Digital transformation has led to an explosion of data that grows exponentially every day. Employees are empowered to more easily create, store, and share information across devices, resulting in a complex digital environment that organizations have difficulty managing. Adding to that complexity are new regulations and standards constantly emerging to ensure organizations manage and protect that data in ways that safeguard privacy and security.
The unfortunate reality is that there are also news headlines every day talking about the risks companies face—whether from internal or external sources. Insider risk is one of the fears keeping the C-suite up at night. These risks include hacking, insiders leaking data whether maliciously or inadvertently, security breaches, etc.
At Microsoft, we face these same challenges, which is why we’re investing in compliance and risk management to help you to more easily protect and govern your data more, address regulations and standards, and mitigate insider risks. Today, I’m excited to announce new capabilities in Microsoft 365 that use machine learning and intelligence to help you address compliance and risk management in your organization.
Know and protect your data—Microsoft information protection and governance
Organizations face a daunting task as they embark on their information protection journey with enormous amounts of data stored across numerous devices in multiple disparate locations from on-premises to the cloud. We spent several years working with our customers to understand their challenges better and develop solutions that leverage intelligence to simplify an otherwise complex and manual process.
Based on that customer feedback, today, we’re expanding built-in classification, labeling and protection experiences as part of Microsoft 365 apps and services. User driven sensitivity labeling is now available natively in Outlook Mobile on both iOS and Android. Automatic classification based on content inspection will be available in Word, Excel, PowerPoint and Outlook for customers on the Office 365 ProPlus version of the Office apps.
You’ll also be able to apply sensitivity labels to data in Power BI. When you browse to a SharePoint Online library, you’ll be able to see sensitivity labels applied to documents in the library. Additionally, you can assign labels to SharePoint Online sites to control access to sensitive libraries and documents.
Not all data is created equal, and many organizations have data that is unique to them. Today, I’m also announcing that we’re incorporating machine learning into information protection and governance in Microsoft 365 with new trainable classifiers. You can now train our classification engine to intelligently classify unique data sets, such as customer records, contracts, and more. Now in public preview, these trainable classifiers can be used in combination with retention labels to automatically label data and apply policies. We are just getting started! The ability to use these classifiers in combination with sensitivity labels will start rolling out into preview by the end of the calendar year.
We’re expanding the ability to protect and govern data beyond Microsoft 365. Today, we’re previewing the ability to view labeled and protected PDFs directly within Microsoft Edge, as well as apply protections to those PDFs when sent as an attachment in an email.
The new data classification tab of the compliance center in Microsoft 365 shows you the volume of sensitive data across Microsoft 365, categorized by sensitive information types or associated with regulations. You also gain visibility into recommended policies to protect data and inform taxonomy for sensitivity labeling.
Manage insider risk—New Insider Risk Management and Communication Compliance
The modern workplace offers innovative technology that employees love, empowering them to communicate, collaborate, and produce with agility. Trusting your employees is the key to creating a dynamic, inclusive workplace and increasing productivity.
However, with trust comes risk, and there seem to be news headlines every week that highlight yet another hack or data leak. The effort required to identify these risks and violations is not trivial, and it requires effective collaboration across security, HR, and legal—as well as a balanced approach across privacy and risk management.
The private preview of Insider Risk Management, as a part of Microsoft 365, is also now available. Insider Risk Management can help you and your organization to promptly identify and remediate insider threats and risks, while maintaining a principled approach to privacy.
Insider Risk Management leverages Microsoft Graph and other services to obtain real-time native signals across Office, Windows and Azure, including file activity, communications sentiment and abnormal user behaviors. Additional third-party signals from human resources (HR) systems such as SAP and Workday can be integrated via connectors. It also includes a robust set of configurable playbooks tailored for risks, such as digital IP theft and confidentiality breach. These playbooks use machine learning and intelligence to correlate these signals to identify hidden patterns and risks that manual methods might miss.
A comprehensive view provides a curated summary of individual risks within your organization. This view includes a historical timeline of relevant activities and trends associated with each identified user. For example, you could see if a user downloaded some files and copied some of them to a USB device and in the same timeframe, submitted their resignation.
We also designed for privacy, so display names for risky users can be anonymized by default to maintain confidentiality and prevent conflicts of interest. Finally, end-to-end integrated workflows ensure that the right people across security, HR, and legal and compliance are involved in investigating and acting upon identified risks quickly.
Also in public preview today, Communication Compliance is a brand-new Microsoft 365 solution that helps organizations address code-of-conduct policy violations in company communications, while also assisting organizations in regulated industries meet specific supervisory compliance requirements. Communication Compliance leverages machine learning to intelligently detect violations across different communication channels such as Microsoft Teams, Exchange Online or Bloomberg instant messages.
Once a violation has been flagged and the designated investigator is alerted, it is crucial that the review process enables them to act on violations efficiently. Features—such as historical user context on past violations, conversation threading and keyword highlighting—allow the investigator to triage the violation and take the appropriate remediation actions swiftly.
You can learn more about Insider Risk Management and Communication Compliance in the Tech Community blog.
Assess and monitor risks—Microsoft Compliance Score
It’s more important than ever for you to have the knowledge and tools to work across compliance and risk management teams to effectively assess and monitor risks. To help you implement more effective data protection controls, we’re announcing the public preview of Microsoft Compliance Score, which enables you to simplify compliance and reduce risk. Even if you’re not an expert in complex regulations like General Data Protection Regulation (GDPR), you can still take action and contribute to progress toward compliance.
With Microsoft Compliance Score, you can now continuously assess and monitor data protection controls, get clear guidance on how to improve the score, and leverage the built-in control mapping to scale your compliance efforts across regulations and standards. Compliance Score is available now in public preview for all Microsoft 365 customers in the compliance center. Learn more about Compliance Score on Tech Community.
Additional compliance investments
While I’ve highlighted the biggest updates, we also have several other significant investments we’re announcing today. For example, the new conversation reconstruction capability is now generally available in Advanced eDiscovery, which threads Microsoft Teams or Yammer messages into conversations, allowing you to efficiently review and export complete dialogues with context, not just individual messages. Our Tech Community has more information about Advanced eDiscovery.
In addition, we released a new compliance and risk management solution catalog in public preview as a part of the compliance center in Microsoft 365. In the catalog, you can easily discover, learn about, and start using all the Microsoft 365 compliance solutions, and pin the frequently used answers to the navigation bar.
Your compliance and risk management journey
Compliance and risk management can be daunting areas for any organization. Whether it’s knowing and protecting your data, addressing insider risk or better assessing your compliance, we’re investing deeply to give you the tools you need to navigate compliance and risk in a cloud world. Together with our partners, we’re committed to helping you in every step of your journey.