What is Microsoft 365 Compliance Center?
After recent changes in renaming Office 365 into Microsoft 365, various services are included in Microsoft 365 and one among them managing the compliance needs and resolving them on the Microsoft Infrastructure services is Microsoft compliance Center. Basically, its compliance managing needs using integrated solutions for classification, information governance, case management, and more.
Administrators can explore new and improved tools for Microsoft Infrastructure data and compliance needs.
- Assess and improve Infrastructure compliance posture with a compliance score
- Explore the catalog to discover and start using the compliance and risk management solutions
available to apply on Microsoft Infrastructure
In this Howto, we are detailing every new feature, solutions, and services that are offered in Microsoft 365 compliance center with screenshots
Microsoft Compliance Center access portal
Components of Microsoft Compliance Center
When you open the Microsoft 365 Compliance portal, on the left side card section on the home page shows you at a glance how your organization is doing with data compliance, what solutions are available for your organization, and a summary of any active alerts. It includes :
- Compliance score
- Data classification
- Data connectors
And on solutions card pane,
- Content search
- Communication compliance
- Data Loss prevention
- Data subject requests
- Information Governance
- Information protection
- Insider risk management
- Records management
Microsoft Compliance Score measures the overall Microsoft Infrastructure progress in completing actions that help reduce risks around data protection and regulatory standards. It also provides workflow capabilities and built-in control mapping to help Administrators efficiently carry out those actions. It has four view ids viz Overview, Improvement actions, Solutions, and Assessments. Now, this service is in preview mode.
This a complete dashboard of the current status of Microsoft 365 tenant compliance score in the graphical view, including provides details on solutions that affect the overall score, provides details on threats from unauthorized users, applications, and devices. Identify and remediate critical insider risks. Define your compliance scope, test control effectiveness, and manage your risk & compliance assessment
Actions you can take to improve your compliance score. There are 280 improvement action items to do to increase the compliance score. Each action has its Points and may take up to 24 hours to update.
Some of the improvement action plans with higher value points are listed below
- Protect wireless access
- Restrict access to Private keys
- Protect password with encryption
- Issue public key certificates
- Route traffic through managed network access points
- Enforce password complexity
- Enforce minimum changed characters for New passwords etc.
Similarly, Solutions that contribute to increasing your score and their remaining opportunity for improvement. Here solution includes entire Microsoft 365 infrastructure comprises Azure, Office365, Cloud App Security, OneDrive for Business, Power BI, SharePoint Online and Windows 10
Assessments help you implement data protection controls specified by compliance, security, privacy, and data protection standards, regulations, and laws. Assessments include actions that have been taken by Microsoft to protect your data, and they’re completed when you take action to implement the controls included in the assessment.
This section to access Overview, Trainable classifiers, Sensitive info types, Content explorer, and Activity explorer. This service is also in preview mode now.
Get snapshots of how sensitive info and labels are being used across your organization’s locations, including any files that were labeled using Azure Information Protection, and also provide a dashboard of all other section (viewed ) details including Top activities detected, Top retention labels applied to the content, Azure information protection labels summary, locations where retention labels are applied, etc.
Use built-in or custom classifiers to identify specific types of info and items in your organization. Once created, classifiers can be used in several compliance solutions to detect related content and classify, protect, and retain it.
Currently, six custom trainable classifiers are available, and they are listed under ready to use category. They are: Offensive Language, Resumes, Sourcecode, Targeted Harassment, Profanity, and Threat. You can also add your classifiers.
Sensitive info types
The sensitive info types here are available to use in your security and compliance policies. These include a large collection of types we provide, spanning regions around the globe, as well as any custom types you have created. There are 100 info types available, and administrators can create info types manually.
Explore the email and docs in an organization that contains sensitive info or has labels applied. Administrators can drill down further by reviewing the source content that’s currently stored in Exchange, SharePoint, and OneDrive.
Review activity related to content that contains sensitive info or has labels applied, such as what labels were changed, files were modified, and more. Label activity is monitored across Exchange, SharePoint, OneDrive, and endpoint devices.
This required turning on auditing, so Microsoft can start recording user and administrator activity of an Organization. When the auditing is turned on, the activity will be recorded to the audit log file and available to view in a report.
Connectors help you to connect your important data sources to your solutions. Available data sources in preview mode are :
- Facebook business pages – Connecting to your Facebook data is valuable for records management and eDiscovery solutions
- HR – Connecting to your HR data is valuable for identifying and remediating internal risks using solutions such as insider risk management.
