Discover and Manage Communication Risks with Communication Compliance
Published Nov 02 2021 08:00 AM 9,673 Views
Microsoft

Do you know when you’re expected to return to the office? This fall, we’ve seen many organizations push their date back or in some cases, delay it indefinitely. Regardless of when we return, we can expect more flexibility with our work location, workdays in the office, and even work hours. Many companies worldwide have announced plans for hybrid work, meaning that digital communications will continue to proliferate, even as we start to move out of the pandemic.

 

While organizations seek out technology like Microsoft Teams to empower employees to do their best work in this environment, they also need to manage risk in communications to protect company assets and flag sharing of concerning content such as adult imagery or threatening language. Communication Compliance helps organizations detect these types of code of conduct violations as well as regulatory compliance requirements within company communications, with as little disruption possible to the business.

 

Back in July, we released several new features that further enrich Communication Compliance's review experience, making it easier to investigate and remediate communication risks.

 

Today, we are excited to announce new capabilities in public preview that enrich Communication Compliance, including recommended policy actions, deeper integration with Microsoft Teams, advanced reporting capabilities, additional language support, and richer onboarding to make it easier to get started. For all the new features highlighted below, we continue our commitment to end-user privacy, with privacy built-in by design, including pseudonymization, role-based access control, admin explicit opt-in of users, and audit trails. For more information about permissions, see here.

 

Discover risks you may not be aware of 

How can I tell which communications may expose my organization to potential areas of risk? Which policies should I enable? Where should I begin? That’s what many organizations struggle to answer when starting their insider risk practice. Available this month, Recommended policy actions helps organizations discover trends that they may not be aware of, like harassment, threats, or sharing of sensitive information. Insights for both sensitive information types and machine learning classifiers are designed to help organizations holistically set up parameters for internal governance by identifying potential areas of risk and determining the type and scope of communication policies to be configured.

 

Recommended policy actions displays the aggregate number of matches per classification type, with none of the insights containing any personally identifiable information.

 

View of Day Zero Insights, detecting messages that include sensitive info types.View of Day Zero Insights, detecting messages that include sensitive info types.

 

Deeper Microsoft Teams and compliance integration 

As Microsoft Teams continues to evolve as a center for collaboration and teamwork, organizations face a heightened risk of regulatory compliance and code of conduct violations. We have made several new Teams investments to detect these risks beyond the traditional text-based messages, as they occur in shared content or over shared channels. We are rolling out the ability to analyze the content of modern attachments, such as content shared in links to OneDrive and SharePoint that are sent over Teams.

 

Many of our customers leverage Teams Data Loss Prevention (DLP) to block messages based on content (what the data is) and the context (where the action is taking place). To help augment their data protection approach, we are excited to announce that we are surfacing Communication Compliance within the DLP workflow, with the ability to apply DLP policy insights to your insider risk practice to better identify user behavior and intent. Customers will now be directed to configure a relevant policy in Communication Compliance at the end of the Data Loss Prevention policy configuration flow.

 

Advanced reporting and investigation capabilities 

We have advanced the solution’s reporting capabilities with the introduction of the Review Activity Summary. This report provides a comprehensive summary of all activities and actions that have occurred against a policy, such as date sent, date flagged, reviewed by, message reconciliation, etc. By providing visibility into policy review activity, this report can help fulfill regulatory compliance obligations and can help organizations better track the status and progress for unresolved policy violations.

 

View of Review Activity Summary report.View of Review Activity Summary report.

 

We are also introducing several enhancements to tagging in the investigation and remediation flow. In the event that an investigator resolves a message too quickly or incorrectly, they are now able to provide justification to unresolve the message so that they can take different remediation actions. Additionally, we added a column to the investigation view that shows message tags, facilitating easier review. 

 

Additional visibility 

To expand the ability to detect policy violations in communications beyond English, French, Spanish, German, Portuguese, Italian, Japanese, and Chinese, Communication Compliance now enables customers to detect threats, harassment, and profanity in Arabic, Dutch, Korean, and Chinese Traditional.

