Recent Updates to Microsoft Security and Compliance 

Klarinet Solutions hosts monthly Tech Talks for our clients and partners, which covers various topics around Microsoft 365 and the modern digital workplace. In our latest Tech Talk, Matt Fishman, Director of Solutions Delivery, and Daniel Amaro, Lead Consultant at Klarinet Solutions, led the main discussion on Microsoft Security and Compliance and its recent updates. In this article, we will summarize the main points on Security and Compliance, here is what our experts discussed:

Managing the security of your business to protect against an ever-evolving threat landscape brings many challenges. The Microsoft Purview Compliance Portal (previously Security & Compliance Center) is designed to help you maintain compliance features for your entire organization. With the recent shift to remote work, it has been vital for Microsoft to analyze ways to improve their current risk management, compliance, and security practices. 

Now that employees have vast access to organizational information and can collaborate and work in new ways, it has been necessary to provide measures that prevent outside data leaks and mitigate risks from inside the organization. Let us take an in-depth look at how great Security and Compliance is. 

What’s new, and what can you do with Security & Compliance?

  • Alerts

Use the alert features in the Security and Compliance Center to view and manage alerts for your organization. You can create automated, and manual alerts for anything ranging from a user being added in a group to specific permissions change on a site. With just alert polices, you can build on and expand the functionality of activity alerts by:
Categorizing the alert policy
    1. Applying the policy to all users in your organization
    2. Setting a threshold level for when an alert is triggered,
    3. Deciding whether to receive email notifications.

The fantastic thing about alert policies is that you are alerted of any suspicious and unusual activity in Office 365. After you’re informed, you can investigate potentially problematic situations and, if needed, take action to address security issues.

  • Data Loss Prevention and Classifications

Data Loss Prevention (DLP) policy in the Office 365 Security & Compliance Center, you can identify, monitor, and automatically protect sensitive information across your Office 365.

    • Identify sensitive information and setting classification labels.
      • Sensitivity labels are used to classify email messages, documents, sites, and more. When a label is applied (automatically or by the user), the content or site is protected based on the settings you choose.
      • Retention Labels also appear in your users’ app, such as Outlook, SharePoint, and OneDrive. When a label is applied to email or docs, the content is retained based on the settings you choose.
      • Sensitive Info Types can be used in security and compliance policies.
    • Prevent accidental sharing of sensitive information.
    • Monitor and protect sensitive information online and in desktop apps.
    • DLP reporting showing content that matches DLP policies

There are a lot of security gaps in which organizations can take advantage of Microsoft 365 security features. A feature that has been trending with its recent update has been Sensitivity labels. Users have used them more and more to secure highly confidential data in a specific team site, such as leadership team, acquisitions, HR policies. Also, you can add encryption to your document; this allows you to manage who can download, open, and especially restrict people who are not apart of the organization.

  • eDiscovery

eDiscovery is the process of identifying and delivering electronic information that can be used as evidence in legal cases. You can use eDiscovery tools in Microsoft 365 to search for content in Exchange Online mailboxes, Microsoft 365 Groups, Microsoft Teams,  SharePoint Online, and OneDrive for Business sites, and Skype for Business conversations and Yammer teams. Advanced eDiscovery features end-to-end workflow to preserve, collect, review, analyze, and export content that’s responsive to your organization’s internal and external investigations. Undertake legal cases, legal holds, and searches. 

eDiscovery

  • Reports / Dashboards

Reports Dashboard in the Security & Compliance Center to quickly access audit reports for your SharePoint Online and Exchange Online organizations. It is essentially a high-level view of everything that is going on in the tenant. This includes emails, Audit Log Reports, Azure AD Reports, Exchange Audit Reports, etc. You can customize these dashboards and define what gets displayed too.

security and compliance

  • Microsoft Secure Score

Microsoft Secure Score is in the new Compliance and Security center. So what this allows you to do is provide real-time security reports. Many organizations have to conduct periodic application security reports, and this is a great way to have an active reporting interface that allows you to discuss security vulnerabilities, updates, and progress on your tenant at any time. Ultimately, it is a representation of your organization’s security posture and your opportunity to improve it. Secure Score benefits organizations in these ways:

    • Report on the current state of the organization’s security posture.
    • Improve their security posture by providing discoverability, visibility, guidance, and control
    • Compare with benchmarks and establish key performance indicators (KPIs)

How meaningful is this Secure Score? 

So the secure score primarily works with a point system that separates both security and compliance and allows you to leverage an interface where Microsoft can give you recommendations on corrective actions to increase the safety in your tenant. So organizations can drill down into these suggested individual improvement actions by using the information Microsoft provides. They instruct you on how to complete those actions and, in many cases, will also link you to wherever you have to go to improve your score. The most meaningful part of Microsoft Secure Score is that it makes executives recognize that security is always a work-in-progress. It requires attentiveness, effort, and sophisticated tools to make sure security and compliance remain in order.

Many clients who never thought about going to the cloud are urgently entering in a hybrid manner or have already entered the cloud entirely. It is evident that once organizations take a good look at some of the functionality and advantages that Microsoft 365 provides, it is a no brainer. Microsoft 365 security and compliance features are significantly more secure than any on-premises SharePoint Server or file shares.

security and compliance

Do your Security and Compliance Need An Upgrade? 

Learn how to build a security perimeter from outside threats as well as manage any potential leaks from internal users. Feel free to contact us for any questions you may have around security and compliance, Microsoft 365, or your digital workplace.