- Instant Bloomberg – Connecting to your Instant Bloomberg data is valuable for communication compliance, records management, and eDiscovery solutions.
- Linkedin company pages – Connecting to your LinkedIn data is valuable for records management and eDiscovery solutions.
- Twitter – Connecting to your Twitter data is valuable for records management and eDiscovery solutions.
To add data connectors, logged in Administrator/user must be assigned the Mailbox Import Export role. This role is assigned in the Exchange admin center
To create alert policies and then view the alerts generated when users perform activities that match the conditions of an alert policy. Here administrators can view and filter alerts, set an alert status to help administrators to manage alerts, and then dismiss alerts after you’ve addressed or resolved the underlying incident.
View status and trends for the compliance of your Microsoft 365 devices, data, identities, apps, and infrastructure. Available reports on this page are
- Label auto-reply
- Label records tagging
- Labels trend over the past 90 days
- Label usage over the past 90 days
- Retention label usage
- Sensitivity label usage
- Retention label changes
- DLP policy matches and incidents
- DLP false positives and overrides
- Third-party DLP policy matches
- High-risk apps
- Cloud Apps compliance
Set up policies to govern data, manage devices, and receive alerts about various activities in the organization. There are 5 predefined policy types available now and are listed below
- Alert – Office 365 alert and Cloud App Security
- Data – Data loss prevention and Retention
Manage who in your organization has access to the Microsoft 365 compliance center to view content and perform tasks. You can also assign Microsoft 365 permissions in Azure Active Directory.
Discover, learn about, and start using the intelligent compliance and risk management solutions available to the organization. Available catalogs show below
- Data loss prevention – Detects sensitive content as it’s used and shared throughout your organization, in the cloud, and on devices, and helps prevent accidental data loss.
- Information governance – Manages your content lifecycle using solutions to import, store, and classify business-critical data so you can keep what you need and delete what you don’t.
- Information protection – Discovers, classifies and protects sensitive and business-critical content throughout its lifecycle across your organization.
- Records management – Uses intelligent classification to automate and simplify the retention schedule for regulatory, legal, and business-critical records in your organization.
- Communication compliance – Minimizes communication risks by helping you automatically capture inappropriate messages, investigate possible policy violations, and take steps to remediate.
- Insider risk management – Detects risky activity across your organization to help you quickly identify, investigate, and take action on insider risks and threats
- Audit – Records user and admin activity from your organization so you can search the audit log and investigate a comprehensive list of activities across all locations and services
- Data investigations – Searches across content locations to identify sensitive, malicious, or misplaced data across Microsoft 365 locations so you can investigate and remediate any incidents, such as data spillage
- Data subject requests – Finds and exports a user’s personal data to help you respond to data subject requests for GDPR.
- eDiscovery – Helps respond to legal discovery requests using core and advanced solutions for identifying, preserving, analyzing, and exporting data.
Microsoft 365 audit log to find out what the users and admins in your organization have been doing. You’ll be able to find activity related to email, groups, documents, permissions, directory services, and much more.
You can create audit policy based on Activities, Users and File, folder or site by providing Start Date & End date.
You can also filter the log search based on Date, IP Address, User, and Activity details.
Search your organization for content in email, documents, Skype for Business conversations, and more. Available options are New search, Guided search and Search by ID List
Communication compliance is part of the new insider risk solution set in Microsoft 365 that helps minimize communication risks by helping you detect, capture, and take remediation actions for inappropriate messages in your organization. Predefined and custom policies allow you to scan internal and external communications for policy matches so they can be examined by designated reviewers. Reviewers can investigate scanned email, Microsoft Teams, Yammer, or third-party communications in your organization and take appropriate remediation actions to make sure they’re compliant with your organization’s message standards.
Data loss prevention
Use data loss prevention (DLP) policies to help identify and protect your organization’s sensitive info. For example, you can set up policies to help make sure information in email and docs isn’t shared with the wrong people. Administrators have the option to create a new policy, choose the type of content to protect, and how they want to protect it.
Data subject requests
GDPR gives people (also called data subjects) the right to their personal data. This includes obtaining a copy of it and requesting to export it in an electronic format. To respond to these requests, you’ll start by creating a DSR case.
Core – After creating an eDiscovery case and choosing who has access to it, use the case to search for email, documents, Skype for Business conversations, team data, and other content in your organization. You can then preserve the content and export the search results for further analysis
Advanced eDiscovery provides an end-to-end workflow to preserve, collect, review, analyze, and export content that’s responsive to your organization’s internal and external investigations.
The Information Governance capabilities from Microsoft 365 help to integrate data from heterogeneous environments, intelligently classifies data with machine learning capabilities, provides remediation, and enables records management to meet regulations. This helps users and organizations to intelligently govern data across their environment to reduce risk, thereby easing the path towards meeting compliance needs.
This includes Labels, Labels policies, Import, Retention, and Archive.
When published, retention labels appear in users’ apps, such as Outlook, SharePoint, and OneDrive. When a label is applied to email or docs (automatically or by the user), the content is retained based on the settings the user chose. For example, an administrator can create labels that retain content for a certain time or ones that simply delete content when it reaches a certain age
Create retention label policies to either publish or auto-apply labels. When administrators publish labels to locations such as Outlook and SharePoint, users can manually apply the labels to retain their content. When administrators auto-apply labels, users will see the labels automatically applied to content that matches your conditions (such as content containing specific sensitive info)
Use the Import service to move email (PST files) from your organization’s servers to Office 365. You can ship hard drives to Microsoft or upload the files directly over the network
Email, documents, Skype, and Teams conversations. Your users generate a lot of content every day. Take control of it by setting up retention policies to keep what you want and get rid of what you don’t.
Archive mailboxes provide additional email storage for the people in your organization. Using Outlook or Outlook Web App, people can view messages in their archive mailboxes and move or copy messages between their primary and archive mailboxes. After an archive mailbox is enabled, messages older than two years are automatically moved to the archive mailbox by the default retention policy that’s assigned to every mailbox in your organization
Sensitivity labels are used to classify email messages, documents, sites, and more. When a label is applied (automatically or by the user), the content or site is protected based on the settings you choose. For example, you can create labels that encrypt files, add content marking, and control user access to specific sites.
Create sensitivity label policies to publish one or more labels to your users’ Office apps (like Outlook and Word), SharePoint sites, and Office 365 groups. Once published, users can apply the labels to protect their content.
Insider risk management
The Microsoft 365 insider risk management solution provides a tenant level option to help customers facilitate internal governance at the user level. Tenant level administrators can set up permissions to provide access to this solution for members of your organization and set up data connectors in the Microsoft 365 compliance center to import relevant data to support user-level identification of potentially risky activity. Customers acknowledge insights related to the individual user’s behavior, character, or performance materially related to employment can be calculated by the administrator and made available to others in the organization.
Records management enables compliance with your corporate policies and regulations for your business-critical records. Here you can create or import retention labels into your file plan, and author policies to publish or auto-apply those labels. You can manage how your data is kept and how you are kept up-to-date about new or upcoming retention events. In this solution you can determine where, when, and how your records are retained; Attend to new and pending disposition alerts.
Whether starting from scratch or an existing file plan, Microsoft 365 file plan uses advanced analytics and insights to help automate your retention schedules throughout the content lifecycle. Microsoft Excel template lets you quickly fill out your file plan so you can collaborate with stakeholders on your retention label strategy. When ready, simply upload the completed plan to Microsoft 365 then publish or auto-apply the labels to see them in action.
Create retention label policies to either publish or auto-apply labels. When you publish labels to locations such as Outlook and SharePoint, users can manually apply the labels to retain their content. When you auto-apply labels, users will see the labels automatically applied to content that matches your conditions (such as content containing specific sensitive info).
An event is a specific occurrence of a predefined event type. Event types are associated with labels that, when applied to content, classify the content as that specific type. If an actual event occurs, such as a user leaves your organization, you’ll create an event for that situation by specifying the event type (such as ‘Employment ended’), the date the user left, and the IDs associated with the user’s labeled content (such as their employee ID).
Managing security and compliance is a partnership. Administrators are responsible for protecting the company’s data, identities, and devices. Microsoft 365 compliance center is a must-try for any Administrators whose organization needs to comply with legal or regulatory standards, start here to learn about compliance in Microsoft 365. There are many services, solutions, and features added to Microsoft 365 compliance center every day, adhering all these to protect his company’s data and devices are his ultimate goal.
Download Vembu Backup for Microsoft Office 365 and Protect your Office 365 Data!
Download the full-featured 30-day free trial of our latest version Vembu BDR Suite v4.2.0 and experience modern data protection for your Office 365 environment.
- Backup your Mails, Contacts, Calendars, and OneDrive items
- Recover data anywhere and anytime
- Restore domain or user-level data
- Store your data on-premise or in Vembu Cloud
Learn more and get started with Vembu Backup for Microsoft Office 365 here