Elevating communication compliance with Microsoft Purview
Published Oct 10 2023 08:00 AM 7,280 Views
Microsoft

Amid a digitally driven business landscape that’s shaped by technology fusion and hybrid work models, the spotlight on communication compliance shines brighter than ever. Intensified by strict regulations and pervasive cross-platform communication, organizations are navigating a vast amount of data to satisfy communication compliance mandates. These heightened compliance standards also lead to increased penalties. For example, in 2022 the United States Securities and Exchange Commission imposed a combined $1.8 billion in fines on investment banking firms because employees had violated communication requirements by discussing business matters using company apps on personal devices.[1]

To avoid similar penalties and adhere to regulations, organizations need a solution that fosters safety and compliance across all communication channels. With Microsoft Purview Communication Compliance, organizations can swiftly detect, capture, and remediate potential risks. This comprehensive solution works seamlessly across your communication platforms, including Microsoft Teams, Microsoft Viva Engage, Microsoft Exchange email, and even applications like Instant Bloomberg.™ We’re continually adding new capabilities, helping you establish secure, compliant communication across your organization. Microsoft Purview Communication Compliance identifies a diverse range of inappropriate content as defined by customer policies, including text-based concerns (such as harassment, threats, and discrimination), visual elements (such as adult and other prohibited imagery), sensitive information (such as names, medical records, and passwords), and potential instances of fraud (such as gifts, entertainment, and money laundering). It identifies potential policy matches in both internal and external communications and raises review flags. Designated reviewers within your organization then review the communications and align them with your message standards—enhancing consistency and accountability.


Designed with privacy in mind, Microsoft Purview Communication Compliance adopts pseudonymized usernames by default, supported by role-based access controls. Investigators, overseen by administrators, contribute to privacy assurance while audit logs ensure user-level privacy.


In this blog, we unveil the following three new features for Microsoft Purview Communication Compliance:

  • Reporting for inappropriate posts and comments within Viva Engage
  • Adaptive detection for sensitive information types (SITs)
  • Policy scope recommendations and insights

Together, these features enhance your ability to navigate the intricate and evolving landscape of communication compliance. Let’s delve deeper into each of these features.

 

Reporting inappropriate content within Viva Engage

Microsoft Purview Communication Compliance uses built-in machine learning classifiers and keywords to identify and remediate inappropriate conduct, as well as implement regulatory compliance detection within Viva Engage. As part of our layered compliance defense, Viva Engage users can now report inappropriate conduct and concerning posts within Viva Engage conversations.

 

Designated investigators with the appropriate role-based access control permissions can review reported posts and take action if required (Figure 1). During the review process, designated investigators can perform standard remediation actions. This helps foster a community-driven commitment to maintaining a respectful and productive communication environment.

 

Figure 1: Reviewing pending inappropriate posts in the Microsoft Purview Communication Compliance portalFigure 1: Reviewing pending inappropriate posts in the Microsoft Purview Communication Compliance portal

Adaptive detection of sensitive information

In Microsoft Purview Communication Compliance, you can include SITs (such as credit card numbers and passport numbers) as part of your communication compliance policy configuration. Built-in classifiers use a combination of AI and keywords to inspect across all communication channels for configured SITs.

 

To help your organization address regulatory compliance requirements, Microsoft Purview Communication Compliance now detects inappropriate sharing of the following advanced SITs:

 

  • Named entities: These are complex dictionary- and pattern-based classifiers that detect a person’s full name, physical addresses, and medical terms and conditions (such as blood test terms and brand medication names).
  • Credentials: These are sign-in credentials and passwords for all supported services and environments (such as Microsoft Azure, Amazon, GitHub, Google, and Slack).
  • Exact data match: This allows you to create a custom SIT that refers to exact values in a database of sensitive information.

 

These new SITs will be available to designated administrators during policy configuration. Administrators can access them in the Microsoft Purview Communication Compliance portal (Figure 2).

 

Figure 2: SITs in the Microsoft Purview Communication Compliance policy condition builderFigure 2: SITs in the Microsoft Purview Communication Compliance policy condition builder

Policy scope insights and recommendations

Creating a communication compliance policy involves formulating rules for communications and defining specific users who are subject to review within your organization. However, this approach can occasionally lead to overlooked policy matches from other users. Consequently, potential violations might be missed due to policy scoping constraints.

To address this, Microsoft Purview Communication Compliance has introduced a powerful feature to empower designated administrators. This feature offers policy scope insights that help administrators understand the aggregated volume of policy violations that are missed due to users who aren’t currently scoped into a given policy. These policy scope insights use advanced analytics to identify communication patterns, content, and trends and then aggregate potential violations from other users within your organization who might go unnoticed within the current policy scope (Figure 3).

 

Once an administrator chooses to enable this feature, they’ll gain access to insights and recommendations regarding users who aren’t encompassed by the policy definition but whose communication aligns with policy conditions. This feature enables your organization to bridge compliance gaps and promptly address potential violations—amplifying compliance precision and bolstering overall accuracy.

 

Figure 3: Recommended policy scoping in the Microsoft Purview Communication Compliance portalFigure 3: Recommended policy scoping in the Microsoft Purview Communication Compliance portal

Get started

With Viva Engage reporting, enhanced SIT detection, and policy scope recommendations, Microsoft Purview Communication Compliance offers the right tools to navigate the complex landscape of communication compliance with increased confidence and efficiency.

 

At Microsoft, we’re continually enhancing communication compliance. For example, we recently introduced a new feature that detects regulatory compliance and business conduct violations in Microsoft Teams meeting transcripts.

 

Stay up to date on our communication compliance features through the Microsoft 365 Roadmap for Microsoft Purview Communication Compliance.

 

Learn more about these solutions in the Microsoft Purview compliance portal. Visit your Microsoft Purview compliance portal to activate your free trial and begin using our new features. An active Microsoft 365 E3 subscription is required as a prerequisite to activate the free trial.

Thank you,

Ahmed Mahmood, Senior Product Marketing Manager

 

 

[1] Matthew Goldstein and Emily Flitter, “Texting on Private Apps Costs Wall Street Firms $1.8 Billion in Fines,” The New York Times, September 7, 2022.

Version history
Last update:
‎Oct 11 2023 01:17 PM
Updated by: