M365 Compliance Center Flashcards
What is Microsoft Compliance Center?
A central location for all your compliance tools and settings
Who can access the Compliance Center?
Global Admin
Compliance Admin
Compliance Data Admin
What is the Compliance Manager?
A tool to help admins manage compliance requirements
What are the features of Compliance Manager?
- Pre-built assessments for common industry and regional standards
- Custom assessments
- Step-by-step guidance to help achieve compliance
- Compliance score
What is a Compliance score?
A quick way to understand your compliance posture. It helps prioritise actions based on potential to reduce risk.
How do you improve your compliance score?
By resolving key improvement actions. The bigger the compliance impact the higher your score gets.
What is MIP?
Microsoft Information Protection (MIP) a collection of features with M365 compliance to help you discover, classify and protect sensitive information wherever it lives or travels.
What does Know Your Data mean?
Understanding your data landscape and identify important data across your hybrid environment.
What does Protect Your Data mean?
Applying flexible protection actions that include encryption, access restriction and visual markings.
What does Prevent Data Loss mean?
Detect risky behaviour and prevent accidental oversharing of sensitive information.
What does Govern Your Data mean?
Automatically retain, delete and store, data and records in a compliant manner.
What is MIG?
Microsoft Information Governance (MIG) is a collection of features to govern your data for compliance or regulations.
What is MIG for?
Giving organizations the capability to govern their data for compliance or regulatory requirements.
What is MIP for?
Providing organizations the tools to know and protect their data, and prevent data loss.
What is DLP?
Data loss prevention (DLP) is a set of tools to identify sensitive data from being shared (credit card numbers for example).
Can you create custom sensitive information for DLP?
Yes.
Where does the sensitive information DLP identify come from?
A range of M365 services including:
- Exchange Online
- SharePoint Online
- OneDrive for Business
- Microsoft Team (including chat & channel messages)
How does DLP work?
By blocking shared sensitive content from others’ view whilst informing the sharer that their message/email/etc was blocked.
Can DLP be contested?
Yes, but only by the sharer. They have to click on the ‘What can I do?’ in the blocked message and provide a justification for the contestation.
What is retention policies?
A way to effectively manage information in a organization.
Why would you use retention policies?
To keep data that’s needed to comply with your organization’s internal policies, industry regulations, or legal needs, and to delete data that’s considered a liability, that is no longer required to keep or has no legal or business value.
What services does retention policies work with?
- SharePoint Online
- OneDrive for Business
- Microsoft Teams
- Microsoft 365 Groups
What is RM?
Records management (RM) is the supervision and administration of digital or paper records, regardless of format.
What activities RM include?
The creation, receipt, maintenance, use and disposal of records.
What is the difference between Retention Policies and RM?
While RM leverages Rentention Policies, they perform differently.
Retention labels keep a copy of the content hidden from the user (but they can still delete/modify content from the UI), but RM blocks actions in the UI.
Can regulatory records be removed from content?
No.
What is Data Classification?
Is a feature in M365 that lets you monitor and configure tools for data classification.
What are the three features you can configure in Data classification?
- Trainable classifiers
- Sensitive Information Types
- Exact Data Matches
What are Trainable classifiers?
A tool you train to recognize various types of content.
Microsoft provides 5 pre-built classifiers out of the box, but you can make your own.
What are Sensitive Information types?
Pattern-based classifiers to detect sensitive information (credit card, etc.)
Microsoft offers 200+ built in from around the world and you can also create your own.
Where would you use Trainable Classifiers?
In Retention policies, Sensitivity labels and/or Communication compliance.
Where would you use Sensitive Information Types?
Data Loss Prevention policies Sensitivity labels Retention labels Insider risk management Communication compliance
What is Exact Data Match?
Exact Data Match (EDM)-based classification allows you to create custom sensitive information types based on exact data values rather than a pattern.
Where would you use Exact Data Match?
Data Loss Policies
What is the content explorer?
The content explorer is a tool that provides a snapshot of items that have a -
Sensitivity Label
Retention Label
Classified as sensitive information
It also allows you to natively view items so you can their content and why they were classified in a certain way.
What is the activity explorer?
A tool that lets you monitor what’s being done with your labelled content.
What actions can you view with the activity explorer?
Read
Deletion
Printed
Copied to network share/USB
