Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community
Identify business conduct violations with Microsoft Purview Communication Compliance
Published Dec 13 2022 11:31 AM 6,784 Views

A company’s business conduct requirements play a critical role in mitigating data security risks while also fostering a positive work environment. As hybrid work changes where and how employees communicate, collaborate, and share information, the compliance challenge for security, data and risk managers is scaling from traditional office corridors and conference rooms to cloud-powered collaboration platforms. Balancing the need for conducive work environments with consistent compliance awareness, data security controls and meeting regulated industry requirements is critical given that 57% of hybrid employees are considering a shift to remote work[1].

 

Microsoft Purview Communication Compliance provides the tools to help organizations detect regulatory compliance (e.g. SEC or FINRA) and business conduct violations such as inappropriate sharing of sensitive/confidential information or adult content, and using harassing or threatening language. Built with privacy by design, usernames are pseudonymized by default, role-based access controls are built in, investigators are opted in by an admin, and audit logs are in place to help ensure user-level privacy.

Today we are sharing additional details on several features that were recently released in Communication Compliance that further enhance our already rich set of capabilities.

 

Identify trends to create or update Communication Compliance policies

In many instances, companies are not aware of potential business conduct violations until it is too late. The Communication Compliance recommended policy actions feature helps organizations discover trends and identify potential areas of risk, such as harassment or sharing of sensitive information. With recommended policy actions, users will gain aggregated insights from existing policies to recommend a new Communication Compliance policy or even update existing ones. Communication Compliance recommended policy actions feature displays the aggregate number of matches per classification type. It also maintains privacy by design with none of the insights containing any personally identifiable information (PII).

 

Recommended actions for your organization are listed on the Overview pageRecommended actions for your organization are listed on the Overview page

 

Detect potential policy violations in shared channels

With more and more business being conducted in hybrid environments, Communication Compliance can help quickly identify, investigate and mitigate potentially problematic communications. Today companies can use Communication Compliance to analyze text and image-based messages in Microsoft Teams, Microsoft Viva Engage (Yammer), Outlook and third-party apps such as WhatsApp and Instant Bloomberg. We are pleased to announce we are continuing to expand functionality to include new detection capabilities to help analyze Teams for policy matches over shared channels (cross-tenant channels).

 

In addition to detecting potential violations in modern attachments as well as images for potential hidden data or messages with optical character recognition (OCR), customers also are able to identify and analyze messages across both internal and external communications. With this new capability, Communication Compliance will help detect any potential business conduct violations within messages that are sent to or received from users outside the host team or tenancy.

 

Communication Compliance also offers Report a concern feature within Microsoft Teams that enables users to anonymously report potential business conduct or regulatory violations within Teams chat. For more information about this feature, read our recently published blog at https://aka.ms/CCRACblog.

 

Detecting and investigating potential data security risks

Currently available in public preview, admins are now able to use Communication Compliance risk signals within Insider Risk Management policies to help detect inappropriate sharing of sensitive or confidential information or sending of inappropriate messages over work channels. Communication Compliance risk signals, security teams can create Insider Risk Management policies to detect potentially risky actions that may lead to a data security incident. With this integration, customers are able to take proactive action as well as define their own governance around data exfiltration. Like Communication Compliance, Insider Risk Management has privacy built in, with user pseudonymization on by default and strong role-based access controls in place, allowing organizations to build the right policies to meet their needs. For more information read the recently published blog.

 

Quickly analyze and remediate alerts

Currently available in public preview, Communication Compliance provides the ability to gain context around machine learning model policy matches so you can make more informed remediation actions. With machine learning model highlighting, this feature gives investigators greater context around which word or key phrase triggered a machine learning model policy match and caused a classifier to catch a message.

 

The keyword/phrase triggering the policy match is highlightedThe keyword/phrase triggering the policy match is highlighted

 

Get started

These new features in Microsoft Purview Communication Compliance are now available in customer tenants.

 

We are happy to share that there is an easier way for you to try Microsoft Purview solutions directly in the Microsoft Purview compliance portal with a free trial (an active Microsoft 365 E3 subscription is required as a prerequisite). By enabling the trial in the compliance portal, you can quickly start using all capabilities of Microsoft Purview, including Insider Risk Management, Communication Compliance, Records Management, Audit, eDiscovery, Information Protection, Data Lifecycle Management, Data Loss Prevention, and Compliance Manager.

 

Visit your Microsoft Purview compliance portal for more details or check out the Microsoft Purview solutions trial (an active Microsoft 365 E3 subscription is required as a prerequisite).

 

If you are a current Communication Compliance customer and are interested in learning more about how Communication Compliance can help safeguard sensitive information and detect potential regulatory or business conduct violations, check out the resources available on our recently updated “Become a Communication Compliance Ninja” resource page.

 

Thank you,

Liz Willetts, Senior Marketing Manager

Christophe Fiessinger, Principal Product Manager

 

[1] Microsoft WorkLab 2022 Work Trend Index, Great Expectations: Making Hybrid Work Work (microsoft.com), 16 March 2022

Version history
Last update:
‎Dec 13 2022 12:52 PM
Updated by: