Microsoft 365 gets new compliance & data privacy features
Microsoft is introducing new ways for companies to protect and manage their data within Microsoft 365. The Seattle company today announced the Microsoft 365 compliance center, a “dedicated workspace” from which managers can respond to regulatory obligations like Data Subject Requests and centrally oversee deployed services. And it took the wraps off of new Microsoft Information Protection features to classify content and apply labels to documents and emails directly from Office apps.
The launches were motivated not only by the European Union’s General Data Protection Regulation (GDPR), an EU data protection law that aims to give users more control over their personal data, but by “a shift in consumer attitude towards privacy and protecting personal data,” Rudra Mitra, partner director of Microsoft 365 Security and Compliance, wrote in a blog post. He pointed to a recent study conducted by Forrester that found that 43 percent of U.S. customers are likely to cancel an online transaction if they read something in the privacy policy they don’t like.
“Today, we’re sharing details of several new Microsoft 365 features to help you get ahead of these trends and deliver on privacy and compliance commitments in a simple, integrated, and intelligent way,” Mitra said.
The Microsoft 365 compliance center comprises customizable cards that visualize progress toward best practices for data governance. One tabulates a score reflecting the “collective compliance state” of an organization broken into subscores for regulations like GDPR, NIST 800-53, and ISO 27001, while another displays a checklist of suggestions such as “create labels to govern data lifecycle” and “turn on large archive for extra mail storage.” Also on tap are cards that break down the noncompliant apps in use by employees and clients, and that highlight users with the most shared files.
As for the aforementioned Microsoft Information Protection capabilities, Office app users on Mac (and soon iOS and Android) can now assign sensitivity labels to Word documents, which automatically apply policies with protections like encryption, access restrictions, and visual markings. The same set of sensitivity labels are available to all users no matter the platform, Microsoft says, and the labels persist with the file even if it travels to other locations. Furthermore, they’re recognized by apps and services such as Windows Information Protection and Windows Defender ATP, and allow administrators to require justifications if they’re downgraded — for example, if a label is changed from “Confidential” to “General.”
That’s not all that’s new on the compliance front. Microsoft also introduced expanded label analytics tools in Microsoft 365 that let customers analyze how sensitivity and retention labels are being used across both Office 365 data and non-Office 365 data. And in Advanced Data Governance, it rolled out the file plan manager, which maps retention schedules from existing records management solutions and on-premises repositories into Office 365.
Last but not least, Microsoft today debuted a new SEC 17a-4 regulation compliance assessment completed by Cohasset for Exchange-based storage. (SEC Rule 17a-4 is a U.S. regulation issued by the Securities and Exchange Commission that outlines requirements for data retention, indexing, and accessibility for companies that deal in the trade or brokering of financial securities such as stocks, bonds, and futures.) And it said that the Supervision tool within Advanced Compliance now includes Microsoft Teams content and additional features to flag sensitive data types and “offensive language” classifiers.
Tuesday’s launches come months after Ignite 2018, Microsoft’s annual enterprise technology conference in Orlando, Florida, where it unveiled new support for passwordless logins via the Microsoft Authenticator app, updated Microsoft Secure Score, and announced Microsoft Threat Protection. There, it also announced a public preview of Azure confidential computing, which became available in October.