Investigate and remediate communication compliance alerts

Important

Microsoft Purview Communication Compliance provides the tools to help organizations detect regulatory compliance (for example, SEC or FINRA) and business conduct violations such as sensitive or confidential information, harassing or threatening language, and sharing of adult content. Built with privacy by design, usernames are pseudonymized by default, role-based access controls are built in, investigators are opted in by an admin, and audit logs are in place to help ensure user-level privacy.

After you've configured your communication compliance policies, you'll begin receiving alerts for message issues that match your policy conditions. To view and act on alerts, users must be assigned to the following permissions:

  • The Communication Compliance Analysts or the Communication Compliance Investigators role group
  • Reviewer in the policy that is associated with the alert

After you establish required permissions, use the following working instructions to investigate and remediate issues.

Tip

If you're not an E5 customer, use the 90-day Microsoft Purview solutions trial to explore how additional Purview capabilities can help your organization manage data security and compliance needs. Start now at the Microsoft Purview compliance portal trials hub. Learn details about signing up and trial terms.

Investigate policy matches and alerts

The first step in investigating issues detected by your policies is to review policy matches and alerts. There are several areas in the communication compliance area to help you quickly investigate policy matches and alerts:

  • Policies page: When you sign into the Microsoft Purview portal or the Microsoft Purview compliance portal using credentials for an admin account in your Microsoft 365 organization, select the Communication Compliance solution, and then select the Policies page. This page displays communication compliance policies configured for your Microsoft 365 organization and links to recommended policy templates.

    Each policy listed includes the following columns:

    • New pending today: Shows the number of policy matches for the current day. This value updates whenever you open the page. You can also select the Refresh button to get the latest count. At the end of the UTC day, the count resets to zero.
    • Total pending: The count of policy matches that need review. This value updates whenever you open the page. You can select the Refresh button to get the latest count. After refreshing, this number will match the number on the Pending tab.
    • Total resolved: The total number of resolved policy matches. This value updates whenever you open the page. You can select the Refresh button to get the latest count. After refreshing, this number will match the number on the Resolved tab.
    • Status: The status of the policy (Active or Deactivated).
    • Last modified: The date and Coordinated Universal Time (UTC) of the last policy modification.
    • Last policy scan: The UTC date for the last policy scan.

    To start remediation actions, select the policy associated with the alert to launch the Policy details page. From the Policy details page, you can review a summary of the activities, review and act on policy matches on the Pending tab, or review the history of closed policy matches on the Resolved tab. Learn more about remediation actions

  • Alerts page: Go to Communication compliance > Alerts to display the last 30 days of alerts grouped by policy matches. This view allows you to quickly see which communication compliance policies are generating the most alerts ordered by severity. An alert isn't the same thing as a policy match. An alert generally consists of multiple policy matches, not just one policy match. After the required number of policy matches is met for a particular alert, the alert is created and email is sent to the alert recipient.

  • Reports page: Go to Communication compliance > Reports to display communication compliance report widgets. Each widget provides an overview of communication compliance activities and statuses, including access to deeper insights about policy matches and remediation actions.

Tips for quickly reviewing policy matches on the Pending or Resolved tab

  • When you select a message to review on the Pending tab or the Resolved tab, the condition that caused the policy match is displayed in an alert message bar (yellow banner) at the top of the Source tab. This is a quick way to determine the condition or conditions that caused the policy match. If there are multiple conditions, select View all in the banner to see all the conditions that caused the policy match. At this time, only trainable classifiers and sensitive information types are highlighted as conditions in the yellow banner.

  • Sometimes it's useful to quickly review policy settings without opening a policy. For example, if you're testing multiple policies with different conditions, you might want to save time by reviewing conditions for each policy to determine risk before opening the policy. You can do this by selecting the Policy settings button Policy settings button, which opens a panel where you can view the policy settings. If you're a member of the Communication Compliance or Communication Compliance Admins role group, you can view and change settings from the panel. If you're a member of the Communication Compliance Investigators or Communication Compliance Analysts role group, you can view settings but you can't change them.

