Introduction to communication compliance
Communication compliance overview
In June of 2019, two employees of a major financial institution were suspended for violating company policy for the writing and forwarding of an email that harassed one of their coworkers. In this instance, a manager sent an email to their team with an inappropriate reference regarding one of their colleagues. The email was identified, and two employees suspended. One for writing the email, and another for forwarding it.
Code of conduct violations such as the one described above often slip through the cracks due to the proliferation of communications channels, increasing volume of data, the rise of regulatory enforcement, and a shortage of compliance experts to review content. Microsoft Purview Communication Compliance helps organizations address these challenges by leveraging machine learning to quickly identify and help you act on code of conduct policy violations in company communications channels, while also helping regulated organizations meet specific supervisory compliance requirements.
Communication compliance monitors outbound and inbound communication across Exchange email, Microsoft Teams chats and channels (including attachments), Skype for Business conversations and third-party platform communications such as Bloomberg, Facebook, and Twitter. It automatically detects, captures, and alerts reviewers of inappropriate communication across these channels based on policies you define. Pre-defined and custom policies allow you to scan communications for policy matches so they can be examined by designated reviewers. Reviewers can investigate scanned communications in your organization and take appropriate remediation actions to make sure they're compliant with your organization's messaging standards.
Watch the video below to learn more about Microsoft Purview Communication Compliance.
Note
This feature is a capability included with:
- Microsoft 365 E5
- Microsoft 365 E5 Compliance
- Microsoft 365 E5 Insider Risk Management
Please review Microsoft 365 licensing guidance for security & compliance to identify required licenses for your organization.
Scenarios for communication compliance
Communication compliance policies can help you detect and review communications in your organization to quickly identify and remediate violations in several common scenarios, such as:
- Corporate policies where you can scan employee communications in your organization for potential human resources concerns such as harassment or the use of inappropriate or offensive language.
- Risk management where you can scan messages in your organization for unauthorized communications about confidential projects such as upcoming acquisitions, mergers, earnings disclosures, reorganizations, or leadership team changes.
- Regulatory compliance when organizations are required to implement some type of supervisory or oversight process for messaging that is appropriate for their industry. The Financial Industry Regulatory Authority (FINRA) Rule 3110 is a good example of a requirement for organizations to have supervisory procedures in place to scan employee communications and the types of businesses in which it engages. Another example may be a need to review broker-dealer communications in your organization to safeguard against potential money laundering, insider trading, collusion, or bribery activities.
New enhancements
Microsoft Purview Communication Compliance is intended to fully replace Supervision policies in Microsoft 365. While it builds on the Supervision solution, communication compliance includes many new enhancements.
Intelligent and customizable templates enable you to apply machine learning to intelligently detect communication violations in your organization with the following improvements:
- Customizable pre-configured templates. Initial policy creation and follow-on updating are quicker with pre-defined anti-harassment and offensive language, sensitive information, and regulatory compliance templates.
- New machine learning support. Built-in (and custom) threat, harassment, and profanity classifiers help reduce false positives in scanned messages, which saves reviewers time during the investigation and remediation process.
- Improved condition builder. Configuring policy conditions is now streamlined into a single, integrated experience in the policy wizard, which minimizes confusion in how conditions are applied for policies.
Updated remediation workflows help you quickly take action on policy matches and includes new options to escalate messages to other reviewers and to send email notifications to users with policy matches. Other improvements include the following:
- Conversation threading: Messages are visually grouped by original message and all associated reply messages that provide better context during investigation and remediation actions.
- Keyword highlighting: Terms matching policy conditions are highlighted in the message text view to help reviewers quickly locate and remediate policy alerts.
- Exact and near duplicate detection: In addition to scanning for exact terms matching communication compliance policies, near duplicate detection groups textually similar terms and messages together to help speed up the review process.
- New filters: Message filters for fields including sender, recipient, date, domains, and many more, enable faster investigation and remediation of policy alerts.
- Improved message views: New message source, text, and annotation views enable quicker investigation and remediation actions. Message attachments are also viewable to provide complete context when taking remediation actions.
- User history view: Historical view of all user message remediation activities, such as past notifications and escalations for policy matches, now provides reviewers with more context during the remediation workflow process. First-time or repeat instances of policy matches for users are now archived and viewable.
Actionable insights
New interactive dashboards for alerts, policy matches, actions, and trends help you quickly view the status of pending and resolved alerts in your organization.
- Proactive intelligent alerts: Alerts for policy matches requiring immediate attention include new dashboards for pending items sorted by severity and new automatic email notifications sent to designated reviewers.
- Interactive dashboards: New dashboards display policy matches, pending and resolved actions, and trends by users and policy.
- Auditing support: A full log of policy and review activities can be easily exported from the Microsoft Purview compliance portal to help support audit review requests.
