Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Microsoft 365 Security and Compliance for Administrators

You're reading from   Microsoft 365 Security and Compliance for Administrators A definitive guide to planning, implementing, and maintaining Microsoft 365 security posture

Arrow left icon
Product type Paperback
Published in Mar 2024
Publisher Packt
ISBN-13 9781837638376
Length 432 pages
Edition 1st Edition
Tools
Arrow right icon
Authors (2):
Arrow left icon
Sasha Kranjac Sasha Kranjac
Author Profile Icon Sasha Kranjac
Sasha Kranjac
Omar Kudović Omar Kudović
Author Profile Icon Omar Kudović
Omar Kudović
Arrow right icon
View More author details
Toc

Table of Contents (17) Chapters Close

Preface 1. Part 1:Introduction to Microsoft 365 FREE CHAPTER
2. Chapter 1: Getting Started with Microsoft 365 Security and Compliance 3. Chapter 2: The Role of Microsoft Entra ID in Microsoft 365 Security 4. Part 2: Microsoft 365 Security
5. Chapter 3: Microsoft Defender for Office 365 6. Chapter 4: Microsoft Defender for Endpoint 7. Chapter 5: Getting Started with Microsoft Purview 8. Chapter 6: Microsoft Defender for Cloud Apps 9. Chapter 7: Microsoft Defender Vulnerability Management 10. Chapter 8: Microsoft Defender for Identity 11. Part 3: Microsoft 365 Governance and Compliance
12. Chapter 9: Microsoft Purview Insider Risk Management 13. Chapter 10: Microsoft Purview Information Protection 14. Chapter 11: Understanding the Lifecycle of Auditing and Records 15. Index 16. Other Books You May Enjoy

Introduction to Microsoft 365 compliance

Microsoft provides a range of robust compliance and data governance solutions to assist organizations in effectively handling risks, safeguarding, governing sensitive data, and meeting regulatory obligations.

Microsoft 365 has thorough compliance and data governance solutions to protect valuable data across multiple clouds, applications, and endpoints while being able to detect and address significant risks within small and medium businesses and large enterprises. With these tools, compliance professionals are able to examine and address legal obligations using pertinent data, as well as evaluate compliance and address regulatory requirements.

The Microsoft Purview compliance portal is a central place for all compliance tools and organizational needs. It is available to users with one of the following roles: Global Administrator, Compliance Administrator, and Compliance Data Administrator:

Figure 1.2 – Microsoft Purview compliance portal

Figure 1.2 – Microsoft Purview compliance portal

Microsoft Purview is now the common prefix for Microsoft 365 compliance and risk management solutions, for protecting and governing sensitive data and addressing regulatory standards requirements.

Microsoft Purview Data Loss Prevention is a solution that detects and prevents sensitive organizational data loss via DLP policies across multiple locations, using deep content analysis:

  • Teams, Exchange, SharePoint, and OneDrive accounts and other Microsoft 365 services
  • Office applications such as Word, Excel, and PowerPoint
  • Windows 10, Windows 11, and macOS (three latest released versions) endpoints
  • Non-Microsoft cloud apps
  • On-premises file shares and on-premises SharePoint libraries
  • Power BI

Microsoft Purview Information Protection is an all-inclusive solution that enables organizations to do the following things:

  • Know their data or understand the data landscape, identify sensitive information types using trainable classifiers, custom regular expressions, or functions, and gain data classification information
  • Protect organizational data by applying sensitivity labels automatically, encrypting data end email messages, applying access restrictions, and using Customer Key
  • Prevent data loss through detecting risky behavior that is extended to endpoints and extend DLP monitoring on-premises and Teams
  • Govern data via automatic actions

Microsoft Purview has numerous components and features used for governance and compliance. Here, we have introduced and described some of the most important parts:

  • Data Lifecycle Management enables customers to retain content using event-based retention, for example, when employees are leaving the company, when their contract expires, or when the retention is tight to a product lifetime.
  • Message Encryption: By utilizing Advanced Message Encryption in Office 365, customers can effectively fulfill compliance requirements that necessitate enhanced control over external recipients and their ability to access encrypted emails. This feature empowers users to regulate sensitive emails shared outside the organization through automated policies, while also providing the capability to track these activities via access logs in the encrypted message portal.
  • Communication Compliance: Microsoft Purview Communication Compliance is a solution designed to mitigate communication risks originating from within your organization. It assists in identifying, capturing, and taking action on potentially inappropriate messages, enabling compliance personnel to proactively address any concerning communication incidents.
  • Customer Lockbox: With Customer Lockbox, you retain full control over your content, as Microsoft is unable to access it for service operations without your explicit consent. It involves you in the approval workflow utilized by Microsoft to guarantee that only authorized requests grant access to your content.
  • Microsoft Purview Audit: The audit feature within Microsoft Purview offers organizations enhanced visibility into a wide range of audited activities across various Microsoft 365 services. The audit functionality allows for comprehensive monitoring and tracking of different types of activities within the organization.
  • Compliance Manager: Microsoft Purview Compliance Manager is a component within the compliance portal of Microsoft Purview that assists in automating the evaluation and oversight of compliance throughout your multi-cloud environment, enabling you to efficiently assess and manage compliance requirements across multiple cloud platforms.
  • Customer Key: This helps you meet regulatory or compliance obligations for controlling root keys and provides extra protection against accessing data by unauthorized parties.
  • Insider Risk Management: Microsoft Purview Insider Risk Management is a compliance solution designed to mitigate internal risks by empowering you to identify, investigate, and take appropriate action against both malicious and unintentional activities occurring within your organization, aiding in proactively addressing potential threats originating from within the organization.
  • Information Barriers: To establish necessary restrictions to prevent unauthorized or undesired interactions within your organization, Microsoft Purview Information Barriers (IB) is a compliance solution that provides the capability to limit bidirectional communication and collaboration between groups and individual users.
  • eDiscovery: The eDiscovery feature presents a comprehensive workflow that covers the entire process of preserving, collecting, analyzing, reviewing, and exporting relevant content for internal and external investigations conducted by your organization. Furthermore, it provides legal teams with the ability to effectively manage the complete workflow for legal hold notifications and communication with custodians involved in a case.
lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime