Blog Post

Security, Compliance, and Identity Blog
4 MIN READ

Your specialized compliance workspace – Microsoft 365 compliance center

jutingying's avatar
jutingying
Icon for Microsoft rankMicrosoft
Mar 28, 2019

With electronic data growing exponentially across the digital estate and the increased number of new privacy regulations emerging, consumers are more aware of their privacy rights now more than ever. Compliance and privacy professionals need more tools to help them safeguard sensitive information and reduce compliance risks. To empower organizations to more effectively and efficiently take control of their data privacy, we introduced the new Microsoft 365 compliance center in January and are excited to announce its general availability today!

 

The new Microsoft 365 compliance center enables you to assess compliance risks and posture, protect and govern your data, and respond to data discovery requests in a timely manner. Here, we highlight several key compliance capabilities in the three scenarios below.

 

Simplify assessment of compliance risks and posture with actionable insights

On the Microsoft 365 compliance center homepage, you can easily find actionable insights in the Assess, Protect, and Respond sections with signals across the Microsoft 365 feature set. The homepage is the go-to dashboard for compliance and privacy teams to examine their organization’s data compliance posture.

 

To help with your regulatory compliance, we’ve brought in score insights from Compliance Manager, a cloud-based tool that helps you perform on-going risk assessments, and provides step-by-step guidance on implementing compliance controls. It also tracks and records your compliance activities to help you prepare for internal and external audits. On the Compliance Manager card, you can find a quick summary of your current compliance posture for regulations and standards including: GDPR, ISO 27001, and NIST 800-53. From here, you can visit Compliance Manager to improve your Microsoft Compliance Score.

 

 

In addition to the score, you can also find insights from Microsoft Cloud App Security (MCAS) including: third-party application usage, application compliance statuses, both the users and files shared most from cloud applications, and shadow IT applications as well. Additionally, with signals from Data Loss Prevention, you can quickly examine your DLP policy matches and create new policies to protect your sensitive data.

 

Integrated protection and governance of sensitive data across devices, apps, and cloud services

To help you better protect your digital estate across devices, apps, and cloud services, we aggregated the signals for risky compliance activities in your organization’s environment, and helped you highlight the high severity ones with details so that you take the appropriate actions to remediate risks.

 

 

Within the new compliance center, you can also classify your most important data with sensitivity and retention labels, and configure protection and governance policies with a unified experience. Additionally, the Label analytics functionality in public preview gives you label insights across your Office 365 and non-Office 365 workloads, helping you analyze and validate your label usage.

 

 

Under the solutions area, you can easily access compliance features that help you better govern your data. The disposition review under Data governance helps you review the content when it reaches the end of its retention period, for you to make a final decision about keeping or deleting the data. Additionally, Supervision helps organization meet communication-monitoring requirements to address internal policies or regulatory compliance. You can establish policies with intelligent conditions and identify Teams or users and the related channels or chat messages to be included in the supervision policy. Supervisors can then review content with the new built-in review experience to tag, escalate, and bulk resolve.

 

 

Intelligently respond to data discovery requests by leveraging AI to find the most relevant data

The cost of compliance has continuously increased in the past few years due to new regulations like GDPR, and the growing amount of electronic data. Organizations need assistance to discover the most relevant data to respond to regulatory requests like the Data Subject Access Requests (DSARs).

In the new Microsoft 365 compliance center, you can access the Data Subject Requests tool to create DSR cases and identify your employees’ personal data with built-in content search capabilities. With Advanced eDiscovery, you can reduce the cost and risk of common eDiscovery processes with custodian management, hold notifications, working sets and review and redact functionality built into Microsoft 365 directly.

 

 

In addition to data discovery, Microsoft 365 compliance center also provides you with access to data investigations solution in preview, which helps organizations to search for leaked or unprotected sensitive data and take actions like deleting emails or documents to remediate risks.

 

We will keep adding more compliance solutions like audit log search, content search, retention policies, archiving and more in the Microsoft 365 compliance center soon to reach parity with the solutions we provide in Office 365 Security & Compliance Center. Please don’t hesitate to give us feedback from the feedback button in the new center.

 

Get started today

To get the new Microsoft 365 security center and Microsoft 365 compliance center, your organization must have a subscription to Microsoft 365 E3 or E5, or a Volume Licensing equivalent (which consists of Office 365 Enterprise E3 or E5, Enterprise Mobility + Security E3 or E5, and Windows 10 Enterprise E3/E5). We plan to expand access to additional subscriptions and license types later in the year. Users must be assigned the Global Administrator, Compliance Administrator, or Compliance Data Administrator role in Azure Active Directory to access the new Microsoft 365 compliance center.

 

You can start using the Microsoft 365 compliance center today by visiting compliance.microsoft.com or through the Microsoft 365 admin center. Learn more about the new experience in our technical supporting document.

Updated May 11, 2021
Version 6.0
  • ags5885's avatar
    ags5885
    Copper Contributor

    Is there a timeline for getting these features in Azure Government cloud?

  • Dean_Gross's avatar
    Dean_Gross
    Silver Contributor

    What happened to the Audit Log search functionality that was in the original Security and Compliance Center? I don't see it in the new Compliance Center or in the new Security Center.

  • Hi ags5885 - we don't have a roadmap to include Azure features yet. We mostly focus on Microsoft 365 workloads now. Do you have any specific use cases for Azure to share with us?

     

    Hi Dean_Gross - that's a really good question. We haven't moved several features from Office Security & Compliance Center to the new Microsoft 365 compliance center yet, and we will gradually move more features in with the new UX and native experience. I will share more information about the timeline soon. 

     

    Hi Vasil Michev - yes you can refer to this tech community post with eDiscovery and data investigation preview here: https://techcommunity.microsoft.com/t5/Security-Privacy-and-Compliance/Now-do-more-with-Advanced-eDiscovery-custodian-communications/ba-p/327338

     

    Thank you everyone for the question and feedback!

  • Dean_Gross's avatar
    Dean_Gross
    Silver Contributor

    jutingying  thanks for the response. I don't understand how you label something as Generally Available when it does not have all of the existing functionality as the product that it is replacing, a new portal should be adding functionality and making it easier for us. The announcement of this as GA is premature in my opinion. We now have to got to 3 portals when we used to have one, this is NOT helpful.

  • ags5885's avatar
    ags5885
    Copper Contributor

    jutingying - Sorry I should have used different wording. These features appear to be generally available to Microsoft 365 Commercial tenants - do you know about availability in the GCC High / DoD tenants? 

  • Hi Dean_Gross, thanks for the honest feedback. We will loop it back to the product team on this issue and take it seriously. We are still working hard on  adding more functionality and solutions over the coming months. In the meantime, there are some tasks that must be performed in the Office 365 Security & Compliance Center (https://protection.office.com). In those cases, you'll be directed to the location where you can perform the task at hand, such as creating or editing a supervision policy. Our goal is to give you one place to go to manage all the compliance-related policies and settings. Please don't hesitate to message me any more feedback you have. 

     

    Hi ags5885, we don't have estimated time to ship it to GCC High/DoD yet. I will update the public roadmap once I have more information. Thank you!