 

We have also continued to invest to enable a rich ecosystem on non-Microsoft solutions, providing a more complete end-to-end solution for organizations. In addition to scoping policies to Microsoft 365 locations, such as Exchange, Teams, Skype, and Yammer, we are also extending the value of Communication Compliance by working with two new partners, 17a-4 LLC and CellTrust, to provide many more non-Microsoft data connectors. Learn more about data connectors here.

 

Violation detection improvements 

We have also made global feedback loop generally available. Global feedback loop allows investigators to submit feedback directly to Microsoft on misclassified policy matches, for the purposes of effectively retraining and improving the detection algorithm. Thanks to the customer feedback we received during public preview of this feature, we have already seen tremendous quality improvements around our machine learning models.

 

Easy to get started 

From an onboarding perspective, we are excited to announce our in-product getting starting videos, which will help organizations get on the right track to detect risks across communication channels. These videos will provide step-by-step guidance on how to properly configure, triage and remediate policies, highlighting tasks that are heavily leveraged by a user’s role group.  

We have also released new documentation that provides guidance on various configurations, including: 

 

  • Interactive Guide: In this interactive guide, you'll learn how to minimize communication risks with Communication Compliance, with step-by-step guidance on how to create policies, investigate policy violations, and escalate compliance issues for remediation. 
  • SIEM Integration Guide: Security information and event management (SIEM) solutions such as Azure Sentinel or Splunk are commonly used to aggregate and track threats within an organization. Learn how to integrate Communication Compliance with SIEM solutions so that you can view Communication Compliance alerts in your SIEM and then remediate alerts within the Communication Compliance workflow and user experience. 
  • Financial Services Industry Playbook: There are several regulatory compliance regulations, such as SEC 17a-4, that require organizations to produce evidence to substantiate supervision controls. This guide provides a set of guiding principles and best practice use cases for Communication Compliance to address regulatory compliance obligations. 

Read our most recent TD Securities customer story 

IT specialists at TD Securities were focused on providing a highly secure and compliant infrastructure built around Microsoft 365 Communication Compliance. That would enable and underpin subsequent adoption of the latest technologies for enhanced communication and collaboration across all business units. Key to that adoption effort has been migration from an earlier environment with Skype, SharePoint, and third-party applications to a consolidated infrastructure featuring Microsoft Teams, a process accelerated by the recent pandemic. Learn more here.

 

Compliance Trial 

We are happy to share that there is now an easier way for you to try Microsoft compliance solutions directly in the Compliance Admin Center. By enabling the trial in the Compliance center, you can quickly start using all capabilities of Microsoft Compliance, including Insider Risk Management, Records Management, Advanced Audit, Advanced eDiscovery, Communication Compliance, Microsoft Information Protection, Data Loss Prevention, and Compliance Manager.

 

This trial is currently rolling out to tenants worldwide. Learn more here.

 

Get Started  

These new features in Communication Compliance have already rolled out or will start rolling out to customer tenants in the coming weeks. Communication Compliance is part of a broader set of Insider Risk Management solutions that help organizations mitigate insider risks and policy violations in Microsoft 365 E5. The solution is also generally available across government clouds, supported in GCC, GCC-High, and DoD tenants.

 

You can sign up for a trial of Microsoft 365 E5 or navigate to the Microsoft 365 Compliance Center to get started today.  

 

Learn more about what’s new with Communication Compliance and how to get started and configure policies in your tenant in this supporting documentation. We look forward to hearing your feedback. 

 

Thank you,  

@Liz Willets, Product Marketing Manager, Microsoft 365 Security and Compliance Marketing  

@Christophe Fiessinger, Principal Program Manager, Microsoft 365 Security and Compliance Engineering 

Co-Authors
Version history
Last update:
‎Sep 12 2022 11:02 AM
Updated by: