Tuesday, October 19, 2021

Expanding Microsoft 365 Privacy Management with API Ecosystem and Extensibility

Data privacy regulations such as GDPR or California Consumer Privacy Act (CCPA) grant consumers the right to know the specific pieces of data that organizations have collected about them. Research shows that 64% of the companies handle subject requests manually, 25% have a partially automated process, and only 1% have automated their response[1]. Microsoft’s Privacy Management solution helps organizations automate and manage subject requests at scale. Customers are looking to solve for data privacy needs or their entire data landscape - including Microsoft 365 data.


To enable our customers to meet their data privacy-related requirements beyond Microsoft 365 we are building extensibility within our Privacy management platform. Today we are excited to announce the general availability (GA) of Privacy APIs as well as built-in integration with Power Automate workflows to solve for following key scenarios:


  • Integrate subject rights requests with in-house or partner-built privacy solution
  • Automate Privacy workflows and create calendar reminders, search files with specific tags, and track subject requests in ServiceNow


Integrate subject rights requests (commonly known as data subject requests) using Microsoft Graph APIs


Microsoft Graph APIs for subject rights requests enable our customers to integrate Microsoft 365 related subject rights requests with their in-house or partner-built privacy solutions. This API-based extensibility enables our customers to respond to subject rights requests in a unified manner across their entire data estate covering both Microsoft and non-Microsoft environments. This also helps with automation at scale and helps customers meet industry regulations more efficiently without relying on manual processes.


We are also excited to announce our partnership with leading privacy ISVs, OneTrust, Securiti.ai, and WireWheel who all are using Microsoft Graph APIs to extend subject rights management capabilities to personal data stored outside of Microsoft 365, enabling customers to have a unified and streamlined response to subject requests. OneTrust, Securiti.ai and WireWheel have also joined MISA - Microsoft Intelligent Security Association program. This further strengthens our ecosystem and helps us scale with partners to bring even more security, risk, compliance, and privacy value to our joint customers.


OneTrust integrates subject rights requests for Microsoft 365


“At OneTrust, we’re committed to helping organizations become more trusted," said Kevin Jones, Director of Product Management - OneTrust. “Our collaboration with Microsoft empowers businesses to automate the fulfillment of data subject access requests within the Microsoft 365 compliance center, streamlining the IT admin experience.”


OneTrust integration with Microsoft 365 Privacy ManagementOneTrust integration with Microsoft 365 Privacy Management

 Figure 1: OneTrust integration using Microsoft Privacy APIs


Securiti.AI integrates subject rights requests for Microsoft 365


Through our partnership with Microsoft, we are providing organizations a unified solution to automate their data privacy operations across their structured and unstructured data systems. More specifically, our integration with Privacy Management for Microsoft 365 using Microsoft’s new Privacy APIs enables our joint customers to automatically fulfill the Microsoft 365 portion of subject rights requests within Privacy Management and ensure compliance with an ever-growing number of privacy regulations globally,” said Vivek Kokkengada, VP Products at Security.


Securiti.AI integration workflow with Microsoft 365 Privacy ManagementSecuriti.AI integration workflow with Microsoft 365 Privacy Management

Figure 2: Securiti.AI integration using Microsoft Privacy APIs


Wirewheel integrates subject rights requests for Microsoft 365


“As privacy regulations continue to proliferate throughout the globe, companies are receiving more and more privacy rights requests. Through WireWheel's partnership with Microsoft, we are providing organizations with the ability to make Data Subject Access Request (DSAR) fulfillment more accurate, faster, and easier by automating the process of finding and retrieving personal data, especially employee personal data. This partnership enables our joint customers to be able to lower the cost to fulfill privacy requests by significantly reducing the administrative burden on employees who have to do this manually today.” said Justin Antonipillai.


WireWheel integration with Microsoft 365 Privacy ManagementWireWheel integration with Microsoft 365 Privacy Management

Figure 3: Wirewheel integration using Microsoft Privacy APIs


Automate Privacy workflows


Our customers want and need the ability to customize and automate business processes related to subject rights requests. These scenarios can range from getting required sign-offs from risk teams once review is done to raising a ticket in ServiceNow for tracking purposes. We are excited to announce our built-in integration with Power Automate templates to enable our customers to use their existing business process for managing subject rights requests in Privacy Management for Microsoft 365. Following sample workflow templates are available out-of-the-box:

  • Get files by tag for this Subject rights request (SRR)
  • Add a calendar reminder to follow up on SRR
  • Create a record for SRR in ServiceNow




 Figure 4: Built-in Privacy Management templates via Power Automate integration


Get started with Privacy APIs

 Get started with Microsoft Privacy APIs and learn how to use them in your applications today, view documentation here.


Learn more  

  1. Read our latest announcement on Privacy Management
  2. Read product documentation for more information on Privacy Management 
  3. Watch this video to learn more about Privacy Management capabilities 
  4. Visit this website to learn more about privacy at Microsoft   



[1] Privacy in the wake of COVID-19, IAPP-EY,2020







Posted at https://sl.advdat.com/3DM1rtg