When it comes to collaborative working and remote office setups, Microsoft Office 365 stands head and shoulders above the competition. It makes genuine remote collaboration a truly simple task, encouraging productivity and flexibility, and is able to all elements of the modern workforce. With the entire suite of Microsoft Office applications at your fingertips from wherever you are in the world, working in the cloud with O365 is a breeze.
As with all cloud-hosted environments, security is paramount. In order to stay on top of security and compliance, Microsoft rolled out two new portals in February -- the Microsoft 365 Compliance Center and the Microsoft Security Center -- to replace the Office 365 Security and Compliance Center (SCC) introduced in 2016. Functionality from the SCC will be divided between the two new portals to allow expansion and handle extra workloads.
But what does this mean for organizations in Alberta and the rest of Canada? What are the new features that they need to get up to speed with, and how can they ensure compliance? Below, we run through some of the most useful aspects of the new portals and some of the ways that businesses can engage with this new rollout to remain compliant and ensure effective working practices.
New features
To get to the new Compliance Center, head to the O365 Admin Center, expand the group on the bottom of the left navigation dropdown and click Compliance. Alternatively, just click here.
Your first interaction with the Compliance Center will be the First Run Experience (FRE). This takes up most of the welcome screen and provides links to the important documentation, next steps, and feedback procedures. You’ll also have the option to Assess, which will give you a snapshot of the current compliance situation, and Protect, where you can deal with DLP and integrated apps.
Plenty of the functionality and resources will be familiar to anyone who has used the SCC in the past. Monitoring and Reports feature the same cards focusing on data, alerts, and insights, while the Classification section features the same Labels, Label policies, and Sensitivity Info types subsections from the SCC. However, there are several new features to be aware of.
eDiscovery
eDiscovery allows you to search and retrieve files and resources relating to legal matters, as well as access content from Sharepoint sites, Exchange mailboxes, and OneDrive locations. It gives users the ability to take large amounts of unsorted data and pinpoint relevant information for particular cases.
Data Governance
Data governance gives you control over information from a variety of sources, including external platforms and archive mailboxes. You can import emails and apply policies and rules as needed, as well as ensure relevant data is retained while unnecessary information is deleted.
Threat Management
Threat management allows you to keep business data safe, prevent data loss, and secure your business against malware and spam emails. You’ll be able to easily and quickly identify undesirable activities and prevent them from becoming issues. In the threat management section, you can manage and secure devices, encrypt data, and protect inboxes from spam and spyware.
Set User Permissions
O365 Permissions allows you to assign specific permissions for compliance tasks to individual users, allowing them to complete assignments or access content as needed while maintaining control and oversight over the wider functions.
O365 Auditing
Auditing happens automatically and allows you to always be able to be aware of what is going on across the O365 suite of applications. This facility logs and reports activity on an ongoing basis and keeps you fully informed about potential threats, risks, and activities across the O365 environment, giving you the ability to respond to issues immediately.
Alerts
You can set up your own bespoke alerts based on specific user activities, notifying you instantly whenever certain conditions are met.
How to ensure compliance
The first thing you have to do to ensure compliance is take a look at your Microsoft Compliance Score. This gives you a benchmark to work from in order to improve your compliance score.
Next up, think about implementing internal risk management policies to help ensure that practices inside your organization are as risk-free as possible and allow you to quickly see any activities that are risky and fix or prevent them before they become issues.
Take a look at your organization's data loss prevention policies and ensure that they are up to date and fully compliant with the relevant documents in the Compliance Center documentation.
Make sure you are totally up to speed with Microsoft Cloud App Security and configure it so that your organization’s applications are protected properly.
Make sure that your internal communication is compliant by implementing policies that allow you to swiftly detect and mitigate code of conduct violations.
Lastly, check in on your Compliance Center often. You’ll be able to see the progress you’ve made on your compliance score and review any security alerts and possible risks or breaches, allowing you to fix problems before they have a serious impact on your organization.