What's new in Microsoft 365 compliance

Whether it be adding new solutions to the Microsoft 365 compliance center, updating existing features based on your feedback, or rolling out fresh and updated documentation, Microsoft 365 helps you stay on top of the ever-changing compliance landscape. Take a look below to see what’s new in Microsoft 365 compliance today.

Note

Some compliance features get rolled out at different speeds to our customers. If you aren't seeing a feature yet, try adding yourself to targeted release.

Tip

Interested in what's going on in other admin centers? Check out these articles:
What's new in the Microsoft 365 admin center
What's new in the SharePoint admin center
What's new in Microsoft 365 Defender

And visit the Microsoft 365 Roadmap to learn about Microsoft 365 features that were launched, are rolling out, are in development, have been cancelled, or previously released.

January 2021

Support for card content in Teams

The following Microsoft 365 compliance solutions now support the detection of card content generated through apps in Teams messages:

Information governance and records management

New assessment to address using information governance and records management to help meet compliance obligations for the New Zealand Public Records Act.

Sensitivity labels

  • Sensitivity labels are now supported for US Government tenants (GCC and GCC-H).
  • New automatic labeling support for macOS.

December 2020

Spotlight: New content for insider risk solutions

The Microsoft 365 compliance content team is hard at work creating ‘content solution’ docs to promote how compliance capabilities can be used together to help meet your compliance goals.

First up is content that ties together our insider risk solutions: communication compliance, insider risk management, information barriers, and privileged access management. Here’s a peek at what you’ll find:

More content solution docs coming soon!

Advanced eDiscovery

Improved workflow and functionality for adding custodians and non-custodial data sources to an Advanced eDiscovery case.

Data connectors

Four new Veritas connectors released: Redtail Speak, Salesforce Chatter, ServiceNow, and Yieldbroker.

Encryption

Introducing Customer Key for Microsoft 365 at the tenant level. Using keys you provide, you can create a data encryption policy (DEP) and assign it to the tenant. The DEP encrypts data across the tenant for these workloads:

  • Teams chat messages (1:1 chats, group chats, meeting chats and channel conversations)
  • Teams media messages (images, code snippets, videos, wiki images)
  • Teams call and meeting recordings stored in Teams storage
  • Teams chat notifications
  • Teams chat suggestions by Cortana
  • Teams status messages
  • User and signal information for Exchange Online

Records management

The Records Management admin role group now grants permissions for all records management features, including disposition review.

Sensitivity labels

November 2020

Just a reminder that we often release new and updated features in a preview state to learn how they're being used so we can hone and improve them before releasing to general availability. Your feedback is critical during preview (and beyond), so be sure to let us know what you think by opening the Feedback card at the bottom right of the compliance center.

feedback

Spotlight: Endpoint data loss prevention (DLP) released

Endpoint DLP extends the activity monitoring and protection capabilities of DLP to sensitive info on Windows 10 devices. After devices are onboarded to the Microsoft 365 compliance center, you can set up DLP policies to protect the sensitive info on those devices.

Advanced eDiscovery

To make it easier to manage encrypted content in the eDiscovery workflow, Microsoft 365 eDiscovery tools now incorporate decryption of encrypted files that are attached to email messages and sent in Exchange. Additionally, encrypted documents stored in SharePoint and OneDrive are decrypted in Advanced eDiscovery.

Compliance Manager

Data connectors

Five new Veritas connectors in preview. New connectors include Reuters Dealing, Reuters FX, CellTrust, XIP, generic MS SQL Database data.

Retention labels (disposition review)

To view items during a disposition review, users must now be members of the Content Explorer Content Viewer and Content Explorer List Viewer role groups. Although required to review items, these role groups aren’t necessary for completing the disposition review.