Using filters

The next step is to sort the messages so it's easier for you to investigate. From the Policy details page, communication compliance supports multi-level filtering for several message fields to help you quickly investigate and review messages with policy matches. Filtering is available for pending and resolved items for each configured policy. You can configure filter queries for a policy or configure and save custom and default filter queries for use in each specific policy. After configuring fields for a filter, you'll see the filter fields displayed on the top of the message queue that you can configure for specific filter values.

Key filters (the Body/Subject, Date, Sender, and Tags filters) are always displayed on the Pending and Resolved tabs to make it easy to access those filters.

For the Date filter, the date and time for events are listed in Coordinated Universal Time (UTC). When filtering messages for views, the requesting user's local date/time determines the results based on the conversion of the user's local date/time to UTC. For example, if a user in U.S. Pacific Daylight Time (PDT) filters a report from 8/30/2021 to 8/31/2021 at 00:00, the report includes messages from 8/30/2021 07:00 UTC to 8/31/2021 07:00 UTC. If the same user was in U.S. Eastern Daylight Time (EDT) when filtering at 00:00, the report includes messages from 8/30/2021 04:00 UTC to 8/31/2021 04:00 UTC.

Filter details

Communication compliance filters allow you to filter and sort messages for quicker investigation and remediation actions. Filtering is available on the Pending and Resolved tabs for each policy. To save a filter or filter set as a saved filter query, one or more values must be configured as filter selections.

The following table outlines filter details:

Filter Details
Body/Subject The message body or subject. You can use this filter to search for keywords or a keyword phrase in the body or subject of the message. The subject appears in the Subject column for email messages. For Teams messages, nothing appears in the Subject column.
Date The date the message was sent or received by a user in your organization. To filter for a single day, select a date range that starts with the day you want results for and end with the following day. For example, if you wanted to filter results for 9/20/2020, you would choose a filter date range of 9/20/2020-9/21/2020.
File class The class of the message based on the message type, either message or attachment.
Has attachment The attachment presence in the message.
Item class The source of the message based on the message type, email, Microsoft Teams chat, Bloomberg, etc. For more information, see Item Types and Message Classes.
Recipient domains The domain to which the message was sent; this is typically your Microsoft 365 subscription domain by default.
Recipient The user to which the message was sent. Note: The Recipient field includes recipients in the To and CC fields. BCC fields are not supported.
Sender The person who sent the message.
Sender domain The domain that sent the message.
Size The size of the message in KB.
Tags The tags assigned to a message, either Questionable, Compliant, or Noncompliant.
Language The detected language of text in the message. The message is classified according to the language of most the message text. For example, for a message containing both German and Italian text, but most text is German, the message is classified as German (DE). For a list of supported languages, see Learn about trainable classifiers.

You can also filter by more than one language. For example, to filter messages classified as German and Italian, enter 'DE,IT' (the two-digit language codes) in the Language filter search box. To view the detected language classification for a message, select a message, select View message details, and scroll to the EmailDetectedLanguage field.
Escalated To The user name of the person included as part of a message escalation action.
Classifiers The name of built-in and custom classifiers that apply to the message. Some examples include Targeted Harassment, Profanity, Threat, and more.

Configure a filter

Select the appropriate tab for the portal you're using. To learn more about the Microsoft Purview portal, see Microsoft Purview portal. To learn more about the Compliance portal, see Microsoft Purview compliance portal.

  1. Sign in to the Microsoft Purview portal using credentials for an admin account in your Microsoft 365 organization.

  2. Go to the Communication Compliance solution.

  3. Select Policies in the left navigation, and then select a policy to see policy matches (if any) for that policy.

  4. On the Policy page, select either the Pending or Resolved tab to display the items for filtering.

  5. Select the Filters button.

  6. Select one or more filter checkboxes, and then select Apply.

  7. To save the selected filters as a filter query, select the Save the query button after you've configured at least one filter value. Enter a name for the filter query, and then select Save. This filter is available to use for only this policy and is listed in the Saved filter queries section of the Filters page.

