Become a Communication Compliance Ninja
**Communication Compliance is a solution in Microsoft Purview. Some assets and past recordings may refer to it as Communication Compliance in Microsoft 365 or in Microsoft Compliance; these all refer to the same solution. **
** Updated June 2023 **
In this Ninja page, we share the top resources for Communication Compliance users to become more proficient with the Microsoft Purview Communication Compliance solution. For official documentation please check http://aka.ms/CommunicationCompliance.
We are very excited and pleased to announce this rendition of the Ninja Training Series. There are several videos and resources out there and the overall purpose of the Communication Compliance Ninja training is to help you get the relevant resources to get started and become more proficient in this area.
After each section, there will be a knowledge check based on the training material you’ve just finished! Since there’s a lot of content, the goal of these knowledge checks is to help you determine if you were able to get a few of the major key takeaways.
Lastly, this training will be updated on a semi annual basis to ensure you all have the latest and greatest material! We are continuously delivering product updates and thus you should check both the public roadmap and message center posts to stay up to date.
Let us know what you think below in the comments!
Latest Communication Compliance blog – https://aka.ms/communicationcomplianceblog
All Communication Compliance Blogs
Legend:
| VIDEO - Product videos | WEBCAST - Webcast recordings | COMMUNITY -Tech Community |
| DOC- Docs on Microsoft | BLOG - Blogs on Microsoft | GITHUB - GitHub |
| NEW - New/updated items | GUIDE - Interactive guides | LEARN - Learning path |
| EXT - External Sites | PODCAST - Podcast |
Why do I need Communication Compliance?
With the shift towards a hybrid work environment, organizations seek out technology like Microsoft Teams to empower their employees to do their best work digitally. At the same time, organizations also need to manage risk in communications to help detect regulatory compliance violations (e.g. SEC or FINRA), such as sensitive or confidential information, harassing or threatening language, and sharing of adult content. With a solution that is built with privacy in mind.
In a Microsoft Market research study done in May 2021, 60% of information workers stated that detection of offensive language would boost company morale. It also stated that 74% of organizations are likely to adopt risk detection models for Insider trading, offensive content, and bribery. In addition to that customers tell us they need to reduce blind spots around data security risks introduced by these new ways of working. As hybrid work becomes the norm across enterprises, fewer internal reports of compliance violations during the same timeframe suggests risks may be going unreported at larger scale. According to Gartner® research, in 2020 and 2021 compliance teams learned of about 31 fewer instances of potential violations per 1,000 employees than in 2018 and 2019, before the COVID-19 pandemic massively accelerated remote and hybrid work transformations[1].
Corporate communication channels continue to proliferate as a result of hybrid collaboration and engagement with customers across multiple mediums and devices. This has also resulted in regulatory agencies, such as the Securities and Exchange Commission (SEC), shifting their regulatory requirements to include work-related communications on all devices and platforms. With stronger enforcement stances and increases in communication volume across platforms, organizations are finding it difficult to sift through volumes of communications to help meet regulatory compliance requirements. These elevated compliance standards also result in higher fines. For example, in the United States, the SEC imposed $1.8B in fines on Wall Street firms because employees violated communication requirements by discussing business matters using personal devices and text messages.
- NEW- VIDEO - Help fulfill regulatory requirements with Microsoft Purview Communication Compliance
- NEW - VIDEO - Communication Compliance and Microsoft Teams
- BLOG - Empower employees to flag security and regulatory concerns in Microsoft Teams
- VIDEO - Aligning Culture and compliance for better business
- BLOG - Microsoft can help reduce risk during the Great Reshuffle
- VIDEO - Holistic approach to risk detection and prevention
- DOC - Why is Insider Risk important
Ready for the Why do I need Communication Compliance knowledge check?
Overview
Protecting sensitive information and detecting potential risky incidents is an important part of compliance with regulatory, internal policies and organization standards. Communication Compliance helps minimize these risks by helping you quickly detect, capture, and take remediation actions for Microsoft Teams communications, email, Viva Engage (Yammer), and even non-Microsoft communications. These include helping organizations detect potential business conduct and regulatory compliance violations, such as sensitive or confidential information, harassing or threatening language, and sharing of adult content being shared over communications both inside and outside of your organization. Protecting the privacy of users that have policy matches is important and can help promote objectivity in data investigation and analysis reviews for communication compliance alerts. That is why Communication Compliance allows for pseudonymized users, allows you to control who can review policy matches and set up role-based controls.
- BLOG - How Prince William County Public Schools creates a more cybersafe classroom with Microsoft Purview
- VIDEO - Manage data risks from employee insiders with Microsoft Purview
- DOC - Communication Compliance Overview
- VIDEO - How Microsoft 365 secures and supports your organization from the inside out
- VIDEO - Manage risk and compliance with end-to-end security solutions
- LEARN- Microsoft Purview Communication Compliance Learning Path
- BLOG - How to protect employees from online harassment
- BLOG -TD Securities builds on its Microsoft 365 Communication Compliance infrastructure with a highly secure, compliant global Microsoft Teams deployment
- EXT - How to foster safe and compliant communications at work
- EXT- Building an effective insider risk program
- EXT - Building a holistic Insider Risk Management Program
Ready for the Overview knowledge check?
