Welcome to the Security and Compliance Center Series. This is part 1 of a 3-part series. At the bottom you find the next topics for part 2. In this series we will look at the following topics:

As you see this first part is all about policies. I highly recommend that you go through this article step by step. It just makes way more sense in the end. If you have any questions don’t be afraIT to comment or write me at Twitter.

If you are interested in my other series “Mastering common challenges with Office 365” you can check that out where I talk about PowerShell, OneDrive, SharePoint, SharePoint HubSites and Microsoft Teams or you can read the my most ridiculous article 🙂 about “How to use 7 tools to create 1 simple survey“. My goal is, that you to have fun working with Microsoft tools.

Configure your Office 365 Tenant

Login as your global administrator at https://portal.office.com or https://office.com and click on Security and Compliance Center. If you don’t see the app, go to the App launcher, All Apps and select Security and Compliance Center. You can also go directly to Security and Compliance Center by clicking the link https://protection.office.com

Go to Security and Compliance Center
Go to Security and Compliance Center

Navigate to Search & investigation on the left side menu and click Audit log search. Click Start recording user and admin activities. Wait for the below message to disappear before running an Audit log search. This may take some time, so make sure, that you enable it as early as possible, so you can use it, when you need it.

Enable the audit log
Enable the audit log

Next, navigate to the Alerts – Dashboard. You probably get a notification, that this changed. It did in my tenant and looked different in the past.

Alerting Dashboard Welcome
Alerting Dashboard Welcome

Depending on your license you have more options. If you have an Office 365 Enterprise E5 license, you can check the Office 365 Cloud App Security under Manage advanced alerts and turn that on.

Manage Cloud App Security
Manage Cloud App Security

If you open den Alert – Dashboard for the first time you might get an indicator that you should click through. There is then a button called “Get started with Office 365 analytics”.

Next go the Exchange Online Admin Center, therefore go the Office 365 admin center and then under Admin Centers click on Exchange.

Open the Exchange Admin Center
Open the Exchange Admin Center

Then click the mail flow tab on the left-hand side and then go to “rules”. Check the rules and if you see an unneeded rule, delete that. You might see a rule called “Delete if sent outside the organization”. Delete this rule if not needed by clicking the rule and then click the delete Icon (Trashcan) at the top.

Delete a rule in Exchange Admin Center
Delete a rule in Exchange Admin Center

That’s all you should do to configure your tenant for now. Next is the retention and deletion policy topic as well as permissions.

Retention and Deletion Policy

On the left side menu in the Security and Compliance center, click Permissions (1). Click on Organization Management (2), scroll down and click Edit (3) on the same line as Members. Choose members, click the +Add button, select your global administrator account, and click the Add button at the bottom. Click the Done button at the bottom and then click the Save button.

Become part of Organization Management
Become part of Organization Management

Click eDiscovery Manager, scroll down and click Edit on the same line as eDiscovery Administrator. Click Choose eDiscovery Administrator, click the +Add button, select your global administrator account and click the Add button at the bottom. Then click the Done button at the bottom and then click the Save button.

Next click Data Governance and then click Retention. Then click “+ Create”.

Create your Retention
Create your Retention

Name the policy whatever you like. I will show in the article a retention for Microsoft Teams which is quite new in Security and Compliance center.

If you want to know more about retention and Microsoft Teams you can check a great article by Tony Redmond and his at “What You Need to Know About Teams and Office 365 Retention Policies“.

I named the policy “3 Year Microsoft Teams Data Retention” and added the description “This policy retains all Microsoft Teams data for 3 years (1095 days). Created by Patrick afraIT”. Then click Next.

Name your policy
Name your policy

Select “Yes, I want to retain it”, ensure the first drop-down says, “For this long…”, update the second field to “3”, ensure the last drop-down is set to “years” and ensure the “Retain the content based on” field is “when it was created”. Click Next.

Settings of your policy
Settings of your policy

Ensure the option, “Let me choose specific locations” is selected. Toggle all off except for “Teams channel messages” and “Teams chats”. Click Next.

Location of your policy
Location of your policy

Verify all settings are correct and click “Create this policy”. The status for the policy will say, “On (Pending)”. Once it says, “On (Success)” the policy is active and is now retaining data based on the configuration of the policy. This can take up some hours.

Pending policy
Pending policy
Active policy
Active policy

Next let us check the deletion policy.

Go again to Data Governance and then click Retention. Click the “+Create” Button. Again, you can name the policy whatever you like, I created a deletion policy for “old” OneDrive data, so I named the policy “5 Day Deletion Policy” and added the description “This policy will delete any OneDrive data 5 days after is has been created. This policy will affect only the individual accounts included in the policy and isn’t an organization wide policy.”. I know, it does not make sense, but for demo purpose, it is a good way to show a little bit of variety. Then click on Next.