Sensitivity labels

  • (Preview) External sharing settings for SharePoint sites. When creating a label that will be used for groups and sites, you’ll see an option to control external sharing for SharePoint sites that have the label applied. You can specify that sharing is allowed for anyone, new and existing guests, existing guests only, or just users in your organization. When the label is applied, the label settings will replace any external sharing settings configured in the SharePoint admin center.
  • Remove label and encryption from a labeled document. To remove both a label and the encryption it enforces from a labeled document in SharePoint, global admins and SharePoint admins can run the new Unlock-SPOSensitivityLabelEncryptedFile cmdlet. This cmdlet runs even if the admin doesn't have access permissions to the site or file, or if the Azure Rights Management service is unavailable.

October 2020

Advanced eDiscovery

CJK language support. Advanced eDiscovery now supports double-byte character set languages, collectively known as CJK languages (includes Simplified Chinese, Traditional Chinese, Japanese, and Korean). These can be used in several advanced review set scenarios.

Sensitivity labels

  • Label scope. When creating a sensitivity label, you’ll see a new option to define the scope for the label. This option lets you configure labels just for files and emails, containers (like SharePoint sites and Teams), or both.
  • Dynamic content marking. When configuring content marking for a sensitivity label, you can now use the dynamic variables such as ${Item.Label} and ${Item.Location} in the text string for your header, footer, or watermark.

September 2020

Spotlight: Compliance Manager

Announced at Ignite this year, Compliance Score is rebranded as Compliance Manager. This release completes the transition from Compliance Manager’s previous home in the Service Trust Portal, and introduces an end-to-end compliance management solution in the Microsoft 365 compliance center.

Watch the video below to learn how Compliance Manager can help simplify how your organization manages compliance.

Advanced Audit

  • New 10-year retention of audit logs helps support long running investigations and respond to regulatory, legal, and internal obligations.
  • Three new crucial events. The following new events can help you investigate possible breaches and determine the scope of compromise: Send, SearchQueryInitiatedExchange, and SearchQueryInitiatedSharePoint.

Communication compliance

  • Updated role groups. Communication compliance role groups now match the role group structure available for the insider risk management solution.
  • Reports dashboard. Your central location for viewing all communication compliance reports. Report widgets provide a quick view of insights most commonly needed for an overall assessment of the status of communication compliance activities.
  • Power Automate flows. Set up flows to automate tasks for alerts and users, notify managers when users trigger an alerts, and more.
  • ‘Improve classification’ remediation action. Alerts containing items that match trainable classifiers might benefit from feedback to help minimize false positives in your organization. The Improve classification option lets you provide feedback whether detected items match the classifier configured in the related communication compliance policy. You can even suggest other classifiers to associate with the item to improve match accuracy for future alerts.

Data connectors

  • New third-party data connectors. 25 new data connectors, including 14 connectors from Veritas and 8 from Telemessage.
  • Physical badging connector. Import physical badging data, such as employee’s raw physical access events or any physical access alarms generated by your organization's badging system. Examples include entries to buildings, server rooms, or data centers. Physical badging data can be used by the insider risk management solution to help protect your organization from malicious activity or data theft inside your organization.

Insider risk management

  • Microsoft Teams integration. When Teams integration is turned on in insider risk settings, you can coordinate and collaborate with other stakeholders in Teams on tasks like securely sharing and storing data related to individual cases, tracking and reviewing response activities from analysts and investigators, and more.
  • Power Automate flows. Set up flows to automate important tasks for cases and users, such as retrieving user, alert, and case info to share with stakeholders and other apps, automating actions like posting to case notes, and more.
  • Activity explorer. Available when reviewing alerts, activity explorer provides investigators and analysts with a comprehensive analytic tool for drilling down into each alert. Quickly review a timeline of detected risky activity and identify and filter all risk activities associated with alerts.

Retention policies and retention labels

  • Support for Yammer. You can now use retention policies to retain and delete Yammer community messages and private messages.
  • Apply labels to Teams meetings recordings. When creating an auto-labeling policy, use the keyword query editor to identify Teams meeting recordings that are stored in users' OneDrive accounts or in SharePoint.

