When it comes to eDiscovery and which solution is right for your organization, “you get what you pay for.” Microsoft 365 services are no different – you’re either willing to pay for them or you aren’t. Some organizations will not need or want to pay for Advanced eDiscovery, while others will find it an essential purchase. Regardless of which camp your organization resides in, Microsoft provides customers with the flexibility to choose between two eDiscovery tools best suited for your needs.
Find articles about implementing and managing compliance features for Office 365.
SharePoint site and information architecture has been around long enough to be an established practice and area of expertise in the SharePoint world. What’s new about it, however, is its elevated role in Microsoft 365 compliance. Architectural decisions made in a tenant can have lasting, follow-on effects which information architects need to be aware of. This post highlights some key points about how these decisions can affect managing compliance at scale by providing structure and governance to SharePoint.
The audit events generated for license assignments to user accounts available in the Azure AD audit log and Office 365 audit log are inconsistent and incomplete. This is certainly true for licenses assigned to accounts through auto-claim policies and group-based licensing, but known gaps exist in the audit records generated in other areas of Office 365 and Microsoft 365 functionality. We think Microsoft needs to pay attention to ensure that auditing works consistently and predictably across all workloads. Once they improve the fit and finish of audit record generation, they can move into other areas, like charging for access to high-value audit events.
Microsoft has upgraded unified DLP policies to support the rich set of conditions, exceptions, and actions available for Exchange transport rule-based DLP policies. The upgrade means that organizations which have been forced to continue using ETR-based DLP policies can begin the process of moving over to unified DLP. This process won’t be easy, but it’s the right thing to do for the long term.
Data Loss Prevention (DLP) is a feature of Office 365 E3 and E5 plans. Most DLP policies focus on matching sensitive information types created by Microsoft, like credit card numbers, but it is relatively easy to create a custom sensitive information type for use in DLP policies to detect information specific to your organization. In this example, we create a sensitive information type for Azure AD passwords and explore its use in Teams DLP policies.