Microsoft Upgrades Office 365's Compliance Controls

Microsoft adds new features that help compliance officers in highly-regulated industries keep a tighter lid on sensitive information.

Office 365

In today's tech-obsessed workplaces, loose lips are giving way to freewheeling fingers. Sensitive business information can easily cross network boundaries with an ill-advised email, chat message or on a cloud file sharing service.

Helping businesses avoid the damage done by employees that are prone to spilling secrets, not to mention the regulatory scrutiny that may follow, Microsoft has officially released a new Supervision feature for its Office 365 Advanced Data Governance offering that is bundled with Office 365 Enterprise E5 or Advanced Compliance.

"Many organizations have the need to perform supervision of employee communications," explained Raman Kalyan, senior product marketing manager for Office 365 Security at Microsoft, in a blog post. "This need stems from internal security and compliance guidelines, or from regulatory bodies such as the Financial Industry Regulatory Authority (FINRA). In both cases, failure to have a demonstrable supervision process in place could potentially expose organizations to liability or severe penalties."

Compliance officers can use the Supervision feature, which covers inbound, outbound and internal communications, to set policies on whose communications require a second set of eyes and under which conditions. They can assign reviewee roles to individuals or groups of users, noted Kalyan. Conditions for triggering a review can include content size limits, searches and advanced keyword query language queries that are used to pinpoint information.

For businesses concerned that they may be springing data leaks in other places beyond their users' email accounts, Office 365 Advanced Data Governance's Supervision feature can also cast its net beyond the outbox. The service can monitor communications on other third-party communications streams, including Facebook, Twitter and Bloomberg, Kalyan added.

Meanwhile, Office 365 Advance eDiscovery, based on the 2015 acquisition of machine learning e-discovery specialist Equivio, gains new optical character recognition (OCR) capabilities. By extracting text from digital images and other objects contained in files, OCR will enable organizations to reduce the manual work required to thoroughly analyze image-based content, claims Microsoft.

The company also updated the Office 365 Security and Compliance dashboard, providing a unified case management experience for Advanced eDiscovery users. The new, more streamlined interface cuts the steps required to process cases and helps reduce potential human error, according to the company.

On the email security front, Microsoft is offering Office 365 administrators new reporting options, enabling them to monitor the effectiveness of their Exchange Online Protection and Advanced Threat Protection investments. Users can now view status reports on the potentially dangerous emails that the solutions detected and blocked. Further, if both Exchange Online Protection and Advanced Threat Protection determine that an email contains malware, it is automatically quarantined.

To prevent users from falling prey to malicious websites, Microsoft has added four new features to Advanced Threat Protection's Safe Links Policy engine.

Administrators can now block specific URLs using the new per-tenant block list capability or set Safe Links policies tailored to specific groups, divisions or individuals within an organization. Microsoft also increased the character limit for URLs and added an email wildcarding feature that saves time by allowing administrators to input partial domain and user handle names.

Pedro Hernandez

Pedro Hernandez

Pedro Hernandez is a contributor to eWEEK and the IT Business Edge Network, the network for technology professionals. Previously, he served as a managing editor for the Internet.com network of...