    Communication compliance filter detail buttons

Review and remediate policy matches and alerts

No matter where you start to review policy matches or alerts or the filtering you configure, the next step is to take remediation action. Start your remediation using the following workflow on the Policy or Alerts pages.

Examine the message basics

Sometimes it's obvious from the source or subject that a message can be immediately remediated. It may be that the message is spurious or incorrectly matched to a policy and it should be resolved as misclassified. To mark a message as misclassified, select the Resolve button, and then select the Item was misclassified button to share the misclassified content with Microsoft, immediately resolve the issue, and remove it from the Pending queue.

Note

The Misclassified buttons in the Resolve pane won't appear if the condition that caused the policy match is not based on a trainable classifer.

From the source or sender information, you may already know how the message should be routed or handled in these circumstances. Consider using the Tag as or Escalate buttons to assign a tag to applicable messages or to send messages to a designated reviewer.

Examine the message details

After reviewing the message basics, now you can open a message to examine the details and determine further remediation actions. Select a message to view the complete message header and body information. Several different options and views are available to help you decide the proper course of action:

  • Sentiment: Messages include a sentiment evaluation to help investigators quickly prioritize potentially riskier messages to address first. Messages are flagged as Positive, Negative, or Neutral sentiment and are powered by Azure Cognitive Service for Language. For some organizations, messages with Positive sentiment may be determined to be a lower priority, allowing reviewers to spend more time on other messages. The message sentiment is displayed in the Sentiment column and is enabled in the default view.

  • Attachments: This option allows you to examine Modern attachments that match policy conditions. Modern attachments content is extracted as text and is viewable on the Pending tab. For more information, see the Communication compliance feature reference.

  • Source: This view is the standard message view commonly seen in most web-based messaging platforms. The header information is formatted in the normal style and the message body supports imbedded graphic files and word-wrapped text. If optical character recognition (OCR) is enabled for the policy, images containing printed or handwritten text that match policy conditional are viewed as a child item for the associated message in this view.

  • Plain text: Text view that displays a line-numbered text-only view of the message and includes keyword highlighting in messages and attachments for sensitive info type terms, terms identified by built-in classifiers assigned to a policy, or for terms included in a dedicated keyword dictionary assigned to a policy. Keyword highlighting, which is currently available for English language only, can help direct you to the area of interest in long messages and attachments. In some cases, highlighted text might be only in attachments for messages matching policy conditions. Embedded files aren't displayed and the line numbering in this view is helpful for referencing pertinent details among multiple reviewers.

  • Conversation: This view, which is available for Teams chat messages, displays up to five messages before and after a message to help reviewers view the activity in the conversational context. Select Load more to load up to twenty messages before and after a message. To download messages, select Download conversation. This downloads an image file of everything you see in the user interface and also a .csv file of all the message metadata (UserId, UserName, and so on).

    The Conversation view context helps reviewers quickly evaluate messages and make more informed message resolution decisions. Real-time message additions to conversations are displayed, including all inline images, emojis, and stickers available in Teams. Image or text file attachments to messages aren't displayed. Notifications are automatically displayed for messages that have been edited or for messages that have been deleted from the Conversation window. When a message is resolved, the associated conversational messages aren't retained with the resolved message.

  • User history: User history view displays all other alerts generated by any communication compliance policy for the user sending the message.

  • Pattern detected notification: Many harassing and bullying actions over time involve reoccurring instances of the same behavior by a user. The Pattern detected notification is displayed in the message details and raises attention to the message. Detection of patterns is on a per-policy basis and evaluates behavior over the last 30 days when at least two messages are sent to the same recipient by a sender. Investigators and reviewers can use this notification to identify repeated behavior to evaluate the message as appropriate.

  • Translation: This view automatically converts message text to the language configured in the Displayed language setting in the Microsoft 365 subscription for each reviewer. This includes the text for the policy match and everything included in the conversation view (up to five messages before and five messages after the policy match). The Translation view helps broaden investigative support for organizations with multilingual users and eliminates the need for additional translation services outside of the communication compliance review process. Using Microsoft translation services, communication compliance automatically detects if the text is in a different language than the user's current system setting and displays alert message text accordingly. For a complete list of supported languages, see Microsoft Translator Languages. Languages listed in the Translator Language List are supported in the Translation view.

