Manage Viva Engage data compliance
As a Viva Engage admin, you can keep your users' Viva Engage posts appropriate and meet security and compliance requirements. You can set up alerts for content that matches keywords, set data retention policies, and if needed, view private content. You can also export data from Viva Engage.
Use keyword monitoring to detect sensitive or specific content for community and storyline conversations within Viva Engage.
Assign a verified admin to monitor, edit, and delete flagged posts
In the Viva Engage admin center, go to Content and security > Monitor Keywords. In the recipient field, enter an Entra ID-backed email address from the tenant to receive alerts on detected conversations.
Enter the words and phrases you want to monitor, each on their own line.
When a post in Viva Engage matches a keyword, the person listed in the recipient field receives an email. The subject of the email gives context on the monitored keyword along with the community/storyline conversation where it's detected in Engage.
The body of the email also provides further context on the detected conversation. Improvements to the email template and user experience include:
Public community or storyline conversations detected with keywords: the email body contains the conversation, and any associated replies along with the name of the community/storyline.
Private community conversations detected with keywords: the email provides a link to the conversation and the community where it's detected. Moderators can view the conversation by selecting the message link, and only community members have access to the conversation.
As part of our continued investment in security, we've added the following improvements to email notifications:
Viva Engage supports only Entra ID-backed email addresses within your tenant as email recipients. Consumer email addresses (such as Gmail) aren't supported. Unsupported email addresses receive a prompt to change to a compatible email address.
The keyword alert system doesn't detect Private messages between individuals. These messages are confidential and must be discovered through appropriate compliance solutions, such as e-discovery, when necessary.
For keyword matching, use regular expressions to match patterns.
Here are some examples of regular expressions commonly used for monitoring.
Purpose | Pattern | Matches |
---|---|---|
Word boundary | \bword\b | \btheme\b matches "theme" but not "themes" or "them" |
Credit cards | \b(?:\d[ ‐]*?){13,16}\b | 1234 5678 90123 1234 5678 9012 3456 1234‐5678‐9012‐3456 |
Social Security numbers | \b\d{3}[ -]\d{2}[ -]\d{4}\b | 123 45 6789 123‐45‐6789 |
Monitor group create | has created | Matthew has created the Easter Region Sales group. |
You can remove deleted data from the user's view. Engage preserves the deleted data for data export for the life of the tenant.
- In the Viva Engage admin center, go to Content and Security > Data Retention.
- Select Archive and save your changes.
This setting applies to your entire network.
To permanently remove already deleted data, use the workflow for general data protection regulation (GDPR) or the hard-delete API. Files uploaded through Engage and hosted in other Microsoft 365 resources (for example, SharePoint) are subject to the deletion policies of the hosting resource.
To permanently delete retained data in Viva Engage storage, export the data to identify the data you need to delete permanently. Write a custom PowerShell script to loop through the candidates for deletion using the REST API.
To permanently delete retained Viva Engage files saved in SharePoint, you must use data retention settings in Microsoft 365.
If you have a legal reason to view private messages, verified Engage admins can select to see them. For more information, see Monitor private content in Viva Engage.