Looking to start managing compliance in Office 365? We’ve built a list of a few things you can do today to help you get the ball rolling.
Introducing the Microsoft 365 Compliance Center
The Microsoft 365 compliance center provides easy access to the data and tools you need to manage your organization’s compliance. While it can mean a lot of things, in technology Compliance generally means following a certain set of rules (either specific to an industry, organization, or governing body) as they pertain to information and information technology systems. Because it is such a broad topic that varies widely across industries, the goal of this blog is to get you up and running with a few small features of the larger compliance center.
You’ll Need Licensing
Many of the features we mention below require advanced licensing before they can be enabled. At a minimum, you will need Microsoft/Office 365 E5 or Microsoft/Office 365 E3 + specific add-on licenses depending on your compliance goals. The Microsoft 365 compliance help center has licensing requirements for most of the product features.
Let’s Go Over Three Simple Uses for the Compliance Tools
Retention policies are used by many organizations to prevent the staff from infinitely storing documents, emails, or other data. One place we see this used when an organization wants to prevent lawsuits or information requests which can go back many years in the discovery part of a lawsuit. By having a company retention policy, many lawsuits can be avoided or reduced in scope. Additionally, organizations use retention policies to ensure they comply with regulations requiring data retention for a certain period of time.
In relation to this, we also see organizations who are in the middle of a lawsuit apply data “holds” on emails or data stored in the system preventing staff from deleting important information relating to a legal action.
In both cases, these policies are configured in the Office 365 compliance center. We’ve noticed that organizations often struggle to develop their policies as it can be a challenge to balance productivity while also protecting the organization.
Where to start? The easiest place to begin is to develop an email retention policy. Managing emails and the overall size of the email system is an important part of managing your organization’s data. While it may sound tempting to enable a retention policy on files stored on SharePoint or in Teams, we recommend this only for very specific sets of data. For instance, if you do jobs for customers, it might make sense to delete this customer job information after a period of time.
Data Loss Prevention
Data loss prevention is a practice that helps protect sensitive data and reduce risk. It is a way to prevent users from inappropriately sharing data with people who shouldn’t have it. In Microsoft 365, you implement data loss prevention by defining and applying DLP policies. DLP works across Microsoft 365 services such as Teams, Exchange, SharePoint, and OneDrive. It also works across Office applications such as Word, Excel, and PowerPoint. Additionally, you can protect Window, MacOS, non-Microsoft cloud apps and on-premises file servers with this service.
For a small business, the best place to start with data loss prevention is to control the way your staff shares files among themselves and to outside colleagues. You can configure pop up policies reminding the user they are sharing sensitive information or completely block the sharing to begin with.
Additionally you can build data loss policies for email that block certain types of information either in the body of the email or in attachments.
Electronic discovery, or eDiscovery, is the process of identifying and delivering electronic information that can be used as evidence in legal cases. Microsoft 365 provides three eDiscovery solutions: Content search, Core eDiscovery, and Advanced eDiscovery.
For the purposes of our small organization focused blog, the one which will be used the most is Content Search. Content Search allows you to search for instant messages, emails, and documents across Microsoft 365 data sources and then export the search results to a local computer.
An example of a simple use of this feature would be to search for all emails pertaining to one of your customers. You can perform this search and export the contents of the results to your local PC for further evaluation. If you have a serious customer service issue and need to find the truth, the eDiscovery tool can probably find it.
Now, start building your compliance strategy! As always, we are here to help.
This week’s post by Tim Malzahn, Principal Consultant at Malzahn Strategic