Enabling secure remote work, addressing regulations and uncovering new risks is now more of a reality as Microsoft announces several new capabilities across its compliance offering
By: Mohamed El Nemr, Modern Workplace and Security Business Group Lead for Microsoft Middle East and Africa Emerging Markets.
In the wake of the COVID-19 pandemic, many consistent challenges have been experienced by businesses. With so many remote workers, people are creating, sharing and storing data in new ways – fostering productivity, but this has also introduced new risks. And this is not just an assumption. A recent Microsoft poll revealed that providing secure remote access to resources, apps, and data is the key concern for Chief Information Security Officers (CISOs).
With penalties and fines for non-compliance set at a maximum of €20 million or 4% of a company’s annual global turnover – in an industry that is ever changing, it is in the best interests of organisations to remain continually complaint.
As such, to assist companies in better protecting their data, mitigate risk and address compliance regulations, especially in this time of flexible work, Microsoft has announced several new capabilities across Microsoft Compliance.
General availability of Microsoft Compliance Manager: addressing industry regulations and custom requirements
In addition to the talent shortage and complexity of compliance management, customers also face the need to comply with an increased volume and frequency of regulations, with hundreds of updates a day globally to thousands of industry and regional regulations. Additionally, the complexity of these regulations has made it challenging for organisations to know which specific actions to take and the impact of these.
Compliance Manager offers a vast library of assessments for expanded regulatory coverage, built-in automation to detect tenant settings, and step-by-step guidance to help businesses manage risk. The feature also translates complex regulatory requirements to specific technical controls and through compliance score, provides a quantifiable measure of risk assessment – bringing together the existing Compliance Manager and Compliance Score solutions in the Microsoft 365 compliance center.
See also: Microsoft launches Expressive Pixels app to help you create animations
The Compliance Manager provides a comprehensive set of templates for creating assessments, to help organisations comply with national, regional and industry-specific requirements governing the collection and use of data. Local laws including the Kenya Data Protection Act and Nigeria Data Protection Regulation, Mauritius Data Protection Act and Ghana Data Protection Act have been mapped into the Compliance Manager tool to facilitate local compliance.
New connectors and APIs: extending Microsoft compliance capabilities to third-party apps
To provide greater visibility into an organisation’s data, wherever it lives, new connectors have been made available that can pull data from other apps into Microsoft Compliance (including Microsoft Information Protection, Insider Risk Management, Communication Compliance, and eDiscovery) to help companies reason over, protect and govern that data.
The ability to access Microsoft Compliance solutions and integrate these with existing applications and services that are part of broader compliance, security, and operations (SecOps) ecosystems has become a growing need across the board. As such, new API’s have also been announced – forming part of the broader Microsoft Graph ecosystem:
- Teams Data Loss Prevention (DLP) API: Allows third-party products to integrate and enable data loss prevention capabilities for Microsoft Teams.
- eDiscovery API: Allows for the automation of Advanced eDiscovery processes, including case creation and the entire legal hold notification workflow to communicate with custodians involved in a case.
- Teams Export API: Allows the export of Teams Messages along with attachments, emojis, GIFs, and user @Mentions. This API supports polling daily Teams messages and allows archiving of deleted messages up to 30 days.
Protecting native and third-party cloud apps through unified data loss prevention (DLP)
Having the right data protection and governance approach is critical to not only addressing regulatory compliance but also to mitigating risks around data leakage.
The extension of Microsoft data loss prevention solutions to Microsoft Cloud App Security is a new capability that extends the integration for DLP policy-based content inspection across connected applications such as Dropbox, Box, Google Drive, Webex, One Drive and SharePoint.
This extension of Microsoft data loss prevention solutions to MCAS will help users to remain continuously compliant when using popular native and third-party cloud apps and helps to ensure sensitive content is not accidentally or inappropriately shared.
Expanded security and compliance capabilities built directly into Microsoft Teams
With Microsoft Teams usage growing with the shift to remote work, organisations are looking for seamless integration in order to keep their data and employees secure and compliant. With the volume of business conversations occurring round the clock in the solution, additional security and compliance features have also been added.
Insider Risk Management now offers native integration with Microsoft Teams to securely coordinate, collaborate, and communicate on a case with relevant stakeholders in the organization. When an Insider Risk management case is created, a private Microsoft Teams team will also be created and bound to the case for its duration. This Microsoft Teams team will, by default, include insider risk management analysts and investigators, and additional contributors such as HR and Legal, can be added as appropriate.
Auto-apply retention policies for Microsoft Teams meeting recording allow you to retain and delete recordings with in-place governance, which means the retention policies apply wherever the recordings are saved without the need to export elsewhere. When the rollout for this begins in October, we will provide guidance on how you can leverage Keyword Query Languages to create retention policies for Teams meeting recordings.
Advanced eDiscovery supports live documents and links shared in Microsoft Teams. The feature also automatically collects documents from a storage location, such as SharePoint or OneDrive, to pull the content into an eDiscovery case. The attachments are collected, reviewed, and exported along with the Teams conversations so customers don’t need to manually find and collect the documents one by one.
Customer Key support for Teams: Microsoft helps keep Teams data safe by encrypting it while at rest in Microsoft datacenters. This has been extended to enable customers to add a layer of encryption using their own keys for Teams, similar to Exchange Online, SharePoint Online, and OneDrive.
We are well into a new era of business which has already brought with it the need for new processes and prerequisites. These new capabilities will only go a long way in ensuring that Microsoft customers across the continent and globally remain compliant.