Decide on a remediation action

After reviewing message details, you can choose from several remediation actions:

  • Resolve: Selecting the Resolve button immediately removes the message from the Pending queue and no further action can be taken on the message. When you select Resolve, you close the message without further classification. You can also mark the message as misclassified if it was incorrectly generated by the alerting process and any trainable classifiers. All resolved messages are displayed in the Resolved tab.
  • Power Automate: Use a Power Automate flow to automate process tasks for a message. By default, communication compliance includes the Notify manager when a user has a communication compliance alert flow template that reviewers can use to automate the notification process for users with message alerts. For more information about creating and managing Power Automate flows in communication compliance, see the Step 5: Consider Power Automate flows section in this article.
  • Tag as: Tag the message as compliant, non-compliant, or as questionable as it relates to the policies and standards for your organization. Adding tags and tagging comments helps you micro-filter messages for escalations or as part of other internal review processes. After tagging is complete, you can also choose to resolve the message to move it out of the pending queue.
  • Notify: Use the Notify button to assign a custom notice template to the message and send a warning notice to the user. Choose the appropriate notice template configured in the Communication compliance settings area and select Send to email a reminder to the user that sent the message and to resolve the issue.
  • Escalate: Use the Escalate button to choose other people in your organization who should review the message. Choose from a list of reviewers configured in the communication compliance policy to send an email notification requesting additional review of the message. The selected reviewer can use a link in the email notification to go directly to items escalated to them for review.
  • Escalate for investigation: Use the Escalate for investigation button to create a new eDiscovery (Premium) case for single or multiple messages. Provide a name and notes for the new case. The custodian is automatically filled in for you. You don't need any additional permissions to manage the case. Creating a case doesn't resolve or create a new tag for the message. You can select a total of 100 messages when creating an eDiscovery (Premium) case during the remediation process. Messages in all communication channels included in communication compliance are supported. For example, you could select 50 Microsoft Teams chats, 25 Exchange Online email messages, and 25 Viva Engage messages when you open a new eDiscovery (Premium) case for a user.
  • Remove message in Teams: Use the Remove message in Teams button to block potentially inappropriate messages and content identified in messages from Microsoft Teams channels and 1:1 and group chats. This includes Teams chat messages reported by users and chat messages detected using machine-learning and classifier-based communication compliance policies. Removed messages and content are replaced with a policy tip that explains that it's blocked and the policy that applies to its removal from view. Recipients are provided a link in the policy tip to learn more about the applicable policy and the review process. The sender receives a policy tip for the blocked message and content but can review the details of the blocked message and content for context regarding the removal.

Review Microsoft Teams meetings transcripts

If you have deployed Microsoft Teams in your tenant, you can review Teams meetings transcripts (preview) for actionable alerts. Teams transcripts are automatically included if you choose Teams as a Microsoft 365 location when you create a custom policy or when you create a policy based on a template.

Scheduled meetings: Communication compliance ignores communication direction for Teams transcripts. If an individual is an invitee or present in a scheduled (non-recurring) meeting, all of the meeting content will be included, regardless of who says what in the meeting. This also helps in situations where a user is attending the meeting through a hub device in a conference room, since it's not always possible to tell whether an offending communication comes from an in-scope user. Since all meeting content is included, an investigator can review the recording of the meeting to determine if the offending communication was said by an in-scope user.

Recurring meetings: For recurring meetings, only the following users are evaluated:

  • Users who were invited to the meeting
  • Users identified by the transcript as having spoken during the meeting

Unscheduled meetings: For unscheduled meetings (Meet now meetings), only users who have been identified by the transcript as having spoken during the meeting are evaluated.

Requirements

To review Teams meeting transcripts, you must turn on meeting transcripts for the tenant, since meeting transcripts are not turned on by default. Learn more about turning on meeting transcripts for a tenant

Limitations

  • You can set one or more of the following policy conditions:

    • Content matches any of these classifiers
    • Content contains any of these sensitive info types
    • Message contains any of these words
    • Message contains none of these words

    Any other policy conditions are ignored. Learn more about conditional settings

    Note

    If you don't set any conditions, transcripts are captured for all meetings.

