Compliance Flashcards
Describe the Service Trust Portal
https://servicetrust.microsoft.com/
Provides resources (Trust docs, whitepapers, audit reports) on msft security, privacy, compliance practices.
Describe Microsoft privacy principles.
- Control (you have control of your data)
- Transparency (about collection of data)
- Security (protect your data)
- Strong legal protections
- No content-based targeting
- Benefits to you (from any data collected)
Describe Microsoft 365 Compliance Center.
A dedicated workspace for your compliance admins. Contains tools to track and manage compliance (legal, regulatory, and organizational) requirements.
Available to Global Admin, Compliance Admin, and Compliance Data Admin roles.
The portal has Compliance Manager, Data Classification overview, Solutions, and Alerts.
(NB: now Purview)
Describe Compliance Manager and its key elements.
An e2e solution in Microsoft 365 Compliance Center for compliance admins to manage and track compliance activities.
- Compliance Score (aggregate measure of your overall compliance posture)
- Assessments (groupings of requirements using custom or prebuilt templates)
- Improvement Actions (guidance and support on actions to improve compliance posture.)
Describe data classification capabilities of M365
- Sensitive Info types (based on regex patterns or exact matches)
- Trainable classifiers (for business specific documents. Pretrained or custom.)
Describe the benefits of Content Explorer and Activity Explorer
Both are tabs in the Data Classification pane of the Compliance portal.
Content Explorer = for reading the contents of scanned files.
Activity Explorer = for seeing what has been done with labelled content. (e.g. file copied to network share, label changed)
Describe sensitivity labels and policies.
Document labels that are customizable, clear text and persistent.
They can be configured to enable encryption, mark, protect and classify documents, emails, etc.
Labels are published to users/groups through policies. Policies can also enforce settings e.g. mandatory labels.
Describe Data Loss Prevention (DLP)
DLP policies exist to protect sensitive information and prevent inadvertent disclosure.
DLP policies are configured by Conditions (IF), Actions (THEN), Locations (SCOPE).
Endpoint DLP for Devices, and DLP for Teams.
Describe Retention Policies and Retention Labels.
Policies = apply to a location, items in the location inherit the policy setting, but the policy doesn’t travel with the document if it is moved.
Labels = apply to the item, travels with the item, can by used to override a policy on a location.
Describe Records Management
Enables labelling content as a ‘record’. (when set up by admin, can be either manual or auto.)
Records have restrictions to block certain activities, activities are logged, proof of disposition is kept at the end of the retention period.
Describe insider risk management.
Solution to detect, investigate, and act on risky and malicious insider activities.
Workflow = Policy (conditions) -> Alerts -> Triage (cases) -> Investigate (integrated case dashboard) -> Action.
Describe communication compliance
Detect, capture, and remediate inappropriate messages in e.g. Teams, Exchange, or 3rd party comms apps.
Workflow (with cts Monitoring)= Configure policies -> Investigate -> Remediate
e.g. enforce corporate comms policies (offensive language), Risk Management (e.g. earnings disclosure), or regulatory compliance (insider trading etc)
Describe Information Barriers.
Restrict comms between groups to protect info or avoid conflicts of interest.
MS Teams information barriers.
Describe Azure Policy
- Definitions (JSON) for resources applied to a scope (resource, RG, Sub, MG)
- Evaluates (on change, or every 24hrs) if resources in scope are compliant with definition.
- Responses to evaluation depend on user specified effects (deny, alter, log, etc.)
Used in conjunction with RBAC (for users), Policies (for resources) can help achieve full scope control.
Describe the use of Azure Blueprints.
Declarative way to orchestrate the deployment of resources and other artifacts.
Includes: ARM templates, Role Assignments, Policy Assignments, Resource Groups.
