Earlier this month, Microsoft announced a number of new features to their Office 365 suite. This includes the exciting addition of new machine learning for information governance across Office 365.

Trainable Classifiers

Specifically, Microsoft are adding trainable classifiers to their Security and Compliance Centre. With trainable classifiers you have the ability to intelligently and automatically classify your content and records, and work with retention labels to automatically label content and trigger your retention and disposal policies.

Unlike pattern matching, trainable classifiers do not look at metadata and keywords, but instead use machine learning to identify what an item actually is. It does this by analysing hundreds of examples of a type of content (such as an invoice), which you provide it with. From there you can test the classifier by inputting matching and non-matching examples of the content and confirming whether it classifies them correctly. As is the case with machine learning, over time the classifier will improve how accurately it can classify content as it analyses more and more content types. It should also be noted that right now, trainable classifiers are not able to interpret languages other than English and cannot interpret encrypted content.

To make it easier for organisations to get started, Microsoft have developed a number of out-of-the-box classifiers. This includes resume, source code, offensive language, harassment, profanity and threats. Although these classifiers are already trained, it’s important to test its accuracy on a sample of organisational content before implementing it.

Although Microsoft have released documentation for this feature, trainable classifiers are not yet available to the general public. Another important addition that Microsoft have announced that will soon be available to the general public is insider risk management in Office 365.

 Insider Risk Management in Office 365

With so much information being shared between staff throughout Office 365, one of the major priorities for organisations is how to manage the potential data risks associated with this, while still encouraging collaboration and promoting user privacy. Microsoft have addressed this with their new Insider Risk Management (IRM) tool.

One of the major challenges of managing insider risks is how organisations can analyse such a large volume of user activity. To overcome this, IRM leverages artificial intelligence and machine learning to analyse large volumes of signals in order to quickly and easily identify internal risks and policy violations. Specifically, IRM utilises Microsoft Graph and other services to obtain real-time file activity, communications and user behaviour across Office 365, Windows and Azure.

Within the Microsoft 365 centre you will see a dashboard that summarises the individual insider risks to your organisation. To get started you need to ensure you have your insider risk policies defined. To make this easy, Microsoft provides a set of out-of-the-box “playbooks” for common insider risks, such as ‘departing employee data theft’. From there you can add the users that apply to this policy and then define what content is most important for that particular policy such as a specific SharePoint site or Teams channel. You then can choose from a set of predefined indicators that trigger the policy violation.

Once your policies are in place you can begin monitoring potential insider risks. For privacy purposes you can anonymise all users, which also helps prevent potential bias from reviewers. Under the alerts tab you will see a list of alerts as well as summary statistics on the average time taken to resolve different levels of security threats, which can be used to track the performance of your review team.

The screenshot below shows a common type of alert. In this case, a user has downloaded a number of files from SharePoint that contain sensitive information (based on classification labels), copied some of those files to a USB, printed them and then handed in their resignation shortly after. A reviewer can then choose to confirm the suspicion to create a case out of it or dismiss it.

Under the user activity tab, you see a curated view of cases of risky behaviour. As seen in the screenshot below, when you click a case you are presented with graphs that show the current risk level and a risk level history for the user. This includes past cases that have been closed that can help reviewers form their opinion on whether the activity is malicious or not. The reviewer can then decide whether they want to escalate the violation for further investigation.

Managing and Monitoring Communications

Microsoft have also announced the upcoming release of the Communication Compliance tool, which helps organisation’s address code of conduct policy violations within their internal communications as well assists organisation’s in heavily regulated industries meet specific compliance requirements.  

The Communication Compliance tool leverages machine learning to analyse communications across different Office 365 apps including Teams and Exchange Online, and then flag potential violations. Once a violation is flagged a designated reviewer will be automatically notified so they can act on it.

Microsoft have made it easy for organisations to begin monitoring code of conduct violations by creating three out-of-the-box learning models to get you started. These learning models allow you to identify profanities, threats of physical violence and harassment.

Moreover, Microsoft have also added new capabilities to its Advanced eDiscovery, for monitoring and preserving communications within Microsoft Teams chat.

Specifically, with Advanced eDiscovery for Teams you have conversation reconstruction capabilities, meaning you can run targeted searches that identify relevant messages which are displayed in a conversation view so you can see the whole context of the message. This means you will not need to run multiple searches to try and understand the context of a message. It also makes it easier to review messages as you can annotate, tag and redact message from inside the conversion view. After identifying relevant messages, you can export them as part of their full conversation. The export will contain any metadata unique to each message such as the sender and the time sent.

The Future of Records and Information Management with Machine Learning and AI

With the new announcements made at this year’s Ignite Conference, Microsoft is showing that it is continuing to expand its capabilities in how it empowers organisations to manage and control their information. The idea of being able to automate large parts of records and information management by leveraging machine learning and artificial intelligence has been spoken about in the industry for many years but only now are software providers and organisations starting to make significant inroads into this new world.

With the soon to be released trainable classifiers, Microsoft have made it possible to automate the classification of content and work with retention labels to automatically trigger retention and disposal schedules; all within the Office 365 Security and Compliance Centre. In another example of the significant inroads being made into the world of machine learning and artificial intelligence, the Australian Human Rights Commission recently partnered with RecordPoint in order to implement AI and machine learning technologies to automatically classify records. The initial results show that individual records were classified with an accuracy of 80%.

These advancements show that leveraging machine learning and AI to automate records and information management processes is no longer a pipe dream but an inevitability. It’s imperative for records and information management professionals to recognise this and embrace these emerging technologies.

To learn more about machine learning and AI across Office 365 Security and Compliance and traditional eDRMS, speak to one of our consultants.