Skip to content

New Compliance and Risk Dashboard in Office 365

03/08/2020

As is already known, with Microsoft 365 or EMS 365 licenses several security features are enabled. I have already addressed one of them who is Compliance Manager at http://www.marcelosincic.com.br/post/LGPD-disponivel-no-painel-de-Compliance-do-Office-365.aspx

In addition to this panel we have two more that are very interesting, the first one treated here is the Compliance and Risks Panel. This panel allows a management area to create rules monitoring policies.

This means that in addition to the DLP rules already existing in the Office 365 configuration panel ( https://protection.office.com ) we have this other panel.

The difference is that the protection panel creates the rules with several actions blocking the sending of emails and documents with confidential data.

The risk panel, on the other hand, serves to generate data without creating reprisals or blockages, that is, for the risk area to be able to measure data that is traveling regardless of whether the corporation has a specific DLP rule for blocking.

Opening the Dashboard

The Risks panel is at https://compliance.microsoft.com/insiderriskmgmt and when opened it is already possible to see alerts, general security scores, compliance with rules, etc:

painel1

The score on Office 365 panels is important, since from them we know the rules of a standard and what to do to adapt to it and be closer to a 100% safe environment:

Painel2

Creating an example rule

To create rules you can use the menu on the side and in the example below I show how I created a rule to warn me about various actions that may indicate a data leak.

For example, when users share a SharePoint site with someone outside, it is one of these possible indications. It is also possible to link the DLP rules that you have already created in Office 365, avoiding duplication of settings if the corporate rule is implemented:

t1

t2

Note that it is possible above to choose the different risk protection templates, each one will present data that will be monitored. In my example I used Data Leak and chose All Users , after enabling the pre-configured items:

t4

Conclusion

This new panel will greatly help companies that have a separate Governance department from the one that manages IT, allowing them to have a view of the risks in the company without the need for administrative access.

Some items are additional and need configuration, for example the HR data requires a connector.

For more details see the links below:

https://docs.microsoft.com/en-us/microsoft-365/compliance/insider-risk-management-policies
https://docs.microsoft.com/en-us/microsoft-365/compliance/import-hr-data

From → office 365, Security

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: