Extending Compliance, Risk and Privacy Platforms

Microsoft

Nov 02, 2021

Organizations are always looking to solve compliance, risk, and privacy related challenges across their entire multi-cloud data landscape including Microsoft data. Our customers also want to be able to integrate Microsoft’s compliance, risk, and privacy solutions with their existing IT environments. We are continuing to build our Compliance platform to be extensible and solve for our customer’s multi-cloud environments.

Multi-cloud data access

To enable our customers to cover their entire data landscape including Microsoft and non-Microsoft environments we are continuing to expand our connector gallery to enable high-fidelity data ingestion that empowers multiple compliance solutions including Microsoft Information Governance, Advanced eDiscovery, Communication Compliance, and Insider Risk Management. Our partners Veritas, Telemessage, 17a-4, and CellTrust are adding new data sources that are easily accessible in our ‘connector gallery’ - alongside Microsoft-built connectors. Today we are excited to announce that we now have 68 built-in connectors generally available (GA). We are also excited to announce that 33 of these connectors are now available in our government cloud (GCC) environments. To learn more on how to use these connectors and which solutions they enable please view this link.

Figure 1: Data Connectors gallery in the Microsoft 365 Compliance Center

We are also very excited to share how our customer St. Luke's University Health Network is using Data Connectors to enable the Patient Data Misuse Healthcare policy for Insider Risk Management.

Figure 2: Epic and generic healthcare connector empowering Insider Risk Management’s Healthcare Records Access Policy scenario

” Thanks to Insider Risk Management from Microsoft, our HR team can jump in before we suffer a catastrophic issue. We rely on its synergy with our other Microsoft Security and Compliance solutions to be much more proactive and boost compliance” – David Finkelstein, Chief Information Security Officer, St. Luke's University Health Network.

To learn more about this and how Insider Risk is enabling healthcare-related scenarios using data connectors read this blog.

Compliance, Risk, and Privacy APIs for Integration

We are continuing to advance our API footprint across our compliance, risk, and privacy solutions. Following is a quick summary of recent announcements covering the most important milestones:

General availability of Microsoft Graph APIs for subject rights request (SRR) enabling Privacy automation.
Keeping data protected is a central objective of a Zero Trust strategy. We recently published a technology partner integration guide here. You can learn more here on how MIP SDK can be used to classify, label, and protect your data as you implement Zero Trust architecture.
Update of MIP SDK as it adds capabilities for reading and writing labels on MSG files, and now fully supports Debian 10 and Ubuntu 20.04. Review the release blog and notes for more!
We talked about Built-in Compliance for Microsoft 365-connected apps at our Build conference earlier this year. We are excited to share that this capability is now available in public preview.
Audit becomes a new product category in MISA program with Quest and Sumo Logic joining the growing Compliance ecosystem.
General availability of Microsoft Graph Export Teams APIs for Microsoft Teams that enables customers and ISVs to export Microsoft Teams message data for processing in their Security and Compliance (S+C) SaaS applications.

Compliance Manager extends beyond Microsoft 365

Our customers and partners use Microsoft Compliance Manager to simplify their compliance efforts and reduce risks. Today, we are excited to announce that Compliance Manager now includes Azure and Dynamics 365 assessment templates. This allows organizations to track compliance for Microsoft cloud from a single place. Starting this week customers will be able to create Azure and Dynamics 365 assessments (in preview) for ISO 27001, NIST 800-53, SOC2, and FedRAMP.

Earlier this year, we announced universal assessment templates in Compliance Manager that allow customers to map non-Microsoft regulatory assessments to any product or service in their environment. We are excited to share that our partners such as BDO and Protiviti are now using universal templates to extend compliance manager capabilities beyond Microsoft environments. To learn more about how our partners are building on top of Compliance Manager as a platform and extending beyond Microsoft 365 please visit our compliance manager-related announcements here.

Compliance Trial

We are happy to share that there is now an easier way for you to try Microsoft compliance solutions directly in the Compliance Admin Center with a free trial. By enabling the trial in the Compliance center, you can quickly start using all capabilities of Microsoft Compliance, including Insider Risk Management, Records Management, Advanced Audit, Advanced eDiscovery, Communication Compliance, Microsoft Information Protection, Data Loss Prevention, and Compliance Manager.

This trial is currently rolling out to tenants worldwide and you can learn more about it here.

To summarize, we are on this exciting journey to enable our compliance, risk, and privacy solutions to work across your multi-cloud environments. With our APIs, we are enabling extensibility so you can solve for your unique needs as well as benefit from value-added solutions built by our partner ecosystem. We can’t wait to see what you build next. In the meantime, here are some useful resources for your reference:

Watch this video to learn more about our extensibility-related capabilities and how we are expanding compliance beyond Microsoft for our customers and partners
Try out our data connectors and leverage multiple compliance scenarios.
Try out Compliance manager to extend compliance beyond Microsoft 365 and use partner-built capabilities here and here.
Explore additional partner-built capabilities at MISA program’s solution catalog.
Learn more about all our APIs and extensibility capabilities here.