policies and the flexibility you have with sensitive information types, you can work to fine-tune your policies and reduce false positives. You can also provide feedback on the trainable classifiers models to help improve their accuracy.

 

Ready for the Fine-tuning of your conditions knowledge check?

 

Reporting and Auditing

Communication Compliance has a central reporting area for viewing all Communication Compliance reports. Report widgets provide a quick view of insights most needed for an overall assessment of the status of Communication Compliance activities such as recent policy matches and policy with most matches. Detailed reports provide in-depth information related to specific Communication Compliance areas and offer the ability to filter, group, sort, and export information while reviewing.

 

For more custom reporting to meet your audit or reporting needs customers can also run and export per policy detailed reports. 

 

In some instances, you must provide information to regulatory or compliance auditors to prove supervision of user activities and communications. This information may be a summary of all activities associated with a defined organizational policy, anytime a Communication Compliance policy has been updated or settings have been changed. Communication Compliance policies have built-in audit trails for internal or external audits. Detailed audit histories of every create, edit, and delete action are captured by your communication policies to provide proof of supervisory procedures.

 

Ready for the Reporting and auditing knowledge check?

 

Additional Resources

  1. Microsoft 365 Roadmap: Roadmap of upcoming features and changes.
  2. Message Center: Notifications and details of updated changes to Microsoft 365 
  3. What is new in Microsoft Purview
  4. Tech Community – Security and Compliance: Blogs, community forums, and more
  5. Communication Compliance feedback portal 

 

[1] Gartner, Encouraging Reporting in a Hybrid World: Building a Reporting Value Proposition, 29 June 2022

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

1 Comment
Version history
Last update:
‎Nov 29 2022 11:54 AM
Updated by: