Microsoft is rolling out a range of new compliance features in Microsoft 365 to help security and compliance officers deal with a wave of new privacy laws sparked by Europe’s data protection regulation.
Microsoft 365 is gaining a new dedicated workspace for managing privacy requests from users and compliance with data protection laws in Europe under GDPR or the General Data Protection Regulation.
Microsoft notes California’s tough, new privacy law and Brazil’s new GDPR-inspired General Data Privacy Law as examples where its new compliance and security centers could help out.
Microsoft 365 is a bundle of Microsoft's business products for enterprise customers that includes Office 365, Windows 10, and Enterprise Mobility + Security.
The new Microsoft 365 security and compliance dashboards come as the US lawmakers consider proposals for national privacy legislation after California last year introduced what’s viewed as the nation’s toughest privacy laws.
Microsoft VP and chief legal officer Brad Smith is expecting US lawmakers in 2019 to begin pushing ahead with federal privacy legislation following California’s lead, essentially to get ahead of headaches caused by multiple states introducing their own variants of California’s law.
The Compliance Manager risk assessment dashboard helps security and compliance professionals manage regulatory compliance tasks. Under GDPR, any EU resident can request and expect to receive data that was collected by an organization operating there. The updated compliance manager helps Microsoft 365 users handle these so-called Data Subject Requests.
The tool also uses analytics to help display actions that compliance managers should take with respect to various regulations, including GDPR, the US HIPAA regulations, and ISO-27001 standards.
Microsoft says both specialized workspaces give security and compliance teams centralized management across Microsoft 365 services, unifying the view across Office 365, Windows 10, and Enterprise Mobility + Security (EMS), with several Azure capabilities.
The Microsoft 365 security center gives admins and risk management officers a central place quo view information about identity and access management, threat protection, information protection, and security management.
The center is based on products within Microsoft Threat Protection and includes a dashboard that offers uses a snapshot of an organization’s overall security score, how many users are at risk of identity protection vulnerabilities, device compliance and malware counts, cloud app security, such as OAuth apps with high privileges.
The security centre also gives SecOps staff helpful tools to manage incident response, including a centralized view of alerts and hunting capabilities that can be used during investigations.
The Microsoft 365 compliance centre is aimed at compliance, privacy and risk management officers who can use it to label data with sensitivity and retention restrictions, as well as respond to GDPR-like user data requests.
There’s also a new Microsoft 365 Label Analytics preview to help compliance officers analyze and validate how sensitivity and retention labels are being used beyond Office 365 workloads. And Microsoft has brought the Microsoft Cloud App Security (MCAS) insights feature to the compliance center to help compliance officers identify risks across applications, improve visibility of shadow IT, and monitor employees who stray from compliant activities.
Microsoft’s hit rival to work messaging platform Slack, Microsoft Teams, is also gaining new compliance tools for customers in regulated industries.
A new “intelligent policies” feature includes intelligent filters, flags for sensitive information types, and advanced message filters.
The intelligent filters feature is in private preview currently and includes an offensive language detector powered by machine learning and artificial intelligence models that can identify communication patterns over time. Organizations that want to join the private preview can email Microsoft at firstname.lastname@example.org.
The sensitive information types allows admins to monitor data regulated by financial, medical, health or general privacy laws.
The advanced message filter allows admins to include or exclude emails based on domains and do the same based on retention labels.
Microsoft is kicking off the the roll out of the two dashboards from the end of January and expects the worldwide rollout will be complete by the end of March. The new dashboards will be accessible from security.microsoft.com and compliance.microsoft.com as well as the Microsoft 365 admin center.
Microsoft has also posted a new support document explaining the two dashboards. The features will be available to Microsoft 365 Enterprise E3 or E5 customers. It’s also available to customers with a Volume Licensing equivalent, which includes Office 365 Enterprise E3 or E5, Enterprise Mobility + Security E3 or E5, and Windows 10 Enterprise E3/E5.