Learn Intelligent Information Protection and Governance in Office 365
Need to have your sites and Teams re-certified soon? Watch our free webinar on-demand “Cloud Governance: Enforced Site & Team Recertification” for can’t-miss best practices.
Did you miss Microsoft Ignite: The Tour? We’ve got you covered! Browse the rest of our session recaps below:
- “Day in the Life” with Office 365 for Government Customers
- Overview of Microsoft Teams in GCC, GCC High and DOD
- How Government Agencies Are Using Microsoft Teams with GCC Support
- What’s New For Managing Office 365 Groups?
- A Glimpse at the Architecture of Microsoft Teams
Does your organization have a “keep everything” strategy? If so, you’re not alone. In the Ignite Tour session “Learn How to Harness Your Data Explosion with Intelligent Information Protection and Governance,” Microsoft went over best practices for data governance and protection within Office 365.
If there’s anything that this century has taught us, it’s that data and content are truly exploding throughout the digital state. It’s projected that 163 Zettabytes of data will be created each year by 2025.
While this is happening, the cost of compliance is also continuing to increase with approximately 200+ updates per day from 750 regulatory bodies.
Microsoft has been making records management, governance, and compliance strides within Office 365 and has concluded that governance and compliance tools can often be useless without the proper strategy. They have broken down their strategy into three stages:
- Assess risk.
- Protect sensitive data.
- Respond by leveraging AI.
As one of the presenters from Microsoft mentioned, “Office 365 is not a data management suite, it’s a productivity suite. Users should not be forced to classify or label data themselves.”
Microsoft has provided its Office 365 customers with out-of-the-box functionality to create labels for sensitive data governance. Data can automatically be classified and labeled via a text-based scan through one of Microsoft’s 70+ preset scans such as Social Security numbers or create your own custom search.
These labels can be used for the following three actions:
Need help effectively governing your Office 365 environment? Check out this article: Click To TweetEncryption
Automatically encrypt a file with a specific label, then have user access deleted after a set amount of time.
Content Marking
Microsoft’s Content Marking feature gives you the option to automatically add a watermark to content and control the footer or header within documents.
Retention & Deletion Policies
Organizations should have strict policies in place that are either org-wide, group-based, or location-specific. These policies should be dependent on the created date or last-modified date. Once the retention of certain content has been decided, that data will then be automatically deleted unless flagged otherwise. When creating these rules, it’s important to keep these three questions in mind:
- What do I have to keep?
- How long do I keep it?
- What happens after?
Supervise
After establishing your labels and rules, the natural next step is to supervise. This is an area that Microsoft has also targeted and worked closely on. Companies have been given the capability to monitor communications to meet regulatory compliance or internal policies using keywords, random sample percentages, and multiple communication modalities. You can see the actions people take when applying new or changing labels and report on exactly who took those actions.
To take it even further, they have what is called “Loan Office Monitoring” which gives someone permission to investigate an individual’s information. For example, if an end user is being examined, temporary permission can be granted to look through that end user’s mailbox, Microsoft Teams chat, etc.
This is an in-place review, meaning that zero copies are made and the monitoring happens in real-time behind the scenes.
As Microsoft expressed during this presentation, governance and compliance tools are often purchased before the consumer has crafted a clear strategy tailored to their specific needs, often resulting in wasted potential.
There are many questions to consider before and during the planning of your strategy, such as regulations, who and what needs to be governed, how to implement a solution, and so much more. If you want to learn more about Office 365 governance, you can find some handy resources below:
- 7 Crucial Office 365 Strategies to Contain Sprawl and Keep Data Safe (Webinar)
- What to Look for in a Powerful Office 365 Governance Tool (Blog Post)
- Office 365 Governance vs. SharePoint Governance (Blog Post)
- Survey: Office 365 Governance and Migration (eBook)
