Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
How business conduct violations can help understand data security risks
Published Mar 13 2024 09:00 AM 3,093 Views
Microsoft

Recent statistics show that insider risks are a major concern for organizations, with 74% saying insider incidents have become more frequent[1]. These companies have a responsibility to protect business- critical data and to maintain a productive and positive work environment for employees. Balancing data security and employee empowerment can be difficult in today’s digital landscape. Employees must be protected from business conduct violations such as discriminatory language or hate speech, and sensitive data must be protected from leakage to external parties. Microsoft Purview Communication Compliance adds value to the process of investigation and response to Insider Risk Management while respecting the privacy of all users.

Communication Compliance leverages pre-built machine learning classifiers and sentiment analysis to understand user intent within everyday communication channels. Communication Compliance provides a dedicated policy that analyzes messages from various sources, including Copilot for Microsoft 365 interactions, Microsoft Teams, Viva Engage, emails, or non-Microsoft communications channels determined by the policies you choose to apply.

 

Communication Compliance can provide signals to identify communication-related risks and Insider Risk Management can now leverage these signals as indicators for customers’ deeper investigation. Insider Risk Management policies determine a risk score for an in-scope user, and Communication Compliance indicators can be configured to help identify scenarios where intervention might be required. Examples of Compliance Communication indicators configured by customers include inappropriate images, hateful language, or stock manipulation. Insider Risk Management and Communication Compliance are built with privacy by design; users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level .

 

Let us explore further how this integration of Communication Compliance indicators enriches Insider Risk Management.

 

Example - Uncovering risky communication and sharing 

Consider a scenario where a person exfiltrates an unusually large amount of sensitive data. Determining whether this action is inadvertent or intentional can be difficult. However, this new integration update within Purview makes Communication Compliance indicators available within Insider Risk Management, empowering risk teams to better differentiate intents. This is achieved by reviewing communication indicators alongside other user activities that can lead to potential incidents.

 

Figure 1: Enriching Insider Risk Management with risky communicationsFigure 1: Enriching Insider Risk Management with risky communications

We're also continually adding new capabilities to help organizations meet regulatory requirements. In this blog post, we are excited to announce the new features and enhancements for Communication Compliance.
• User scoping role-based-access
• Enhanced policy conditions
• Policy insights
• Enhanced remediation
• Schedule reports

 

New user scoping role-base access
Policies for managing Insider Risk Management across departments and geographic locations can differ due to internal organizational policies, preferences, and local regulations.

 

Communication Compliance undertakes this with the support of Microsoft Entra administrative units support. This introduces delegate management and remediation authority for different people in different regions or organization units with role-based access control (RBAC). For example, an enterprise operating in Germany can scope its German investigators to only review and investigate activities pertaining to German employees, and German administrators can create/manage policies for German users, specifically.

 

Figure 2: Assign Microsoft Entra administrative unit to a specific Communication Compliance policyFigure 2: Assign Microsoft Entra administrative unit to a specific Communication Compliance policy

Enhanced policy conditions
With the integration of communication compliance indicators, the three latest updates enhance policy conditions in Communication Compliance First, there are updated policy conditions to enable the detection of messages sent and received both to and from external email addresses. This can help identify specific instances of sensitive information being shared with external contacts.


The second enhancement is supporting more complex conditions in Communication Compliance with the inclusion of OR operator conditions. You can now create compound conditions with AND, OR, and NOT operators to achieve complex scenarios you want to detect for your unique compliance requirements. Lastly, we've introduced the ability to evaluate conditions before implementing them to make policy creation and updates seamlessly. Using sample messages, you can evaluate and test how your conditions will perform and gain valuable insights into how your conditions will perform in a real-world setting. This trial mode before deployment allows you to fine-tune your policies during evaluation and ensure they effectively align with your regulatory compliance obligations

 

Figure 3: New Communication Compliance condition builderFigure 3: New Communication Compliance condition builder

New policy insights

Microsoft Purview Communication Compliance is introducing the feature, a useful addition to Communication Compliance to provide real-time visibility into scanning progress and updates on parent items that meet policy conditions. Communication Compliance provides an easy view with two columns: the first column shows the number of scanned parent items in real-time, and the second column offers insight into parent items that meet policy conditions. This helps to ensure that you can stay updated on potential issues requiring attention and maintain control over policy compliance and data protection.

 

Figure 4: New Communication Compliance columns: messages scanned today and new pending itemsFigure 4: New Communication Compliance columns: messages scanned today and new pending items

Enhanced investigation and remediation experience

We are introducing two new enhancements to improve and accelerate triage workflows: custom tags and cross policy resolution. Custom tags allow investigators to create and use tags that fit their organization's requirements such as an “Escalated” tag. Cross policy resolution is a new setting that allows investigators to resolve every duplicate instance of a message across all Communication Compliance policies within their tenant with a single "resolve” action.

Figure 5: Leverage custom tags to remediate Communication Compliance policy matchesFigure 5: Leverage custom tags to remediate Communication Compliance policy matches

New schedule reports

The new schedule report feature in Communication Compliance enables you to schedule the of reports on a recurring basis, as well as on demand. All the exported reports for that policy will be available in the export tab. Additionally, you will receive email notifications when the report is being exported and a link to the export tab of the Communication Compliance policy. 

 

Figure 6: Schedule reports within Communication ComplianceFigure 6: Schedule reports within Communication Compliance

Ignite 2023 Announcements
Microsoft Ignite 2023 showcased exciting Communication Compliance advancements such as Copilot for Microsoft 365 integration, extending risk detection to prompted and generated Copilot content; Azure content safety AI, which classifies risky content (hateful, violent, sexual, or related to self-harm) and assigns severity scores for moderation prioritization. Other noteworthy announcements include Microsoft Teams meetings, detecting compliance violations in live transcripts, Communication Compliance Documents and Alert summaries with the Security Copilot, and reporting for inappropriate content within Viva Engage. For more details, visit our Ignite blog.

 

Get started
If you have a Microsoft 365 E3 or E5 license and want to experience Insider Risk Management, check out our E5 Purview trial. Learn more about Communication Compliance in our Microsoft technical documentation.

 

[1] 2023 Insider Threat Report 

Version history
Last update:
‎Mar 15 2024 11:00 AM
Updated by: