M365 Compliance Center

Question 1

What is Microsoft Compliance Center?

Answer 1

A central location for all your compliance tools and settings

Question 2

Who can access the Compliance Center?

Answer 2

Global Admin
Compliance Admin
Compliance Data Admin

Question 3

What is the Compliance Manager?

Answer 3

A tool to help admins manage compliance requirements

Question 4

What are the features of Compliance Manager?

Answer 4

• Pre-built assessments for common industry and regional standards
• Custom assessments
• Step-by-step guidance to help achieve compliance
• Compliance score

Question 5

What is a Compliance score?

Answer 5

A quick way to understand your compliance posture. It helps prioritise actions based on potential to reduce risk.

Question 6

How do you improve your compliance score?

Answer 6

By resolving key improvement actions. The bigger the compliance impact the higher your score gets.

Question 7

What is MIP?

Answer 7

Microsoft Information Protection (MIP) a collection of features with M365 compliance to help you discover, classify and protect sensitive information wherever it lives or travels.

Question 8

What does Know Your Data mean?

Answer 8

Understanding your data landscape and identify important data across your hybrid environment.

Question 9

What does Protect Your Data mean?

Answer 9

Applying flexible protection actions that include encryption, access restriction and visual markings.

Question 10

What does Prevent Data Loss mean?

Answer 10

Detect risky behaviour and prevent accidental oversharing of sensitive information.

Question 11

What does Govern Your Data mean?

Answer 11

Automatically retain, delete and store, data and records in a compliant manner.

Question 12

What is MIG?

Answer 12

Microsoft Information Governance (MIG) is a collection of features to govern your data for compliance or regulations.

Question 13

What is MIG for?

Answer 13

Giving organizations the capability to govern their data for compliance or regulatory requirements.

Question 14

What is MIP for?

Answer 14

Providing organizations the tools to know and protect their data, and prevent data loss.

Question 15

What is DLP?

Answer 15

Data loss prevention (DLP) is a set of tools to identify sensitive data from being shared (credit card numbers for example).

Question 16

Can you create custom sensitive information for DLP?

Answer 16

Yes.

Question 17

Where does the sensitive information DLP identify come from?

Answer 17

A range of M365 services including:

• Exchange Online
• SharePoint Online
• OneDrive for Business
• Microsoft Team (including chat & channel messages)

Question 18

How does DLP work?

Answer 18

By blocking shared sensitive content from others’ view whilst informing the sharer that their message/email/etc was blocked.

Question 19

Can DLP be contested?

Answer 19

Yes, but only by the sharer. They have to click on the ‘What can I do?’ in the blocked message and provide a justification for the contestation.

Question 20

What is retention policies?

Answer 20

A way to effectively manage information in a organization.

Question 21

Why would you use retention policies?

Answer 21

To keep data that’s needed to comply with your organization’s internal policies, industry regulations, or legal needs, and to delete data that’s considered a liability, that is no longer required to keep or has no legal or business value.

Question 22

What services does retention policies work with?

Answer 22

• SharePoint Online
• OneDrive for Business
• Microsoft Teams
• Microsoft 365 Groups

Question 23

What is RM?

Answer 23

Records management (RM) is the supervision and administration of digital or paper records, regardless of format.

Question 24

What activities RM include?

Answer 24

The creation, receipt, maintenance, use and disposal of records.

Question 25

What is the difference between Retention Policies and RM?

Answer 25

While RM leverages Rentention Policies, they perform differently.

Retention labels keep a copy of the content hidden from the user (but they can still delete/modify content from the UI), but RM blocks actions in the UI.

Question 26

Can regulatory records be removed from content?

Answer 26

No.

Question 27

What is Data Classification?

Answer 27

Is a feature in M365 that lets you monitor and configure tools for data classification.

Question 28

What are the three features you can configure in Data classification?

Answer 28

• Trainable classifiers
• Sensitive Information Types
• Exact Data Matches

Question 29

What are Trainable classifiers?

Answer 29

A tool you train to recognize various types of content.

Microsoft provides 5 pre-built classifiers out of the box, but you can make your own.

Question 30

What are Sensitive Information types?

Answer 30

Pattern-based classifiers to detect sensitive information (credit card, etc.)

