Events
Take the Microsoft Learn Challenge
Nov 19, 11 PM - Jan 10, 11 PM
Ignite Edition - Build skills in Microsoft security products and earn a digital badge by January 10!
Register nowThis browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Important
Microsoft Purview Communication Compliance provides the tools to help organizations detect regulatory compliance (for example, SEC or FINRA) and business conduct violations such as sensitive or confidential information, harassing or threatening language, and sharing of adult content. Built with privacy by design, usernames are pseudonymized by default, role-based access controls are built in, investigators are opted in by an admin, and audit logs are in place to help ensure user-level privacy.
Microsoft Purview Communication Compliance is an insider risk solution that helps minimize communication risks by helping you detect, capture, and act on potentially inappropriate messages in your organization. Pre-defined and custom policies allow you to check internal and external communications for policy matches so they can be examined by designated reviewers. Reviewers can investigate email, Microsoft Teams, Microsoft 365 Copilot and Microsoft Copilot, Viva Engage, or third-party communications in your organization and take appropriate actions to make sure they're compliant with your organization's message standards.
Communication compliance policies in Microsoft 365 help you overcome many modern challenges associated with compliance and internal and external communications, including:
Additionally, there may be a separation of duties between your IT admins and your compliance management team. Communication compliance supports the separation between configuration of policies and the investigation and review of messages. For example, the IT group for your organization may be responsible for setting up communication compliance role permissions, groups, and policies and investigators and reviewers may be responsible for message triage, review, and mitigation actions.
For more information and an overview of the planning process to address compliance and risky activities in your organization, see Starting an insider risk management program.
Watch the video below to learn how to fulfill regulatory compliance requirements with communication compliance:
Important
Communication compliance is currently available in tenants hosted in geographical regions and countries supported by Azure service dependencies. To verify that communication compliance is supported for your organization, see Azure dependency availability by country/region.
Tip
If you're not an E5 customer, use the 90-day Microsoft Purview solutions trial to explore how additional Purview capabilities can help your organization manage data security and compliance needs. Start now at the Microsoft Purview trials hub. Learn details about signing up and trial terms.
Communication compliance policies can assist with reviewing messages in your organization in several important compliance areas:
Corporate policies
Users must comply with acceptable use, ethical standards, and other corporate policies in all their business-related communications. Communication compliance policies can detect policy matches and help you take corrective actions to help mitigate these types of incidents. For example, you could check user communications in your organization for human resources concerns such as harassment or the use of potentially inappropriate or offensive language.
Risk management
Organizations are responsible to all communications distributed throughout their infrastructure and corporate network systems. Using communication compliance policies to help identify and manage potential legal exposure and risk can help minimize risks before they can damage corporate operations. For example, you could check messages in your organization for unauthorized communications and conflicts of interest about confidential projects such as upcoming acquisitions, mergers, earnings disclosures, reorganizations, or leadership team changes.
Regulatory compliance
Most organizations must comply with some type of regulatory compliance standards as part of their normal operating procedures. These regulations often require organizations to implement some type of scoping or oversight process for messaging that is appropriate for their industry. The Financial Industry Regulatory Authority (FINRA) Rule 3110 is a good example of a requirement for organizations to have scoping procedures in place to check user communications and the types of businesses in which it engages. Another example may be a need to review broker-dealer communications in your organization to safeguard against potential insider trading, collusion, or bribery activities. Communication compliance policies can help your organization meet these requirements by providing a process to both analyze and report on corporate communications. For more information on support for financial organizations, see Key compliance and security considerations for US banking and capital markets.
Communication compliance offers several important features to help address compliance concerns on your messaging platforms:
Intelligent customizable templates in communication compliance allow you to apply machine learning to intelligently detect communication violations in your organization.
Built-in remediation workflows allow you to quickly identify and take action on messages with policy matches in your organization. The following new features increase efficiency for investigation and remediation activities:
New interactive dashboards for alerts, policy matches, actions, and trends help you quickly view the status of pending and resolved alerts in your organization.
