Your go-to source for everything records management, eDRMS, Office 365, TRIM/Content Manager, RecordPoint, AvePoint, and EncompaaS related.
An Overview of the New Microsoft Security and Compliance Center
The new Microsoft Security and Compliance Center was launched for general availability in May 2019, offering up a new and exciting suite of tools for organisations. Currently, these centers are available to users who have a Microsoft 365 subscription – not to be confused with an Office 365 subscription. We have given an in-depth overview of the Office 365 Security and Compliance Center in a previous blog post.
The new Microsoft Security and Compliance Center aims to address the separation that currently exists within many organisations who view and manage their security and compliance as two separate areas of data protection. Microsoft does this by offering two specialised workplaces; the Microsoft 365 Security Center and the Microsoft 365 Compliance Center, which provide organisations with the ability to centrally manage their security and compliance requirements across their Microsoft 365 services, including Office 365, Windows 10, Azure Active Directory and Enterprise Mobility and Security Suite.
Additionally, Microsoft has released updates which includes records management improvements, advanced eDiscovery enhancements and data sensitivity labelling capabilities across the different Office 365 apps. Improvements have also been made to security and compliance alerts as well as the ability to supervise and monitor communication channels including email and Microsoft Teams.
Microsoft 365 Compliance Center
The new Microsoft Compliance Center is broken down into three components; assess, protect and respond.
The assess section of the main dashboard presents a graphical overview of how well your organisation is meeting its data protection and compliance obligations across your Microsoft Cloud services. You have a number of cards visible on the dashboard, including the compliance manager which gives your organisation an overall score on current compliance based on existing policies and regulations.
Microsoft has also provided a card that shows a checklist of steps needed to be actioned to meet compliance goals. This simplifies the process for organisations trying to understand what the initial steps are, to put them on track to compliance. This includes creating retention policies and creating labels to classify information and govern data lifecycles. Moreover, you will be able to see information on apps that aren’t compliant as well as data about individual users and their file sharing behaviours.
The protect section provides organisations with the ability to automatically classify and protect sensitive data and information across different apps, devices and cloud services. This includes a visual overview of retention and sensitivity labels that have been applied to content within different locations such as SharePoint and Microsoft Exchange. With Microsoft’s Compliance Center you have the ability to apply retention and sensitivity labels to content automatically when the content meets specific conditions or enable individuals within your organisation to manually label content.
On the main dashboard you will also see a high-level overview of your Data Loss Prevention (DLP) policies as well as see what third party apps outside of Microsoft Services which have been granted privileged access to your organisation’s data.
Outside of the main dashboard you also have a supervision menu tab, which allows organisations to define policies that capture communications in channels such as Microsoft Outlook, Teams and Exchange. These policies can then be reviewed by internal or external reviewers to determine whether they comply with the organisation’s internal policies, and be subsequently classified.
Microsoft 365 Security Center
The new Microsoft Security Center has a similar look and feel to the Compliance Center, and is broken down into two components; prevent and detect.
In the Prevent section, the first thing that is displayed on the dashboard is the Microsoft Secure Score. Microsoft has changed how the secure score is calculated by combining different categories beyond just Office 365. Specifically, these are identity, data, device, apps and infrastructure.
When clicking on the Microsoft Secure Score, you are presented with a more detailed dashboard that shows a history of your secure score over the past 90 days as well as a section on implementation actions that have been completed and require completion. Microsoft provides simplicity in undertaking actions that can have a significant impact on your organisation’s data security and secure score such as configuring multi-factor authentication for Azure AD privileged roles which can be done within a few clicks.
On the main Security Center dashboard, like the compliance centre you will also be able to see data loss prevention policies as these have a significant impact on security. You will also see cards for identity protection, device compliance and malware protection, cloud app security, infrastructure protection and malicious content.
The detect section in the new Microsoft Security Center, focuses on security alerts for threats such as potentially harmful malware, unwanted software or suspicious user activity. Alerts in the Security Center show more detail than alerts in the Compliance Center, as responding to potential security breaches is of chief importance and needs to be done immediately once the organisation is alerted.
In Summary: Microsoft 365 Security and Compliance Center
The new Microsoft Security and Compliance Center presents two intuitive user interfaces that make it easier for organisations to manage their security and compliance requirements as separate, specialist areas. Through the compliance and security scores, organisation’s can quickly develop a general understanding of where they stand overall and with checklists and alerts you easily take actions and respond to threats to secure your data and improve your compliance and security scores.
If you need further information on how the Microsoft 365 or Office 365 Security Centers can be properly implemented and configured to meet your data protection and compliance requirements, we are a Microsoft Gold Partner with Office 365 specialists happy to respond to any questions.
If you’re interested in furthering your knowledge, consider our Office 365 Security & Compliance training course.
Liza is a SharePoint consultant with over 15 years’ experience in the private and public sector in the use and delivery of SharePoint and other collaboration solutions using Microsoft 365. She is passionate about technology and improving productivity and quality through collaboration and innovation.
Follow us on social