Microsoft offers 200+ built in from around the world and you can also create your own.

Question 31

Where would you use Trainable Classifiers?

Answer 31

In Retention policies, Sensitivity labels and/or Communication compliance.

Question 32

Where would you use Sensitive Information Types?

Answer 32

Data Loss Prevention policies
Sensitivity labels
Retention labels
Insider risk management
Communication compliance

Question 33

What is Exact Data Match?

Answer 33

Exact Data Match (EDM)-based classification allows you to create custom sensitive information types based on exact data values rather than a pattern.

Question 34

Where would you use Exact Data Match?

Answer 34

Data Loss Policies

Question 35

What is the content explorer?

Answer 35

The content explorer is a tool that provides a snapshot of items that have a -

Sensitivity Label
Retention Label
Classified as sensitive information

It also allows you to natively view items so you can their content and why they were classified in a certain way.

Question 36

What is the activity explorer?

Answer 36

A tool that lets you monitor what’s being done with your labelled content.

Question 37

What actions can you view with the activity explorer?

Answer 37

Read
Deletion
Printed
Copied to network share/USB

Question 38

What is the Service Trust Portal (STP)?

Answer 38

The Service Trust Portal provides information, tools, and other resources about Microsoft security, privacy, and compliance practices. Sign in with your Microsoft cloud services account to access all the available documentation.

More information: https://docs.microsoft.com/en-gb/learn/modules/describe-compliance-management-capabilities-microsoft/2-describe-service-trust-portal

Question 39

What is Microsoft Purview?

Answer 39

The Microsoft Purview compliance portal brings together all of the tools and data that are needed to help understand and manage an organization’s compliance needs.

The compliance portal is available to customers with a Microsoft 365 SKU with one of the following roles:

• Global administrator
• Compliance administrator
• Compliance data administrator

Question 40

What are sensitivity labels and policies?

Answer 40

Sensitivity labels, available as part of information protection in the Microsoft Purview compliance portal, enable the labeling and protection of content, without affecting productivity and collaboration. With sensitivity labels, organizations can decide on labels to apply to content such as emails and documents, much like different stamps are applied to physical documents:

Labels are:

Customizable: Admins can create different categories specific to the organization, such as Personal, Public, Confidential, and Highly Confidential.
Clear text: Because each label is stored in clear text in the content’s metadata, third-party apps and services can read it and then apply their own protective actions, if necessary.
Persistent. After you apply a sensitivity label to content, the label is stored in the metadata of that email or document. The label then moves with the content, including the protection settings, and this data becomes the basis for applying and enforcing policies.

Question 41

What are sensitivity label policies?

Answer 41

After sensitivity labels are created, they need to be published to make them available to people and services in the organization. Sensitivity labels are published to users or groups through label policies. Sensitivity labels will then appear in Office apps for those users and groups. The sensitivity labels can be applied to documents and emails. Label policies enable admins to:

1) Choose the users and groups that can see labels. Labels can be published to specific users, distribution groups, Microsoft 365 groups in Azure Active Directory, and more.
2) Apply a default label to all new emails and documents that the specified users and groups create. Users can always change the default label if they believe the document or email has been mislabeled.
3) Require justifications for label changes. If a user wants to remove a label or replace it, admins can require the user to provide a valid justification to complete the action. The user will be prompted to provide an explanation for why the label should be changed.
4) Require users to apply a label (mandatory labeling). It ensures a label is applied before users can save their documents, send emails, or create new sites or groups.
5) Link users to custom help pages. It helps users to understand what the different labels mean and how they should be used.

Question 42

What is a retention labels and policies?

Answer 42

Retention labels and policies help organizations to manage and govern information by ensuring content is kept only for a required time, and then permanently deleted. A retention label is applied to an item, only one label can be applied and travels with the item.

Retention policies are used to assign the same retention settings to content at a site level or mailbox level.
A single policy can be applied to multiple locations, or to specific locations or users.
Items inherit the retention settings from their container specified in the retention policy. If a policy is configured to keep content, and an item is then moved outside that container, a copy of the item is kept in the workload’s secured location. However, the retention settings don’t travel with the content in its new location.