Getting Started
This section will focus on considerations and tasks for a successful deployment, setup, and investigation of Communication Compliance, including licensing requirements, user permissions, audit log configuration, and policy configuration. Once you have the licensing, permissions, and audit logs configured, you can create a Communication Compliance policy. Communication Compliance policies allow you to scope which communication locations and users are subject to review in your organization, define which custom conditions the communications must meet for further review, and specify who should be reviewing the policy violations.
After you've configured your Communication Compliance policies, you'll start to receive alerts in the Microsoft Purview compliance portal for messages that match your policy conditions. Alerts are reviewed by individuals who you assign as analyst or investigator and have been explicitly assigned to a policy. These users review the alerts and take the appropriate remedial actions such as sending a notification to the user, removing a message from Teams, escalating to another reviewer, or in severe cases, creating a Microsoft Purview eDiscovery (Premium) case for possible legal action.
We are happy to share that there is now an easier way for you to try Microsoft Purview solutions directly in the Microsoft Purview compliance portal with a free trial (an active Microsoft 365 E3 subscription is required as a prerequisite). By enabling the trial in the compliance portal, you can quickly start using all capabilities of Microsoft Purview, including Insider Risk Management, Communication Compliance, Records Management, Audit, eDiscovery, Information Protection, Data Lifecycle Management, Data Loss Prevention, and Compliance Manager.
- Solution Guides
- Licensing
- Permissions
- Privacy
- Understand your risk
- Creating Policies
- DOC - Create and manage policies
- DOC - Policy for Insider Risk Management integration
- DOC - User-reported messages policy
- NEW - DOC - Empower employees to flag security and regulatory concerns in Microsoft Teams
- NEW - DOC - Using classifiers to detect potential risk (Image and Language)
- NEW - DOC - Conditional Settings
- DOC - Case study - Configure an inappropriate text policy
- Investigate and Remediate alerts
Ready for the Getting Started knowledge check?
Detecting potential violations of non-Microsoft Communications
Communication Compliance allows you to analyze communications for data imported into mailboxes across Microsoft and non-Microsoft sources, like Instant Bloomberg, Slack, Zoom, SMS/MMS, and many others. You must configure a third-party connector before you can assign the connector to a Communication Compliance policy.
- DOC - Connecting non-Microsoft sources to Communication Compliance Policies
- DOC - Learn about connectors
- VIDEO - Data connectors
Ready for the Detecting Violation on non-Microsoft communications knowledge check?
Integrating with other tools
Communication Compliance can ingrate with other tools such as Microsoft Insider Risk Management which can allow your look at a much larger risk profile beyond just communication, security incident and event management (SIEM) integration using the Office 365 Management APIs or PowerAutomate, which can be configured to take repeatable actions as part of the remediation process. You may also identify trends in Communication Compliance that you want to block or take more proactive action on using Microsoft Purview Data Loss Prevention. Communication Compliance can utilize the same sensitive information types that can be used across Microsoft Purview solutions such as Data Loss Prevention, Information Protection, Information Governance, and others. If the policy match warrants further investigation, then you can escalate the policy violations seamlessly from Communication Compliance to an eDiscovery (Premium) case for deeper legal review or action.
- DOC - Working with Insider Risk Management
- DOC - Working with PowerAutomate
- DOC - Microsoft Purview Data Loss Prevention
- DOC - Microsoft sensitive information types
- DOC - Microsoft Purview eDiscovery (Premium)
- DOC - Communication Compliance with SIEM Solutions
Ready for the Integrating with other tools knowledge check?
Fine-tuning your conditions
With the conditions you have in Communication Compliance policies and the flexibility you have with sensitive information types, you can work to fine-tune your policies and reduce false positives. You can also provide feedback on the trainable classifiers models to help improve their accuracy.
- NEW - DOC - Best practices for managing the volume of alerts in communication compliance
- NEW - DOC - Filter Email Blast
- DOC - Ignore disclaimers
- DOC - Classifier support including support for 12 languages
- DOC - Create custom sensitive information types
- DOC - Policy settings
Ready for the Fine-tuning of your conditions knowledge check?
Reporting and Auditing
Communication Compliance has a central reporting area for viewing all Communication Compliance reports. Report widgets provide a quick view of insights most needed for an overall assessment of the status of Communication Compliance activities such as recent policy matches and policy with most matches. Detailed reports provide in-depth information related to specific Communication Compliance areas and offer the ability to filter, group, sort, and export information while reviewing.
For more custom reporting to meet your audit or reporting needs customers can also run and export per policy detailed reports.
In some instances, you must provide information to regulatory or compliance auditors to prove supervision of user activities and communications. This information may be a summary of all activities associated with a defined organizational policy, anytime a Communication Compliance policy has been updated or settings have been changed. Communication Compliance policies have built-in audit trails for internal or external audits. Detailed audit histories of every create, edit, and delete action are captured by your communication policies to provide proof of supervisory procedures.
- DOC - Audit
Ready for the Reporting and auditing knowledge check?
Additional Resources
- Microsoft 365 Roadmap: Roadmap of upcoming features and changes.
- Message Center: Notifications and details of updated changes to Microsoft 365
- What is new in Microsoft Purview
- Tech Community – Security and Compliance: Blogs, community forums, and more
- Communication Compliance feedback portal
Once you’ve finished the training and the knowledge checks, please go to our attestation portal to generate your certificate; you'll see it in your inbox within 3-5 business days.
[1] Gartner, Encouraging Reporting in a Hybrid World: Building a Reporting Value Proposition, 29 June 2022
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
Updated Dec 19, 2024
Version 7.0
Patrick_David
Microsoft
Microsoft
