Microsoft’s Compliance Manager is intended to help cloud tenants cope with regulations like ISO 27001 and GDPR. The Compliance Manager has a nice dashboard, but it is passive and offers very weak options in terms of organizing the work needed to achieve compliance. But Office 365 has Planner and Teams, and it is easy to create the necessary collaboration structure to allow people to work on GDPR controls.
Office 365 includes supervision policies to allow tenants to monitor email traffic between selected groups to ensure that they comply with regulations. Supervision policies are easy to set up, but be careful about the workload involved in processing the captured email.
You can capture Exchange mailbox events in the Office 365 audit log, but only if you remember to enable auditing for target mailboxes. Exchange Online doesn’t enable new mailboxes for auditing by default, so administrators must remember to enable the mailboxes manually – and check for new mailboxes periodically. If you don’t, nothing is recorded and your audit log will be empty.
The new Office 365 data governance framework has been updated to allow content marked with classification labels to receive a manual review before being removed. It’s the kind of thing that makes data governance administrators happy.
In this Ask the Admin, Russell Smith explains why SCM was killed off and how the Security Compliance Toolkit stacks up in comparison.
The European Union will introduce the General Data Protection Regulations (GDPR) in May 2018. The intention is to deliver better protection for personal data, which is laudable. Like with many regulations, the problems arise in implementation. Office 365 holds a lot of personal data, so Office 365 tenants must cope with GDPR.
Microsoft Teams now includes the ability to control whether team owners or members can remove items from conversations. It’s a useful feature. All of us have probably regretted something said electronically!
Microsoft has updated Yammer so that new groups use the Office 365 Groups service to manage the identity and membership of the groups. There are far too many “groups” in that last sentence, which kind of illustrates how a surplus of groups might be building up within Office 365.
Russell Smith shows you how to configure Operations Management Suite’s Update Compliance to monitor Windows updates.
Further signs of Microsoft discarding the on-premises roots of Office 365 in favor of consistent cross-workload functionality comes when the Security and Compliance Center takes center stage for eDiscovery from July 1.
Microsoft extends the Office 365 data governance framework to cover conversations in Teams. Office 365 captures chats as items in Exchange Online mailboxes that are discoverable with content searches. And audit events work too!
Office 365 content searches are very powerful at finding content in SharePoint, Exchange, Groups, public folders, and OneDrive. Permissions filters can restrict the ability of eDiscovery managers to see results. With a little PowerShell, you can create effective filters.
As part of the Office 365 data governance framework, tenants can now create retention policies that apply to the mailbox and team site belonging to Office 365 Groups. The process is quite straightforward, but some gotchas exist that you need to think about!