What is Communication Compliance in Microsoft Purview?
Microsoft Purview Communication Compliance is a solution designed to help organizations detect, capture, and act on inappropriate messages that could lead to potential data security or compliance breaches.
Detection and capture of inappropriate messages
Communication Compliance uses machine learning and artificial intelligence to detect messages that may contain harassment, threats, sensitive information, or other inappropriate content. This includes:
Offensive and harassing language : Identifies messages with offensive or harassing content.
Sharing of sensitive information : Detects sharing of confidential data such as personal information or trade secrets.
Inappropriate Images : Captures and flags images that contain adult, violent, or other inappropriate content.
Flexible remediation workflows
When inappropriate messages are detected, Communication Compliance offers flexible workflows to handle the situation:
Automatic notification : Notifies relevant parties, such as HR or the security team, of potential breaches.
Action on messages : Provides the ability to remove inappropriate messages from, for example, Microsoft Teams, or send warnings to users about their behavior.
Custom policies : Organizations can create their own policies and workflows based on specific needs and requirements.
Built-in privacy
Communication Compliance is designed with privacy in mind:
Pseudonymization : Usernames are pseudonymized by default to protect the identity of users.
Role-based access control : Only authorized individuals have access to sensitive data, based on their role in the organization.
Audit logs : All actions are logged to ensure traceability and compliance with privacy regulations.
Multi-platform support
Communication Compliance can evaluate messages from a variety of platforms:
Microsoft Teams : Monitors messages in Teams channels, private channels, and 1:1 or group chats.
Outlook : Analyzes email communications to detect inappropriate content.
Third-party apps : Also supports messaging from apps like WhatsApp, Slack, and others.
Examples of using Communication Compliance
Detect and address harassment : A business can use Communication Compliance to detect messages that contain harassing language. For example, if an employee sends a message with derogatory comments to a colleague via Microsoft Teams, the tool will be able to catch this and alert the HR department, who can take necessary action to protect the employee and maintain a safe work environment.
Secure sensitive information sharing : A financial institution can use Communication Compliance to detect and alert about the sharing of sensitive information, such as personal information or confidential corporate data. For example, if an employee at a Norwegian bank branch accidentally sends an email containing a customer’s personal information to the wrong recipient, the tool can catch this and prevent the information from spreading outside the organization.
Comply with regulatory requirements : For companies subject to strict regulatory requirements, such as healthcare organizations, Communication Compliance can help ensure that all communications comply with relevant laws and regulations. For example, if an employee in a healthcare organization shares patient information via an unsecured channel, the tool can detect this and alert the security team, who can take the necessary measures to protect patient privacy.
Copilot interactions: Creates a policy to detect requests and responses in Microsoft 365 Copilot that contain sensitive data.
This policy template uses two trainable classifiers, "Prompt Shields" and "Protected Materials". You can also choose to add other pre-defined trainable classifiers.
https://learn.microsoft.com/en-us/purview/trainable-classifiers-definitions
Inappropriate Images: Creates a policy used to detect inappropriate images. This policy can also include other sources outside of Microsoft, such as Slack.
When setting up the policy, you choose whether it is inbound (sent from external to internal), outbound (sent from internal to external) and/or internal (internal sending). In the example policy, I have checked all the options and added two classifiers that detect "adult images" and "racy images"
You can choose how many % of the hits you want to review, from 100% to 0% (based on random selection). In addition, you can choose to filter out emails that typically come as newsletters, etc.
In summary, Communication compliance may not be that relevant in Norwegian companies, aside from the opportunity that lies under "user-reported messages" and "copilot interactions" with Prompt Shields and Protected Materials classifiers.
User-reported messages is a separate policy template that allows end users to report inappropriate messages, posts or emails. It is important to note that Communication Compliance never deletes messages, all messages are sent to a "reviewer". If you want to delete the message before it is sent and/or received, DLP policies must be configured.
Bjørnar&AI
Comments