Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
Use Supervision to monitor email, Microsoft Teams, manage risk, meet regulatory requirement and more
Published Jan 29 2019 09:00 AM 156K Views

March 25th, 2020 UPDATE: Please look at the newly released Communication Compliance solution going forward: http://aka.ms/CommunicationComplianceGA

 

The volume and variety of today’s electronic communications are causing many organizations to struggle to meet their communications monitoring and compliance obligations and we’ve heard your concerns about the need to simplify and streamline compliance tools in the modern workplace. Today, we’re rolling out a new supervision solution to support your organization’s compliance needs and journey.

For a quick overview of Supervision policies, see the Supervision policy video on the Microsoft Mechanics channel.

Scenarios for Supervision

Monitoring digital communications is critical to mitigating conduct, reputational, and financial risks. Organizations require a supervision system that meets both business control needs and regulatory compliance requirements. Our supervision solutions help you address the following concerns:

  • Corporate policies: employees must comply with acceptable use, ethical standards, and other corporate policies in all business-related communications. Supervision can detect policy violations and help you take corrective actions to help mitigate these types of incidents. For example, you could monitor your organization for potential human resources violations such as harassment or the use of inappropriate or offensive language in employee communications.
  • Risk management: organizations are responsible for communications distributed through corporate systems. Implementing a supervision program helps identify and manage legal exposure and other risks before they damage corporate reputation and operations. For example, you could monitor your organization for unauthorized communications for confidential projects such as upcoming acquisitions, mergers, earnings disclosures, reorganizations, or leadership team changes.
  • Regulatory compliance: most organizations must comply with some type of regulatory compliance standards as part of their normal operating procedures. These regulations often require organizations to implement some type of supervisory or oversight process for messaging that is appropriate for their industry. The Financial Industry Regulatory Authority (FINRA) Rule 3110 is a good example of a requirement for organizations to have supervisory procedures in place to monitor the activities of its employees and the types of businesses in which it engages. Another example may be a need to monitor broker-dealers in your organization to safeguard against potential money-laundering, insider trading, collusion, or bribery activities. Supervision policies can help your organization meet these requirements by providing a process to both monitor and report on corporate communications.

New in Supervision

With Supervision policies, you can monitor internal or external Exchange email,  Microsoft Teams chats and channels, or 3rd-party communication in your organization. Listed below are key new features in our integrated Supervision solution that reduce the need to export Microsoft 365 data for compliance management or review.

Intelligent policies

  • Intelligent filters (in private preview): the offensive language data model helps identify inappropriate language by leveraging machine learning and artificial intelligence to identify communication patterns over time.
  • Sensitive information types: you can now leverage either the 100 sensitive information types (financial, medical and health or privacy) such as credit card or social security number or custom data types such as your own custom dictionary/lexicon to flag content for review, or a combination of both.
  • Advanced message filters: with domain and retention labels conditions you can now include or exclude emails based on domains and include or exclude emails based on their retention labels.

Policy creation

Efficient reviews

  • Integrated review: you can now easily review, tag, comments and resolve items flagged for review within the Security & Compliance Center using your favorite browser. If needed, you can also continue to manage flagged items using Microsoft Outlook and Outlook on the web.
  • Bulk resolve: within the new built-in review feature in the Security & Compliance Center, you can easily tag, comment or resolve multiple items with just one click.

Supervision review

Defensible insights

  • Productivity reporting: Compliance officers can monitor and ensure items are being reviewed directly in the Security & Compliance Center.
  • Stay ready for audits: All review activities are now fully audited and policy tracking allows you to document the complete history of supervised employees, reviewers, and policy rules at any point in time.

These new supervision innovations, based on customer feedback and pain points with existing solutions, will help your organization more effectively manage compliance risk and the efficiently manage the ever-increasing volume of communications data. Going forward, we’ll continue to invest in intelligent policies to handle the growing volume communications data and to make compliance reviews more efficient to help save time & money.

 

“With Microsoft’s Supervision solution we can get a 360 view of our risk management portfolio to understand how employees in the firm are complying to policies and procedures. For example, with domain exclusions, we now create various policies to understand how our attorneys are communicating with internal and external parties.  We also set various supervision filters to capture data on engagement letter terms and SOWs to make sure employees are complying to the policies and levels of risks the partners have agreed to at the firm.“
— Chad Ergun, DGS Law's CIO

 

Ready to get started?

Regardless of where you are in your compliance journey, there’s plenty of compliance solutions to explore and implement in Microsoft 365. Learn more about Supervision with Supervision policies in Office 365 and start implementing supervision policies with Configure supervision policies for your organization.