  • Only sensitive info types, keyword lists, and regulatory trainable classifiers are detected. Regulatory trainable classifiers include:

    Note

    All other classifiers, including business conduct classifiers, are not detected.

  • Ad-hoc (unscheduled) meetings are not captured.

  • External meetings are not captured if the meeting organizer is outside the tenant.

  • Meeting recordings started by an uninvited user are not captured.

Resolve an alert for a communication in a meeting transcript

After a policy is created, when a transcript is detected that contains offending content, an alert is triggered to bring the offending content and background context to the attention of an investigator.

To resolve an alert related to a meeting transcript:

  1. Select the Source tab, and then review the transcript for the offending content. The Source tab shows the entire transcript. When you select the Source tab, the transcript is automatically scrolled to the line that contains the policy match. The offensive keyword/phrase is highlighted.
  2. Use the Plain text tab to do a line-by-line review of the text, including start and stop times in relation to the overall meeting time. Text is captured 30 seconds before and after the offending communication.
  3. Select the Translation tab to review translations in up to eight languages for the Plain text tab. Messages in other languages are automatically converted to the display language of the reviewer.
  4. Select the User history tab to see a historical view of all user message remediation activities, such as past notifications and escalations for policy matches.
  5. Use the Resolve, Notify, Tag as, Escalate, and Escalate for investigation buttons to resolve the alert. To learn more about these buttons, see Decide on a remediation action.

Unresolve messages

When messages are resolved, they're removed from the Pending tab and displayed in the Resolved tab. Investigation and remediation actions aren't available for messages in the Resolved tab. However, there may be instances where you need to take additional action on a message that was mistakenly resolved or that needs further investigation after initial resolution. You can use the Unresolve command to move one or more messages from the Resolved tab back to the Pending tab.

Unresolve a message

Select the appropriate tab for the portal you're using. To learn more about the Microsoft Purview portal, see Microsoft Purview portal. To learn more about the Compliance portal, see Microsoft Purview compliance portal.

  1. Sign in to the Microsoft Purview portal using credentials for an admin account in your Microsoft 365 organization.
  2. Go to the Communication Compliance solution.
  3. Select Policies in the left navigation, and then select a policy that contains the resolved message to view the policy matches.
  4. Select the Resolved tab.
  5. On the Resolved tab, select one or more messages.
  6. On the command bar, select Unresolve.
  7. On the Unresolve item pane, add any applicable comments, and then select Save.
  8. Select the Pending tab to verify that the selected items are displayed.

Archive message details outside of communication compliance (optional)

You can export or download message details if you need to archive the messages in a separate storage solution. If you select one or more policy matches, and then select the Download button in the button bar above the list, the selected messages are automatically added to a .ZIP file that you can save in storage outside of Microsoft 365. The size limit for files downloaded by using the Download button is 3 MB.

Export a collection of message details that exceeds 3 MB in size

If you want to download messages that cumulatively exceed 3 MB in size, use the Export files button (displayed in the upper-right corner of the Policies page). For example, you might want to download policy matches each week for archiving purposes. The download size limit for the Export files command is 3 GB. The maximum number of items depends on whether you select documents (limit of 1,000 items) or users (limit of 50,000). Files are exported to a .ZIP file that you can then download. The .ZIP file contains all the message files as a well as a summary .TXT file that includes data for the following fields: Document, Doc ID, Custodian, Subject/title, File name, File type, Error, and Message.

You can either select the policy matches that you want to export, select the Export files button, and then select the list of documents or users you want to export, or you can select the Export files button, and then select the documents, users, and date ranges that you want to export. After you select the Export button, it will take a few minutes for the job to complete. You can check on the progress of the export by selecting Check progress in the Export started pane, or you can go to the Export tab to check on progress.

On the Exports tab, the export will either have a status of In progress or Ready to download. To download a file that has a Ready to download status, select the files batch in the Name list, and then select the Download export(s) button above the list.

