Let’s face it, the traditional workplace as most of us have known it for many years has changed. Employees are now collaborating and connecting with each other in new ways. Likely, they have also developed new needs and desired ways to communicate with others both inside and outside the organization. Data could potential roam anywhere, including across devices, apps and a variety of services. This likely means your existing security and compliance processes and controls may need to adapt. Identifying and managing new security and compliance risks within your organization is critical to safeguarding your data and minimizing threats and risks.
Microsoft 365 offers a number of ways to help you analyze, manage and monitor your data, protect information, and minimize a variety of risks. Insider risks, those often associated with specific user events or activities, are one of the top concerns in the world of security and compliance today. These risks may include data theft by departing employees and data leaks of information outside your organization by accidental oversharing or even malicious intent. Protecting your organization against these risks can be challenging to identify and difficult to mitigate.
Microsoft 365 risk prevention features such as communication compliance, insider risk management, information barriers and privileged access management are built-in to many insider risk products and solutions and are designed to work together, using advanced service and 3rd-party indicators to help you quickly identify, triage, and act on risk activity.
Along with these risk prevention features, Microsoft also provides Information protection and governance services.
Microsoft Information Protection services will help you discover, classify, and protect sensitive information wherever it lives or travels. Capabilities provided allow you to identify, manage, protect and prevent the loss or accidental oversharing of important data across and/or beyond your environment.
For example, you can quickly and easily create communication compliance policies, using either pre-defined or custom templates, to identity offensive language, sensitive information, and regulatory compliance.
Microsoft Information Governance capabilities govern your data for compliance or regulatory requirements. This includes using tools designed to help you determine and manage what information you need to keep and/or delete. In this category of services you will find features such as retention policies and retention labels (you get to proactively decide whether to retain content, delete content, or both), an Import service to bulk-import your PST files to Exchange Online mailboxes, an archive solution to help you import, archive and apply compliance solutions to third-party data, etc.
If you have appropriate permissions and licensing, you can navigate the Microsoft Security and Compliance center or the new portals for Security and Compliance to get started with these services and more. You will also find information in these admin centers to help you discover how Microsoft rates your organization’s security posture (Secure Score) and your compliance posture (Compliance Score) and will even find some recommendations to help you increase your score in each area.
It’s no surprise that Microsoft puts a huge focus on their security and compliance products. They are constantly reviewing their provided/offered solutions to give organizations every ability to create and use a trusted, protected environment for both users and data. It is not unusual to see many new features added or existing features updated on a very regular basis. Microsoft does their best to help you stay on top of what’s happening in 365 (check out the Microsoft 365 roadmap), but you also need to keep yourself aware of how these changes affect your specific environment as well. For more information on Microsoft’s Compliance offerings, check out https://docs.microsoft.com/en-us/microsoft-365/compliance/?view=o365-worldwide.
If sifting through the mounds of documentation just feels too overwhelming and time consuming, consider getting some hands-on, instructor-led training. Check out the LRS Education Services course catalog (www.LrsEducationServices.com) for the many Microsoft 365 courses available.
If you are new to the world of cloud technologies and/or being a Microsoft 365 administrator, the following courses may appeal to you:
MS--900T01 - Microsoft 365 Fundamentals
MS--030T00 - Office 365 Administrator
If you have some experience and are looking specifically for more information on the security and compliance topics mentioned in this article, you may want to check out the MS-500T00 – Microsoft 365 Security Administration course.
We’d love to have you attend in person or virtually using our Virtual Training platform. And in case you didn’t know, however you choose to attend these courses, you may also receive a FREE Pearson Vue Certification exam voucher to get you moving down the road to certification (some restrictions apply)!
If you have any questions or would like more information regarding courses scheduled at LRS Education Services, please call 877.832.0688 ext: 1493 or email us at getsmart@LRS.com.
Penny Morgan, LRS Education Services
MCT, MCSA, MCITP, MCTS, MCSE, MCP
Microsoft 365 Certified: Fundamentals
Microsoft 365 Certified: Enterprise Administrator Expert
Microsoft 365 Certified: Security Administrator Associate
Microsoft 365 Certified: Messaging Administrator Associate
Microsoft 365 Certified: Teams Administrator Associate
Microsoft Certified: Azure Fundamentals
Microsoft Certified: Azure Administrator Associate