In this Ask the Admin, Russell Smith looks at how Microsoft’s new service can help organizations meet compliance requirements.
Azure Conditional Access policies can be used with Azure Information Protection (AIP) to secure protected documents against unauthorized access. If you have already decided to use AIP as part of your Office 365 data protection strategy, adding a conditional access policy is a quick way to frustrate people who try to access documents when they shouldn’t.
Microsoft’s Compliance Manager is intended to help cloud tenants cope with regulations like ISO 27001 and GDPR. The Compliance Manager has a nice dashboard, but it is passive and offers very weak options in terms of organizing the work needed to achieve compliance. But Office 365 has Planner and Teams, and it is easy to create the necessary collaboration structure to allow people to work on GDPR controls.
Microsoft released Compliance Manager Preview, after initially announcing the new service during Ignite 2017 in late September. It is, for now at least, a free service for existing Office 365 customers, that aims to provide a management interface for organization’s compliance management activities.
A new premium Azure Active Directory feature allows you to force group owners to certify that external members should have continued access. Given that Office 365 Groups and Microsoft Teams now both support guest users, it is wise to check on who can access what from time to time. Whether you will want to pay extra for such a feature is quite another matter!
The European Union will introduce the General Data Protection Regulations (GDPR) in May 2018. The intention is to deliver better protection for personal data, which is laudable. Like with many regulations, the problems arise in implementation. Office 365 holds a lot of personal data, so Office 365 tenants must cope with GDPR.
The Office 365 Admin Center experienced a problem on August 3 when it began to include data from other tenants in its usage reports. It seems like the problem arose in a flawed code change and Microsoft fixed the issue quickly. What’s worrying is what data leaks like this mean in the context of regulations like the EU GDPR.