You can also engage with us in our Tech Community and provide additional feedback on UserVoice.

 

Frequently Asked Questions

Q:  What licenses are required to use Supervision?

A: All users monitored by supervision policies must have either a Microsoft 365 E5 Compliance license, Office 365 Enterprise E3 license with the Advanced Compliance add-on or be included in an Office 365 Enterprise E5 subscription. If you don't have an existing Enterprise E5 plan and want to try supervision, you can sign up for a trial of Office 365 Enterprise E5.

Q: When will these updates be available for my organization?

A: We have started rolling out the new Supervision updates to Office 365 today and most customers should have access to the new features over the next several weeks.

Q: How can I join the Offensive Language private preview? 

A: Please email us at: supervisionolpreview@service.microsoft.com with a description of the use case you are trying to address and your tenant information (tenant ID or domain).We’ll review submissions and let you know if your tenant has been accepted in the program.

 

—Christophe Fiessinger, principal program manager Microsoft 365 Security & Compliance

13 Comments

Will the changes be available in the SCC, or just the "specialized" portals that are rolling out now, supposedly? For the record, I don't see any of the above yet in the SCC. Are the add-in changes already deployed or we have to wait for them as well?

 

Pretty sure the first thing I'll try is to test this as a "conversation history" type of solution for Teams :)

@Vasil Michev it will be available on both the existing O365 SCC portal and the new M365 Compliance portal, we are starting the rolling out so coming to a tenant near you really soon!

Iron Contributor

@Christophe Fiessinger Kudos. This is a significant step up from your Supervision 2017 offering. Nice to see.

Iron Contributor

So ... thinking about this ... your supervision offerings historically have focused on Exchange Online for FINRA. The new updates above point to a broadened focus, such as the inappropriate language and legal exposure use cases. These could be implemented in a couple of ways in Office 365 - DLP could do it, or Supervision could do it, or probably even Office 365 Cloud App Security (the logic model is there).

 

For example, Unified DLP could be set to look for inappropriate language, documents with particular retention labels, or documents with specific words or phrases (doing a lexicon match, etc.). Why did you strategically decide to do this in Supervision rather than DLP (granted that DLP does signal "data loss" so would be fine for the confidential projects use case, but not so much for language concerns)?

 

We all sit in the outer ring and are affected by the choices made within the mothership. I guess I'm interested in the background thinking.

Iron Contributor

Sorry ... another thought ... with FINRA supervision, setting a percentage for supervision means a supervisor doesn't get overloaded; this makes sense because the search construct has usually been about how a person communicates, rather than content analysis.

 

How do you see that field being used for the newer use cases like offensive language, legal exposure, confidential projects, etc., since the search construct is based on content analysis? Is the recommendation going to be to set this to 100% so that all instances of the above are caught?

Iron Contributor

"Supervision can detect policy violations and help you take corrective actions to help mitigate these types of incidents."

 

My assumption here is that Supervision offers no automated policy-based corrective actions - is that right? Supervision can capture messages that violate policy, but any corrective action is entirely out-of-channel and up to a person. Supervision can't, for example, prevent an email that's laden with offensive language from being delivered - am I thinking about this the right way?

@Christophe Fiessinger, it looks like the Supervision add-in doesn't work in the new OWA experience. Are we actually getting something new in terms of the add-in experience, or it's the same old add-in and the new experience is just for the SCC?

@Vasil Michev add-on is the same and new experience is for both the SCC and the new compliance portal.

@Michael Sampson Great questions & thanks for taking the time to write them! we see DLP & Supervision complement one another fulfilling different use cases (both uses some of the same building blocks like sensitive info types). Yes one is more proactive and the other more reactive. You are correct that an org. might not tolerate any offensive language and hence will monitor 100% of comms. 

Thanks Christophe. So maybe you should poke the OWA folks a bit, as the Supervision add-in doesn't currently work in the new OWA version.

@Vasil Michev thanks for the reminder and note we are working on addressing this issue!

Brass Contributor

Any tips on finding how to add the Advanced Compliance add-on if we have E3?  Did the plan get renamed since this?

EDIT - Disregard - found it as an add-on under the E3 plan.

@Tom Mucha good to hear you found it, going forward we actually recommend using the newly released Communication Compliance solution, please see this: http://aka.ms/CommunicationComplianceGA

Copper Contributor

Will it be able to be on iPad? 

Version history
Last update:
‎May 11 2021 02:06 PM
Updated by: