GDPR comes into force on May 25, 2018. To help Office 365 tenant administrators respond to GDPR data subject requests, a new DSR case feature is available as a preview in the Security and Compliance Center. The feature is based on the existing eDiscovery case and content search functionality, so it should be very familiar to anyone who has searched Office 365 for email, documents, and other information.
We’re just a few weeks away from the Microsoft Build conference, where historically, a lot of announcements are made.
With GDPR coming, it’s good news that Teams now supports Office 365 retention policies. You can apply retention to messages posted to channels and chats, or use a mixture of policies to target different sets of users and teams. You might be surprised how Teams has implemented retention – and remember, we’re only talking about messages – other content might also need a policy.
Office 365 now includes out-of-the-box email encryption, which might just mean that the era of using S/MIME and PGP might be coming to a close, at least inside Office 365. The new functionality scores highly on ease of use and integration, but the lack of support in the current Outlook desktop clients means that adoption will be slow.
Office 365 keeps on changing, which makes it very hard to keep up with detail. The big stuff gets covered in articles but small changes might be overlooked. In this post, Tony looks at some of the changes that happened in the last week or so that you might have missed, including Teams, Planner, OneDrive, Yammer, and Exchange. And preparation for GDPR…
GDPR is coming and Office 365 tenants need to be prepared to deal with topics like data spillage and the right to be forgotten. It’s easy to see how to remove someone’s PII from Exchange mailboxes and SharePoint Online, but you might have a bigger challenge dealing with offline data in PSTs and OneDrive-synchronized folders. More to ponder…
Microsoft has a new Information Protection guide to help Office 365 tenants prepare for GDPR. The guide is incomplete because it focuses on SharePoint Online and OneDrive for Business, but it contains some good information that will help companies figure out what they need to do to prepare for the May 25, 2018 deadline. Expect more guides of this type to appear in the future.
In this Ask the Admin, Russell Smith looks at how Microsoft’s new service can help organizations meet compliance requirements.
Azure Conditional Access policies can be used with Azure Information Protection (AIP) to secure protected documents against unauthorized access. If you have already decided to use AIP as part of your Office 365 data protection strategy, adding a conditional access policy is a quick way to frustrate people who try to access documents when they shouldn’t.
Microsoft’s Compliance Manager is intended to help cloud tenants cope with regulations like ISO 27001 and GDPR. The Compliance Manager has a nice dashboard, but it is passive and offers very weak options in terms of organizing the work needed to achieve compliance. But Office 365 has Planner and Teams, and it is easy to create the necessary collaboration structure to allow people to work on GDPR controls.
Microsoft released Compliance Manager Preview, after initially announcing the new service during Ignite 2017 in late September. It is, for now at least, a free service for existing Office 365 customers, that aims to provide a management interface for organization’s compliance management activities.
A new premium Azure Active Directory feature allows you to force group owners to certify that external members should have continued access. Given that Office 365 Groups and Microsoft Teams now both support guest users, it is wise to check on who can access what from time to time. Whether you will want to pay extra for such a feature is quite another matter!
The European Union will introduce the General Data Protection Regulations (GDPR) in May 2018. The intention is to deliver better protection for personal data, which is laudable. Like with many regulations, the problems arise in implementation. Office 365 holds a lot of personal data, so Office 365 tenants must cope with GDPR.