Regulatory Compliance with Microsoft 365
Some of the main regulatory compliance standards include:
PCI-DSS — Payment Card Industry Data Security Standard
HIPAA — Health Insurance Portability and Accountability Act
GDPR — General Data Protection Regulation
Microsoft has identified four main action items that you need to enact to comply with these types of regulatory rules.
* Know your data
* Protect your data
* Prevent data loss
* Govern your data
Microsoft 365 has several tools that are designed to address these action items and enable your business to comply with various regulatory requirements. Let’s have a closer look at some of the tools in Microsoft 365 that can help with regulatory compliance.
Microsoft 365 Compliance Centre
The Microsoft 365 Compliance Centre provides a centralised dashboard to help you manage your organisation’s compliance requirements all in one place. It provides an eDiscovery feature that helps you to know your data. It can be used to search, identify, locate, and retrieve records for various legal and other compliance requirements. You can also use it to export content from SharePoint sites, Exchange mailboxes, and OneDrive locations.
Microsoft Compliance Manager is a feature in the Microsoft 365 Compliance Centre that helps you manage your organisation’s compliance requirements by taking inventory of your data protection risks and presenting an overall scorecard showing your current compliance rating. The Microsoft Compliance Manager provides an overview of several categories like protecting information, governing information, controlling access, managing devices, protecting against threats, and more. An alerts card provides a summary of the active Microsoft 365 alerts.
A data governance centre allows users to import email from external platforms, create archive mailboxes, and establish new policies to retain email and other content. The Microsoft 365 Compliance Centre is available to all Microsoft 365 customers.
https://www.microsoft.com/en-gb/security/business/compliance/compliance-management
Built-in data protection and data loss tools
For data protection, Microsoft 365’s OneDrive and SharePoint provide an online recycle bin and file versioning capabilities. The Recycle Bin allows you to undelete individual files as well as the entire contents of the OneDrive. Typically, items are kept for 93 days. The versioning feature maintains five hundred previous versions of your files.
To prevent email data loss, Exchange Online includes Exchange Online Protection (EOP), which protects against spam and malware. EOP scans emails and it can detect phishing and malware infected messages. EOP provides inbound and outbound malware and spam filtering as well as multi-layered malware protection that can defend against malware for Windows, Linux, and the Mac.
Multi-Geo protection
Another data protection technology that Microsoft 365 brings to the table is its Multi-Geo capabilities. Microsoft Teams, Exchange Online, OneDrive, SharePoint Online, and Microsoft 365 Groups can enhance business continuity and disaster recovery by automatically replicating data across multiple geographic regions.
Importantly, Microsoft 365 Multi-Geo capabilities need to be used in conjunction with Microsoft 365 backup solutions that geo-distributed backup storage, otherwise the data residency regulations may be violated.
Backup tools and compliance
Third-party backup solutions can complete the compliance picture by providing data discovery and archiving capabilities. Backup solutions can provide long term data retention policies fulfilling your regulatory and compliance requirements.