Welcome back. In this lesson, we are going to take a look at the communication compliance workflow.

In a nutshell, the communication compliance workflow follows four phases.  They include Configure, Investigate, Remediate, and Monitor.

During the configure phase of communication compliance, you identify compliance requirements, and you configure your communication compliance policies. Because communication compliance provides built-in policy templates out of the box, you can use them to create and configure your compliance policy or policies. The templates that come with communication compliance are not rigid. In other words, you can customize them to fit your requirements. They can also be updated if your requirements change over time. For example, instead of configuring an anti-harassment policy for all users right out of the gate, you can create a policy and test it on a small pilot group. If it does what you expect it to, you can then configure a policy for all users in the organization.

The Investigate phase is the second phase in communication compliance in Microsoft 365. During this phase, you use the Microsoft 365 compliance center to investigate any issues that are detected as a result of a match with a communication compliance policy. Using the communication compliance dashboard allows you to view alerts, to perform issue management, to review documents, and to review user activity history. You can also filter on the information you want to view.

Alerts are raised whenever a message matches a communication compliance policy. When viewing an alert, you can view the alert’s status, the severity of the alert, the time of the detected event that raised the alert, and you can see if a case has been assigned, along with the case status.

For each alert that is raised, you can use the communication compliance dashboard take investigative actions in an effort to remediate the detected issue that raised the alert to begin with.

There are different types of views available in the dashboard that can be used to evaluate issues during the investigation of those issues. These views include a conversation summary, text-only, annotated, and detail views of the communication conversation that you are investigating.

The dashboard also allows you to view the history of user message activities, along with remediation actions for policy matches. For example, you can view past notifications and escalations.

The filters allow you to filter on things like sender, recipient, date, and subject. This allows you to more easily find only the message alerts that you need to review.

During the remediation phase, which is the third phase of the process, you take steps to remediate the communication compliance issue that you are investigating. There are a few different options that you have at your disposal. 

For example, after you’ve reviewed a particular issue, you can remediate it by resolving the alert. When you resolve an alert, that alert gets removed from the alert queue. The resolution of the alert, though, is saved in the Resolved queue for the matching policy. I should mention that if you mark an alert as a false positive, the alert is automatically resolved. Alerts are also automatically resolved any time you send a notice to a user about the alert, or when you open a new case for the alert.

Another option that you have at your disposal is message tagging. So, what this means is, is that during issue resolution, you can tag detected messages as compliant, non-compliant, or as questionable in the context of your policies and standards. Tagging messages makes it easier to filter policy alerts for escalation.

User notification is another tool you have at your disposal during the remediation phase. This tool is useful because users will sometime violate your communication compliance policies by accident. When this happens, you can use the notify feature to send a warning notice to the offending user, letting them know that they’ve violated your communication compliance policies. When you do this, you can resolve the issue.

Sometimes, during the remediation process, you’ll need to escalate to another reviewer. This will sometimes be necessary when you need input from other reviewers before you can resolve an incident. Communication compliance in Microsoft 365 allows you to escalate message issues to other reviewers, when necessary, as part of the resolution process.

You can also mark messages as false positives during the remediation process. You’ll sometimes have to do this when messages are incorrectly detected as matches of compliance policies. When you mark a message as a false positive, the alert is automatically resolves.

And last but not least, in the most serious cases, you can create a case. In these circumstances, you may have to share communication compliance information with the other reviewers in your company. In these scenarios, when you have to escalate a case for investigation, you can transfer data and management of cases to Advanced in Microsoft 365. Doing so allows your organization’s legal team to manage the entire legal hold notification workflow. 

So, as you can see, there are quite a few tools available to you during this third, remediation phase.

Once you start generating alerts and investigating and remediating issues, you may come to the realization that you need to maybe modify your policies somewhat. You may even need to create entirely new policies. This stuff all happens in the Monitor phase. Now, the Monitor phase isn’t really a “fourth” phase that happens after the first three. It’s more of an overarching phase that encompasses the other three. To monitor overall communication compliance in Microsoft 365, you use the communication compliance dashboards that are available, you view reports, you export logs, and you view the events that are recorded in the unified audit logs. By doing these things, you can evaluate your communication compliance and improve and alter your policies where necessary.

So, the key takeaway here is that there are 4 overall “phases” to the communication compliance workflow. During the Configure phase of communication compliance, you identify compliance requirements, and you configure your communication compliance policies. During the Investigate phase, you use the Microsoft 365 compliance center to investigate issues that are detected as a result of a match with a communication compliance policy. During the Remediation phase, you take steps to remediate the communication compliance issue that you are investigating. The Monitor phase is an overarching phase that encompasses the other three. During the Monitor phase, you evaluate your communication compliance and improve and alter your policies where necessary.