The Security and Compliance Center is another aspect of Office 365 that I really like. When it comes to governance and making sure your Office 365 environment is security, there is no better place. It may be email security, viewing audit logs, setting alerts for vulnerabilities, etc, it’s in the Security and Compliance Center
Just like I did for the previous admin centers, I’ll cover some of the items in the Security & Compliance Center.
- Alerts: This works in conjunction with the unified audit log, Office 365 Cloud App Security, and other services in Office 365. In this section, you can set up alerts around activities in SharePoint such as Site Collection creation, file sharing, and other activities. You can also be notified of mail delays, malware detection and creation of mail forwarding rules.
- Permissions: Due to the nature of what is in the Security & Compliance center, you may want people to have access to various aspects of it, without given them Office 365 Admin rights, or even full permission to it. Permissions have several built-in permission policies you can assign to people like Compliance Administrators, Records Management, and Security Administrators. They can access the site for monitoring purposes or to perform their administrative jobs without having access to everything.
- Classifications: Labels in Office 365. While just three sections in the security & compliance center, this is a topic that can get complex. This all revolves around data classification, retention rules, and sensitive information types. You can create labels on policies in here to auto-classify certain content based on detected information within the file (Financial, PII, etc.). You can then set various policies based on how data is classified with these labels. These labels can be used in Outlook SharePoint and OneDrive.
- Data Loss Prevention (DLP): Configuration of all the policies around keeping your data safe. Policies can be created in this section to prevent external sharing of content that contains sensitive information. For example, if 10 social security numbers are detected in a document, block any external sharing. Or if any credit card numbers are detected in a file block the file from being emailed or shared. You can also configure different actions for internal sharing vs. external sharing.You can also configure basic device management policies in this area. Things like requiring a password on devices accessing data. Or require encryption on any devices accessing data and block any devices that are jailbroken.
- Data governance: Just what it sounds like, governing your data. Reports/status on importing PST files to Exchange Online, mailbox Archive settings, retention policies for data, data that requires a disposition review at the end of its retention period, and supervision that allows you to capture email and 3rd party communication so it can be examined.
- Threat management: This is all about email. Malware, Phishing, and Spam. You can view reports about emails going in and out of your organization that are classified in any of these categories and view how many your organization or individual users send/receives a day. It’s also where you can configure custom policies around spam filtering and malware filtering. Think of this as your mail security hub.
- Search and Investigation: Content Search, eDiscovery, and your Unified Audit log. The first thing you should do in ANY Office 365 environment is going to the Audit log search in this section and enable it. This is NOT enabled by default can be a valuable source of information when it’s needed. This is where you can track ANY activity happening within your Office 365 environment. This is also where you can do perform content searches and eDiscover as part of an audit or legal case.
This is just an overview of the Security and Compliance Center, just like most of these admin centers, there is a lot to learn and be aware of in each one. Hopefully, this at least helped make you aware of what’s available and what you can do within the Security & Compliance Center.