Records management

Support for regulatory records. Classifying a label as a regulatory record increases the restrictions placed on content to which the label is applied and limits the available management actions for the label itself. For example, after it’s applied to content, nobody, not even a global admin, can remove the label. Learn more about which actions are allowed and blocked for regulatory records.

Sensitivity labels

Support for US Government customers. Sensitivity labels are now supported for GCC, GCC High, and DoD customers, only for the Azure Information Protection unified labeling client and scanner.

Trainable classifiers

New retraining and feedback capabilities helps improve accuracy and minimize false positive matches for all custom classifiers and some pre-trained classifiers. This flow lets you provide feedback on whether items match certain classifiers, suggest other classifiers to associate with items, and retrain classifiers to refine and improve match accuracy.

This new capability is included in the following features:

Note

For all features, if you provide at least 30 feedback responses, we'll create a retrained version of that classifier that you can review. If there's improvement, you can republish the classifier.

  • Trainable classifiers. To improve the accuracy of your published classifiers, you can provide feedback on whether the detected items match the classifier.
  • Communication compliance. The new Improve classification remediation action lets you provide feedback whether an item from a communication compliance alert matches the classifier configured in the communication compliance policy.
  • Content explorer. If you set up a retention auto-labeling policy to automatically apply labels to email messages that match trainable classifiers, you can use content explorer to review the labeled items and provide feedback whether the items match the classifier.

August 2020

Spotlight: Insider risk and communication compliance updates

Several new and improved features hit public preview this month:

Insider risk management

  • Check out our six new policy templates:

    • Data leaks by priority users
    • Data leaks by disgruntled users
    • General security policy violations
    • Security policy violations by departing users
    • Security policy violations by priority users
    • Security policy violations by disgruntled users
  • Integration with Microsoft Defender for Endpoint allows you to import and filter Microsoft Defender for Endpoint alerts for activities detected by policies created from the new security violation policy templates. There’s also a related insider risk setting where you can choose to import security alerts to insider risk management based on the Microsoft Defender for Endpoint alert triage status.

    Note

    To take advantage of Microsoft Defender for Endpoint integration (including the new security policy violation templates), you'll need to have Microsoft Defender for Endpoint configured in your organization. You’ll also need to enable Microsoft Defender for Endpoint for insider risk management integration by configuring advanced features in Microsoft Defender for Endpoint.

  • Customize indicator thresholds when creating a policy.

  • Set up priority user groups to define users in your organization whose activity requires closer inspection based on factors such as their position, level of access to sensitive information, or risk history.

  • Use Office 365 Management Activity APIs to export insider risk alert details to other applications your organization might use to manage or aggregate insider risk data.

  • New domain settings help you define and control risk levels for activity in specific domains.

Communication compliance

  • When reviewing messages in an alert, you can now remove inappropriate messages in Microsoft Teams channels, 1:1, and group chats. Removed messages and content are replaced with a policy tip that explains that it was removed due to sensitive content.
  • New communication roles (these will also be included in new communication compliance role groups releasing in September).
  • New communication compliance settings experience that includes settings for privacy and notice templates.
  • New classifiers to help detect adult, racy, and gory images.
  • New ‘Pattern detected’ notification that appears when reviewing messages in an alert lets you know about reoccurring instances of the same behavior by a user.

Sensitivity labels

  • For US Government tenants (GCC, GCC-H, and DoD), sensitivity labels are currently supported only for the Azure Information Protection unified labeling client and scanner. For more information, see Azure Information Protection Premium Government Service Description.
  • You can now use Security & Compliance Center PowerShell to create and configure all settings you see in your labeling admin center. This means that, in addition to using PowerShell for settings that aren't available in the labeling admin centers, you can now fully script the creation and maintenance of sensitivity labels and sensitivity label policies.

Records management: Content overhaul

New docs covering deployment steps, marking content as records, and record versioning:

Retention labels & policies

Retention-related admin activity is now recorded and available to review in the audit log. For the full list, see Retention policy and retention label activities.

Advanced eDiscovery