Name your deletion policy
Name your deletion policy

Select the option, “No, just delete content that’s older than”. Update the number field to “5”, the middle drop-down to “days” and the delete the content based on drop-down to “when it was created”. Then click Next.

Settings of your deletion policy
Settings of your deletion policy

Ensure the option, “Let me choose specific locations” is selected. Toggle all off except for “OneDrive accounts”. Click next when completed.

Location of your deletion policy
Location of your deletion policy

Now verify all your settings and click “Create this policy”. Again, it takes up to 1 day, but it normally takes only a few hours or even less.

Review your deletion policy
Review your deletion policy

Labels and Label Policies

In your Security and Compliance Center go to Classifications (1) and then click Labels (2). Click “+Create a label” (3).

Create a label
Create a label

You can create a label for contracts, statements, offers etc. I will create one for contracts. So, you just enter “Contracts” as the name and you can also add a description for administrators and users. Click then Next.

Under Label Settings turn on the Retention and configure the settings as you need it. My retention is set to 7 years and this content gets deleted after that time. In addition, the label classifies the content as a record. Then click Next.

Label settings
Label settings

Review your settings and click on “Create this label”. You can add many more labels, but I think you get the idea of a label now.

Next go to the Classification menu in the left-hand side and click on “Label policies”. Then click on “Publish labels” at the top. Under Choose labels to publish click Choose labels to publish.

Choose labels to publish
Choose labels to publish

Under labels click “+Add” and select Contracts. Click Add, next click Done.

One label added
One label added

 

Then click Next and under “Choose locations” select “Let me choose specific locations”. Unselect all options except for OneDrive accounts and click Next.

Choose of location of your label policy
Choose of location of your label policy

Under Name your policy type “OneDrive Contracts” and click Next.

Name your label policy
Name your label policy

Under Review your Settings click Publish Labels and click Close.

Now let’s apply the label. Open your OneDrive for Business and upload a document. Select the file and click on the information icon in the upper right corner below your user account profile icon.

Open your OneDrive file information
Open your OneDrive file information

On the right-side info panel, you should see a similar picture as the one above. Click inside the “Apply label” column and select your label.

Assign a label to a file in OneDrive
Assign a label to a file in OneDrive

When you create a label policy for SharePoint you can add the label in the library settings and apply the label under “Apply label to items in this list or library”. After that, you can add the label column to your view to have a better overview.

Supervision Policies

Make sure you are again logged in as your global administrator and go to Permissions (1) in the Security and Compliance Center. Click on Supervisory Review (2) and add your global administrator to the Members (3).

Add a member to Supervision Review
Add a member to Supervision Review

On the left side menu click Data Governance (1) and then click Supervision (2). Then click “+Create” (3).

Create Supervision
Create Supervision

In this article I named the policy: Master Review and added as description “This policy is kind of god-like mode. The reviewer can “obviously” review emails.” and then click Next.

Give your supervision a name
Give your supervision a name

Under Supervise these users or groups, add your global admin account then click Next. Of course, you can supervise other users. But please make sure, that you should really supervise the selected user. It is probably not the best idea to supervise your CEO…

Under Choose communications to review, leave the default settings, then click Next. We want to monitor the inbound and outbound direction here for this demo.

Under Specify percentage to review, change the value from 10% to 100%, then click Next. This setting will then send every mail to supervision. A normal use-case would be e.g. to check randomly with a 10-20% setting some of your support people, if you are concerned about the language they write. Just an idea…

Under Choose reviewers, add your global admin account then click Next. Here could of course also be somebody of your security team, or other departments which are responsible for the use case.

Review your settings and click on Finish and Close.

Review the supervision
Review the supervision

To test your supervision policy, go to Outlook Online logged in as your global administrator and send a test email to yourself.

Test your supervision
Test your supervision

Wait a few minutes, refresh the page and verify if the Supervision mailbox, Supervision – Master Review appears. It should look then like my following screenshot:

Verify your Supervision Mailbox
Verify your Supervision Mailbox

Select the new email in the supervision mailbox and the click Supervisory Review option under the sender.

Supervise a email and take action
Supervise a email and take action

Choose whatever suits you best and confirm.

Click the Compliant folder and you will see the message has been moved.

Supervision done
Supervision done

This is it for the Security and Compliance Center Series Part 1.

Part 2 is already almost ready and will contain the following topics: In-Place Archiving, Data Loss Prevention, Advanced Threat Protection and GDPR / DSGVO. Follow me on Twitter to stay up-to-date and share this article to help me spread the news!

LEAVE A REPLY

Please enter your comment!
Please enter your name here