Tuesday, April 19, 2022

Safeguard your people and data across new ways of working, with Communication Compliance

It’s no secret that hybrid work has fundamentally changed how we communicate, collaborate, and share information. Employees are no longer sitting together within traditional office building environments; they're interacting with work and their peers in virtual spaces. As organizations adapt to the evolving needs of this space, they must seek out communication and collaboration tools that not only empower employees to do their best work, but scale necessary risk and compliance controls across our new ways of working, as well.  


While hybrid work has many advantages, it also creates new challenges and obligations. Organizations face growing legal, regulatory and business pressures to quickly identify, investigate and mitigate problematic communications. This includes everything from the sharing of sensitive information to the use of harassing or threatening language that clearly violates a business’s code of conduct and/or places it at legal risk. Compliance, information security, and data officers require tools that can help them manage risk, protect company assets, fulfill regulatory compliance obligations, and detect and flag the sharing of concerning content. 


Today we announced Microsoft Purview - a comprehensive set of solutions which help you govern, protect, and manage your entire data estate. This new brand family combines the capabilities of the former Azure Purview and the Microsoft 365 Compliance portfolio that customers already rely on, providing unified data governance and risk management for your organization. As part of this announcement, Microsoft 365 Communication Compliance will now be called Microsoft Purview Communication Compliance. 


Microsoft Purview Communication Compliance helps organizations foster safe and compliant communications across corporate mediums. Built with privacy by design, this solution ensures that usernames are pseudonymized by default, role-based access controls are built-in, investigators must be explicitly added by an administrator to a policy, and audit logs are in place to help ensure user-level privacy. We are excited to announce new capabilities in public preview for Communication Compliance: 


  • Reduced detection to investigation time  
  • Machine learning model highlighting 
  • Expanded optical character recognition 
  • Step by step onboarding guidance 

Reduced detection to investigation time 

To help organizations gain better visibility and respond more promptly and accurately to potential policy violations, we've made investments to reduce the time from detection to investigation to under 1 hour. The policy alert will be reviewed by a policy investigator, who is explicitly granted permission to review policy alerts by the Communication Compliance admin role.


This feature helps organizations detect explicit code of conduct and legal/regulatory compliance violations, such as harassing or threatening language, sharing of adult content and inappropriate sharing of information in a more timely manner.  


Machine learning model highlighting 

To help policy investigators accelerate time to action, it’s important for policy reviewers to quickly locate text and content matching policy conditions. To enhance the policy investigation experience, we are excited to announce machine learning model highlighting, similar to the existing keyword and sensitive information type highlighting capability.


View of machine learning model highlighting when investigating a policy violationView of machine learning model highlighting when investigating a policy violation

This feature will help provide policy investigators greater context around which word or key phrase triggered a policy match, helping investigators make more informed remediation actions and speed up the remediation process. For example, if a policy violation matched a harassment classifier, the key harassment phrase that triggered the policy would be highlighted in yellow. 


Expanded optical character recognition 

Back in 2021, we announced the ability for customers to detect compliance violations in images by extracting printed text using Azure’s Computer Vision Optical Character Recognition (OCR). With OCR, text extracted from images or PDFs is evaluated against your organization’s policy conditions, such as keyword matches for threatening language. 


Today, we are excited to announce that we have expanded OCR support to include handwritten text – further reducing blind spots for policy violations. For example, policy violations can be detected on handwritten annotations within a PDF document. 


Investigator view of Optical Character Recognition extracting handwritten text from images.Investigator view of Optical Character Recognition extracting handwritten text from images.

Step by step onboarding guidance 

It can be intimidating for organizations to know where to start. That’s why we’re excited to share that we’ve enhanced the onboarding experience with a guided, step-by-step walkthrough on how to properly configure, triage and remediate policies. 


When tenants log in, they will be met with recommended actions that highlight tasks that are heavily leveraged by the user’s role group. For example, a Communication Compliance Admin will see tasks such as how to assign permissions or how to create a policy whereas a Communication Compliance Investigator will see tasks such as investigation and remediation options for a flagged policy match. 


Communication Compliance Overview page with new guided experience.Communication Compliance Overview page with new guided experience.

Watch part one of our new insider risk Mechanics video series 

We kicked off a new Mechanics video series about our insider risk solutions, Insider Risk Management and Communication Compliance. In part one of this series, we show how you can leverage machine learning to identify explicit high-risk incidents like data theft or workplace harassment. And, how our solutions provide designated stakeholders with context and workflows to take appropriate actions and help reduce insider risks in your organization. 



New “Become a Communication Compliance Ninja” resource page 

Microsoft has a number of resources to help you get started and to learn more about using and configuring Communication Compliance. For the one-stop shop of our public-facing material and resources on the solution, check out the new “Become a Communication Compliance Ninja” resource page at https://aka.ms/communicationcomplianceninja 


This page will be updated quarterly so be sure to bookmark it to see the latest on Communication Compliance! 


Get Started 

These new features in Communication Compliance have already rolled out or will start rolling out to customer tenants in the coming weeks. Communication Compliance is generally available across government clouds, supported in GCC, GCC-High and DoD tenants and these features will be available in the government clouds in the coming months. 


We are happy to share that there is now an easier way for you to try Microsoft Purview solutions directly in the Microsoft Purview compliance portal with a free trial. By enabling the trial in the compliance portal, you can quickly start using all capabilities of Microsoft Purview, including Insider Risk Management, Communication Compliance, Records Management, Audit, eDiscovery, Information Protection, Data Lifecycle Management, Data Loss Prevention, and Compliance Manager.  


Visit your Microsoft Purview compliance portal for more details or check out the Microsoft Purview solutions trial (an active Microsoft 365 E3 subscription is required as a prerequisite). 


Learn more about how to get started and configure policies in your tenant in the supporting documentation for Communication Compliance. Keep a lookout for updates to the documentation with information on the new features over the coming weeks.  


Thank you, 

Liz Willets, Product Marketing Manager 

Christophe Fiessinger, Principal Product Manager 

Posted at https://sl.advdat.com/3uVECSghttps://sl.advdat.com/3uVECSg