Planning for regulatory compliance in Microsoft 365
GDPR dashboards & reports
Using Compliance Manager
The course is part of this learning path
This course is designed to give you a firm understanding of the compliance features available to a Microsoft 365 administrator and how to manage regulatory compliance in a Microsoft 365 environment. Taking this course will also help you to prepare for the regulatory and compliance aspects of Microsoft's MS-500 certification exam.
- Understand what regulatory compliance is
- Plan and implement regulatory compliance features
- Learn how to manage regulatory compliance in Microsoft 365
- Manage Data Subject Rights (DSR) requests
- Report on compliance in Microsoft 365
This course is intended for anyone who wants a greater understanding of the regulatory compliance features that are available in Microsoft 365.
To get the most out of this course, you should have some experience using Microsoft 365 and a basic understanding of how the Microsoft 365 system works.
Microsoft Compliance Offerings: https://docs.microsoft.com/en-us/compliance/regulatory/offering-home
Microsoft 365 GDPR action plan: https://docs.microsoft.com/en-us/compliance/regulatory/gdpr-action-plan
Microsoft Compliance Documentation & Resources: https://docs.microsoft.com/en-us/compliance/?view=o365-worldwide
GDPR stands for General Data Protection Regulation and it is the regulation that requires businesses to protect the personal data and privacy of European Union citizens for transactions that occur within European Union member states. GDPR defines personal data as any information relating to an identified or identifiable natural person. For most organizations, this means implementing appropriate measures to protect information relating to employees, customers, and partners.
The GDPR expands the definition of personal data to include all information that could be used to indirectly identify individuals. Some examples of this type of information are ID numbers, health records, IP address, cookie IDs, HR records, customer contact details, biometrics, employment details, CCTV recordings, and call recordings.
Now, that is just some of the things you need to think it says any information relating to an identified person. So if your organization is holding information relating to a person that is a member of an EU state, then GDPR applies to you. This regulation applies to all companies that collect data on citizens of the European Union. It doesn't matter if your business is not based in the EU or does not do business in the EU. If your business collects data on EU citizens, then it must comply or potentially face the consequences of a breach.
Since the GDPR has been brought in, Microsoft have implemented specific things to ensure that you can make your organization GDPR compliant, most likely because of the amount of organizations that have to comply with the GDPR. All right, so now I'm gonna show you how to navigate the GDPR dashboard.
So what you wanna do is from the Microsoft 365 admin center, you can go show all, and go to the Security & Compliance Center. You can also get there by browsing directly through to protection.office.com. This is the Microsoft 365 Compliance Center home screen. And to get to the GDPR dashboard, what you wanna do is find data privacy, and then select GDPR dashboard.
So basically here we've got our GDPR dashboard. You can see here we've got learn about the tools, data subject request, how your organization is classifying data, and also risks and threats, which will show you any of the DLP policy matches or top targeted users. Now, all the stuff that's gonna show in here is dependent based on what you've got set up for your GDPR compliance needs.
So what we're gonna do is open the GDPR toolbox, which is a quick way to find all of the settings that you wanna do to comply with GDPR. So in here, we've got our Discover section, which helps you identify personal data related to GDPR in your organization. It does actually include the import data, and the find personal data.
So if you wanted to bring data into your Office 365 environment, and also to find content, it's under the Discover section. We've got the Govern section. This helps you to manage the classification, use, and access of personal data and includes shortcuts to labels and Compliance Manager. So you can see here, we can set up auto-apply labels or disposition of labels, and also jump into the Compliance Manager. So you can see here, you can just click on any of these, and it'll take you straight to the setting.
The next section is Protect. So this section helps you to secure personal data and detect and respond to threats. It includes the shortcut to create a DLP policy and also to apply cyber threat policies. So you can just click on them and go through to them.
So then the next section is monitor and respond. And as you can see, this is the largest section of the GDPR toolbox. And it includes the respond to DSRs, respond to legal investigations, review and explore label usage, set up the alert policies and review pending dispositions, view reports, visit Service Assurance. So once again, you can click on any of them as well. So this is basically how to navigate the GDPR toolbox, how to find the GDPR toolbox.
You can also, something that you may run into when you're doing these certain things, like if you try to import data, by default, you don't have permission to do it. What you can do is click on this button here, and that will take you to what permissions are needed to perform the tasks. So depending on what tasks you are performing, you will need different permission sets either inside of the Compliance Manager. Some of the sets are actually inside of the Exchange Admin Center as well.
So you can see here this article here, which is linked there. It shows you a bunch of information about what each permission thing needs.
So to change the permissions as well, you can go up to this permissions window up here. So if you find that you don't have permission to do something, you can go into this Permissions area, and you can either add yourself to a current group that's already there. So let's say, I don't know, you want Compliance Manager readers, you can click on that, and add either yourself or whoever's gonna be the administrator to this group or you an actually create your own group as you can see, I've done here with the test group. You can go create. Give yourself a name. And then choose the roles.
So once again, depending on what roles you need, this is the roles. They're all here. Depending on what roles you need, select the ones you need. So let's say you needed to have all of these roles. Add. And then you can choose your members. We'll just add the administrator to this group. And at the end, you see settings and create the group. So that's just a useful thing for if you do run into that issue because it is a common issue when trying to set up compliance settings that you may not have permissions to do the certain thing that you wish to do.
Jake is an IT manager for a managed services company that works with small- to medium-size businesses and manages their IT. He mainly works with a Microsoft Stack, from Servers to Microsoft 365 & Azure. He also specializes in business process improvement helping businesses to leverage technology to speed up their workflows. Jake really enjoys testing out new technologies and seeing what they can do. Outside of work he enjoys kayak fishing, gardening, and going to the gym.