Detect Workplace Harassment & Respond – Communication Compliance in Microsoft 365

Detect Workplace Harassment & Respond – Communication Compliance in Microsoft 365


– Coming up, I’ll walk you through Microsoft Communication Compliance,
now generally available. This proactively surfaces careless or negligent communication that may put your organization at risk so that you can identify, investigate, and stop
inappropriate conduct as soon as possible. Of course, communications are a vital part of your everyday business, so our approach to
communication compliance is one of trust, but verify. This means by giving you
the right visibility, processes and controls, to detect and mitigate
inappropriate conduct, while aligning to the cultural, legal, and privacy requirements
in which you operate. To be effective, you need to be able to quickly catch communication
violations at scale, to prevent financial, or negative impacts, on both your employees,
and your organization. in fact, getting this right can help you mitigate insider risk, and support a healthy company culture. This is where Microsoft
Communication Compliance helps. An evolution of Office 365
Supervision capabilities, where we’ve made a number of improvements to help you detect, investigate
and remediate violations. You get to Communication Compliance from the Solution Catalog in the Microsoft Compliance Center. Here, you can see our compliance solutions organized in three areas: Information protection and governance, Insider risk management,
Discovery and response. I’ll select Communication
compliance under Insider risk, and open the solutions. As you can see from our dashboards, we give you a holistic
view of communication that matches your policies. You can see policies that
have triggered recent alerts, a trend line of recent policy matches, as well as how many of those have been triaged by my reviewers. Next, on the bottom I
can see which policy, historically, have the
highest number of matches. And I can quickly see
the top users associated with policy matches, as well
as the number of escalations. One thing to note here is that this dashboard is an indicator of the number of policies
that have been matched. It’s not always an indicator
of policy violations, as this requires further investigations with your reviewers. Now you can imagine the volume of data you would have to query to
get an assessment like this. Behind the scenes, we use machine learning to reason over a huge volume of signals generated by sent and received e-mails and Teams conversations,
to discover and surface the incidents that you care about, measuring things like sentiment for intent or other anomalous behavior, like non-compliant communications. We’ve also configured email alerts, so that you can be notified when a high number of matches occur that need your attention. For example, here I’m being flagged for offensive language
matches in my organization. When I click on the email, I can quickly get a view of the incidents. And I can investigate further. For example, here I can see a
communication violations flag within this user’s Teams conversation. The first check I can do is see if this user has
a history of violations, and we can quickly see that
this user has one other offense. Now I can take action. In this case, I’ll send
an email notification, reminding the user of our corporate policy and a link to our training. I’ll choose from our
pre-configured notice templates, leave the defaults, and hit send. We’ve had built-in intelligence to detect profanities for a while, but we’ve now expanded the
offensive language classifiers, with built-in intelligence to identify threats, to others, or
even for the individual to harm themselves. Or even targeted harassment, which is where built-in sentiment analysis really kicks in, to find
the intent of communication based on the tone of what is being said. Now let’s switch gears, and
show you a different scenario, where we need to have a
communication policy in place to fulfill regulatory compliance. I’ll go back into policies,
and select Insiders. In this example, we’ve
detected a violation related to the US FINRA regulation, which requires organizations
to monitor things like insider trading. Here we are looking for
keywords and expressions, such as credit card or
bank routing numbers. Also, beyond the actual
message of an email or chat conversation in Teams, we know that violations can show up in the attachments that are sent. Not only you can view the content sent inline without
needing to download it, but we’ve added keyword highlighting so that you can quickly hone-in on inappropriate communications,
speeding up your review. I can also look at third-party sources that the system has also flagged. To see that, I’ll add a
filter, click on Item class, and select Instant Bloomberg messages. I can even go further, by investigating related communications through a capabilities
called Near Duplicate, which flags similar messages sent. This helps me to quickly detect patterns of related behavior, and now if I want to I can escalate this incident to other reviewers, via email. I’ll pick Adele, provide a
reason, and hit Escalate. If this was a severe violation, I could also create a
case with the violation, give it a name, provide a reason, and this will go directly to
the legal team to investigate. Now let’s switch gears, to show you how easy it
is to create a policy. I’ll go back to the policy tab, and this case select Custom policy. Now you can see the key steps
articulated on the left. First, I’ll provide a name. Next, I’ll choose users
or groups to supervise, as well as the reviewers for this policy. Choose your reviewers, choose the communication
locations to monitor. As I showed you earlier,
with the Bloomberg example, you can also supervise
non-Microsoft communications. I’ll start by adding a condition, this gives me a list of options. I’ll select the classifiers, and from here I pick from
built-in classifiers, such as the Harassment or Threat, that you saw in our
offensive language policy. Or you can build your
own data classifiers, such as the one I have here for customer complaints or privacy breach. If you want to build a classifier, you can do so in the Compliance Center under Data classifications. To learn more you can visit
aka.ms/dataclassifiers. Additionally, you can
also set your conditions based on your own dictionary of terms, by creating your own
sensitive information types or by using the ones we give you. Back in the policy, once you are done
specifying your conditions you can select the
percentage of communications you’d like to review with this slider. For example, regulatory compliance you might to scope to only 10% matches, whereas for corporate policy you might want to expose
100% of communications, since you might have zero tolerance. And from there, you can
review your policy settings, hit Create policy, and voila you are done.
(gentle music) So that was an overview of the new Communication
Compliance solution in Microsoft 365. We are continuously innovating
based on your feedback to bring you the most
comprehensive solution, and you’ll see ongoing updates in areas like more templates, improved remediation workflows,
and additional insights. To learn more, you can go to
aka.ms/CommunicationCompliance. Thanks for watching.

Comments

  1. Post
    Author
  2. Post
    Author

Leave a Reply

Your email address will not be published. Required fields are marked *