Communication compliance policies check, detect, and capture messages across several communication channels to help you quickly review and remediate compliance issues:
To learn more about messaging channel support in communication compliance policies, see Detect channel signals with communication compliance.
Watch the video below to learn how to detect communication risks in Microsoft Teams with communication compliance:
When users experience employment stressors, they may engage in risky activities. Workplace stress can lead to uncharacteristic or malicious behavior by some users that could surface as potentially inappropriate behavior on your organization's messaging systems. Counterproductive work behavior can be a pre-cursor to more serious violations, such as sabotaging company assets or leaking sensitive information. By integrating communication compliance with Microsoft Purview Insider Risk Management, you can detect for stressors that indicate an unhealthy workplace environment.
Learn more about integrating communication compliance with insider risk management
Whether you're setting up communication compliance for the first time or getting started with creating new policies, the new recommended actions experience can help you get the most out of communication compliance capabilities. Recommended actions include setting up permissions, creating distribution groups, creating policies, and more.
Communication compliance helps you address common pain points associated with complying with internal policies and regulatory compliance requirements. With focused policy templates and a flexible workflow, you can use actionable insights to quickly resolve detected compliance issues.
Before you create a policy, you can decide whether you want to apply an adaptive scope. For more information, see Adaptive policy scopes for compliance solutions. If you decide to create an adaptive policy, you must create one or more adaptive scopes before you create your policy, and then select them during the create new policy process. For instructions, see Configuration information for adaptive scopes.
Identifying and resolving compliance issues with communication compliance uses the following workflow:
In this workflow step, you identify your compliance requirements and configure applicable communication compliance policies. Policy templates are a great way to not only quickly configure a new compliance policy, but to also quickly modify and update policies as your requirements change. For example, you may want to quickly test a policy for potentially inappropriate content on communications for a small group of users before configuring a policy for all users in your organization.
Important
By default Global Administrators do not have access to communication compliance features. To enable permissions for communication compliance features, see Make communication compliance available in your organization.
You can choose from the following policy templates in the Microsoft Purview compliance portal:
Tip
Use recommended actions to help you determine if you need a sensitive information type policy or if you need to update existing inappropriate content policies.
In this step, you can look deeper into the issues detected as matching your communication compliance policies. This step includes the following actions available in the Microsoft Purview compliance portal:
The next step is to remediate communication compliance issues you've investigated using the following options:
Keeping track and mitigating compliance issues identified by communication compliance policies spans the entire workflow process. As alerts are generated and investigation and remediation actions are implemented, existing policies may need review and updates, and new policies may need to be created.
For the latest Ignite videos for communication compliance, see the following:
For a quick overview of communication compliance, see the Detect workplace harassment and respond with Communication Compliance video on the Microsoft Mechanics channel.
Check out how TD Securities is using communication compliance to address their regulatory obligations and meet their security and stability needs.
Check out the Microsoft Mechanics video on how insider risk management and communication compliance work together to help minimize data risks from users in your organization.
To keep up with the latest communication compliance updates, select What's new in the Communication Compliance solution for your organization.
Events
Take the Microsoft Learn Challenge
Nov 19, 11 PM - Jan 10, 11 PM
Ignite Edition - Build skills in Microsoft security products and earn a digital badge by January 10!
Register nowTraining
Module
Prepare Microsoft Purview Communication Compliance - Training
Microsoft Purview Communication Compliance is a solution that helps organizations address code-of-conduct policy violations in company communications, while also assisting organizations in regulated industries meet specific supervisory compliance requirements. Communication Compliance uses machine learning to intelligently detect violations across different communication channels such as Microsoft Teams, Exchange Online, or Yammer messages.
Certification
Microsoft Certified: Information Protection and Compliance Administrator Associate - Certifications
Demonstrate the fundamentals of data security, lifecycle management, information security, and compliance to protect a Microsoft 365 deployment.