Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Divide Office 365 tenants with Compliance Boundaries

Silver Contributor

A new feature on the Office 365 roadmap that's worth surfacing - Compliance Boundaries:

 

"Tenants can be divided into smaller tenants as defined by geographical boundaries or individual business units. This also includes full support of Compliance Security Filters for OneDrive for Business."

 

So rather than a monolithic approach to a tenant, it can actually be divided based on function or locales for management purposes. This can work with Compliance Security Filters, though only OneDrive is mentioned they also apparently work with mailboxes and SharePoint Online.  

 

These filters can be used to set compliance search actions based on individuals or groups and in the future presumably, can be associated with these compliance boundaries. 

 

This sounds like a welcome feature, especially for those larger tenants spread across regions or those with particular compliance requirements.

4 Replies

The compliance security filters work just fine with Exchange and SPO workloads, and they are relatively easy to set up. Although they are only avaialble via PowerShell for now.

 

But if you are eager to test this, you can certainly configure a "compliance boundary" via compliance security filters, they are practically designed with this in mind.  They support a huge set of attributes, and you can even apply them based on the content of the document/item. Really cool stuff!

Hiya

Seems like the wording of the feature has changed and does not mention "Tenants" anymore, seems like only searches and results will get boundaries not the actual data itself (via a different tenant located at a local region). Just hiding search results (if I understand this feature correctly) will not meet compliance requirements that everyone is after around data boundaries

 

regards

Mo

Wait for Ignite :)

@Vasil Michev hi can I use these boundaries for administrative activity.

 

ie, to separate US/UK/AU admin for their own users based on a country attribute.

 

use case: I don't want my US admins modifying mailbox permissions for an AU user.