Note

To include attachments in exported files, you must select them manually in the list of policy matches. They're not automatically included with their parent message file.

Consider Power Automate flows

Microsoft Power Automate is a workflow service that automates actions across applications and services. By using flows from templates or created manually, you can automate common tasks associated with these applications and services. When you enable Power Automate flows for communication compliance, you can automate important tasks for alerts and users. You can configure Power Automate flows to notify managers when users have communication compliance alerts and other applications.

Customers with Microsoft 365 subscriptions that include communication compliance don't need additional Power Automate licenses to use the recommended default communication compliance Power Automate template. The default template can be customized to support your organization and cover core communication compliance scenarios. If you choose to use premium Power Automate features in these templates, create a custom template using the Microsoft Purview connector, or use Power Automate templates for other compliance areas in Microsoft Purview, you may need additional Power Automate licenses.

Important

Are you receiving prompts for additional license validation when testing Power Automate flows? Your organization may not have received service updates for this preview feature yet. Updates are being deployed and all organizations with Microsoft 365 subscriptions that include communication compliance should have license support for flows created from the recommended Power Automate templates before October 30, 2020.

Communication compliance Power Automate.

The following Power Automate template is provided to customers to support process automation for communication compliance alerts:

  • Notify manager when a user has a communication compliance alert: Some organizations may need to have immediate management notification when a user has a communication compliance alert. When this flow is configured and selected, the manager for the case user is sent an email message with the following information about all alerts:
    • Applicable policy for the alert
    • Date/Time of the alert
    • Severity level of the alert

Create notice templates

You can create notice templates if you want to send users an email reminder notice for policy matches as part of the issue resolution process. Notices can only be sent to the user email address associated with the policy match that generated the specific alert for remediation. When selecting a notice template to apply to a policy violation as part of the remediation workflow, you can choose to accept the field values defined in the template or overwrite the fields as needed.

Notices templates are custom email templates where you can define the following message fields in the Communication compliance settings area:

Field Required Details
Template name Yes Friendly name for the notice template that you'll select in the notify workflow during remediation, supports text characters.
Sender address Yes Address of one or more users or groups that sent the message to the user with a policy match, selected from the Active Directory for your subscription.
CC and BCC addresses No Optional users or groups to be notified of the policy match, selected from the Active Directory for your subscription.
Subject Yes Information that appears in the subject line of the message, supports text characters.
Message body Yes Information that appears in the message body, supports text or HTML values.

HTML for notices

If you'd like to create more than a simple text-based email message for notifications, you can create a more detailed message by using HTML in the message body field of a notice template. The following example provides the message body format for a basic HTML-based email notification template:

<!DOCTYPE html>
<html>
    <body>
        <h2>Action Required: Contoso Employee Code of Conduct Policy Training</h2>
        <p>A recent message you've sent has generated a policy alert for the Contoso Employee <a href='https://www.contoso.com'>Code of Conduct Policy</a>.</p>
        <p>You are required to attend the Contoso Employee Code of Conduct <a href='https://www.contoso.com'>training</a> within the next 14 days. Please contact <a href='mailto:hr@contoso.com'>Human Resources</a> with any questions about this training request.</p>
        <p>Thank you,</p>
        <p><em>Human Resources</em></p>
    </body>
</html>

Note

HTML href attribute implementation in the communication compliance notification templates currently support only single quotation marks instead of double quotation marks for URL references.

Automate tasks for alerts and users with Microsoft Power Automate

To create a Power Automate flow from a recommended default template, use the Manage Power Automate flows option from the Automate button when working directly in an alert. To create a Power Automate flow with Manage Power Automate flows, you must be a member of at least one communication compliance role group.

Automate tasks

Select the appropriate tab for the portal you're using. To learn more about the Microsoft Purview portal, see Microsoft Purview portal. To learn more about the Compliance portal, see Microsoft Purview compliance portal.

