In today’s workplace where so many organizations have shifted to the cloud, security sometimes gets neglected. One of the reasons for this could be how complex and cumbersome security management can be, especially with large enterprises. From a security admin perspective, it’s hard to make sure that correct permissions are granted to users for compliance and security. However, these challenges can be overcome, and effective and efficient security management can be achieved with the Office 365 Security and Compliance center. In this post, let’s see how it can help organizations—specifically the security team and compliance admins—in securing data.
What is the Office 365 Security and Compliance Center?
Understanding the value of the Office 365 Security and Compliance Center and knowing how it functions is necessary to maximize its benefits to the organization. It’s an admin center that can help in monitoring and granting the correct access and permissions to users, thus helping the organization to protect their critical data by limiting access.
This admin center also allows you to grant permission to people who perform compliance tasks such as data loss prevention, device management, retention, and more. They’ll only be allowed to do tasks they are assigned to or permitted to do. It was also designed to allow admins to manage compliance features across Office 365 in the organization.
How Do You Get to the Admin Center?
A user needs to have a global administrator role or be a member of one or more Security & Compliance Center role groups to be able to access the Office 365 Security and Compliance Center. However, in a recent update from Microsoft, there are now separate centers for security and compliance that will replace the older model. You can directly go to the security center for your security needs or visit the compliance center for compliance-related needs. See the homepage of the new Security Center below.
Although there are new centers separately for security and compliance respectively, the main function of granting permissions will still be the same. It’s important to know the different permissions and how you can use and assign them to users. Security and Compliance permissions are based on role-based access control (RBAC) which is also used in many areas of Office 365 such as Exchange. Let’s dig deeper into how these permissions work.
Permissions, Roles, and Role Groups
A permission is the ability to do actions such as viewing or configuring certain data. Having one or more permissions grants someone a role, which is the access required to perform a certain task. Meanwhile, a role group is a set of roles that lets users do their tasks across the Security & Compliance Center.
You may refer to the diagram below to know how these entities relate to each other. Imagine giving permission to your users one by one. What a nightmare, right? This is the function of roles and role groups; by granting users these, you can just add them to the appropriate groups to inherit the permission of that group. There are included default role groups in the center for the most common tasks and functions that you’ll need to assign users to. You can just add users to be a member to these default role groups.
Here are some typical Office 365 Security and Compliance Center roles. One role may be part of many role groups. See this link for the complete list of the roles.
Audit Logs allow users to view audit reports and then export them to a file.
The Device Management role allows users to view and edit settings and reports for device management features.
Retention Management allows users to manage retention policies, retention labels, and retention label policies.
On the other hand, here are some of the common default role groups that you can utilize in the Office 365 Security and Compliance Center. See the complete list of the role groups here.
Communication Compliance provides permission to all the communication compliance roles such as administrator and analyst.
Global Reader gives members read-only access to reports and can see all the configurations and settings.
Records Management allows members to configure all areas of records management including retention labels and more.
For you to access the Permissions tab in the admin center you first need to be an admin that specifically has a Role Management role under the Organization Management role group. Once you have the right access, you will be able to view, create and modify role groups.
Select the role group where you want to add the user in then Edit it.
Go to Members and add the user you are looking for. It’s best to double-check the members you are adding.
Click OK to confirm and to save changes.
Ideally, you should always grant the most restricted permissions to users until they are more familiar with the Security and Compliance Center. It’s not ideal to provide too many editing and deleting permissions to users as it increases the risk of data leaks. However, do not restrict users to read-only groups if they need access to accomplish their tasks; it’s best to have permissions balanced among users.
The main function of configuring the Office 365 Security and Compliance Center is to have secure and safe data governance. These permissions, roles, and role groups are a great help in ensuring that your organizational data is safe and compliant.
Adrian is currently a member of AvePoint's project management team. In his previous role as a Content Marketing specialist at AvePoint, Adrian covered the latest trends and topics on what’s new in technology, SaaS Management & Governance, SaaS Backup and Data Management.