  1. Sign in to the Microsoft Purview portal using credentials for an admin account in your Microsoft 365 organization.
  2. Go to the Communication Compliance solution.
  3. Select Policies in the left navigation, and then select the policy that includes the policy matches that you want review.
  4. Select the Pending tab, and select a policy match.
  5. Select Power Automate from the alert action menu.
  6. On the Power Automate page, select a default template from the Communication compliance templates you may like section on the page.
  7. The flow lists the embedded connections needed for the flow and displays if the connection statuses are available. If needed, update any connections that aren't displayed as available. Select Continue.
  8. By default, the recommended flows are preconfigured with the recommended communication compliance and Microsoft 365 service data fields required to complete the assigned task for the flow. If needed, customize the flow components by using the Show advanced options button and configuring the available properties for the flow component.
  9. If needed, add any additional steps to the flow by selecting the New step button. In most cases, this change shouldn't be needed for the recommended default templates.
  10. Select Save draft to save the flow for further configuration later, or select Save to complete the configuration for the flow.
  11. Select Close to return to the Power Automate flow page. The new template will be listed as a flow on the My flows tab and is automatically available from the Power Automate button for the user that created the flow when working with communication compliance alerts.

Share a Power Automate flow

By default, Power Automate flows created by a user are only available to that user. For other communication compliance users to have access and use a flow, the flow must be shared by the flow creator. To share a flow, use the Power Automate button when working directly in an alert.

To share a Power Automate flow, you must be a member of at least one communication compliance role group.

Share a flow

Select the appropriate tab for the portal you're using. To learn more about the Microsoft Purview portal, see Microsoft Purview portal. To learn more about the Compliance portal, see Microsoft Purview compliance portal.

  1. Sign in to the Microsoft Purview portal using credentials for an admin account in your Microsoft 365 organization.
  2. Go to the Communication Compliance solution.
  3. Select Policies in the left navigation, and then select the policy that contains the policy matches that you want to review.
  4. Select the Pending tab, and select a pending policy match.
  5. Select Power Automate from the alert action menu.
  6. On the Power Automate flows page, select the My flows or Team flows tab.
  7. Select the flow to share, then select Share from the Flow Options menu.
  8. On the flow sharing page, enter the name of the user or group you want to add as an owner for the flow.
  9. On the Connection Used dialog, select OK to acknowledge that the added user or group will have full access to the flow.

Edit a Power Automate flow

If you need to edit a flow, use the Power Automate button when working directly in an alert. To edit a Power Automate flow, you must be a member of at least one communication compliance role group.

Edit a flow

Select the appropriate tab for the portal you're using. To learn more about the Microsoft Purview portal, see Microsoft Purview portal. To learn more about the Compliance portal, see Microsoft Purview compliance portal.

  1. Sign in to the Microsoft Purview portal using credentials for an admin account in your Microsoft 365 organization.
  2. Go to the Communication Compliance solution.
  3. Select Policies in the left navigation, and then select the policy that contains the policy matches that you want to review.
  4. Select the Pending tab, and then select a pending policy match.
  5. Select Power Automate from the alert action menu.
  6. On the Power Automate flows page, select the flow to edit. Select Edit from the flow control menu.
  7. Select ellipsis > Settings to change a flow component setting or ellipsis > Delete to delete a flow component.
  8. Select Save, and then select Close when you've finished editing the flow.

Delete a Power Automate flow

If you need to delete a flow, use the Power Automate button when working directly in an alert. To delete a Power Automate flow, you must be a member of at least one communication compliance role group.

Delete a flow

Select the appropriate tab for the portal you're using. To learn more about the Microsoft Purview portal, see Microsoft Purview portal. To learn more about the Compliance portal, see Microsoft Purview compliance portal.

  1. Sign in to the Microsoft Purview portal using credentials for an admin account in your Microsoft 365 organization.
  2. Go to the Communication Compliance solution.
  3. Select Policies in the left navigation, and then select the policy that contains the policy matches that you want to review.
  4. Select the Pending tab, and select a pending policy match.
  5. Select Power Automate from the alert action menu.
  6. On the Power Automate flows page, select the flow that you want to delete. Select Delete from the flow control menu.
  7. On the deletion confirmation dialog, select Delete to remove the flow or select Cancel.