Section 14 - Implement and manage Microsoft Purview Communication Compliance

Plan for communication compliance
This tool helps you identify and address potential risks before they become problems. It can detect inappropriate messages like harassment or threats, as well as leaks of sensitive information across various communication channels, including email, Microsoft Teams, and Microsoft Copilot for Microsoft 365.
Capabilities and Limitations
| Feature | Benefit | Role | 
|---|---|---|
| Role-based access control | Ensures users only have permissions for their assigned tasks. | All Users | 
| Multiple conditions in policies | Refines policy accuracy with keyword matching, sensitive information detection, or domain scoping. | Administrator | 
| End user reporting | Proactive approach to identifying communication risks. | Message Recipient | 
| Keyword highlighting | Provides clarity on flagged phrases and triggering classifiers. | Investigator | 
| Pseudonymization | Minimizes investigator bias during reviews. | All Users | 
| Selecting communication channels | Allows users to choose channels for content pattern detection. | All Users | 
| Feedback loop for misclassified items | Improves future classifier performance. | All Users | 
| Limitation | Impacted Users | Mitigation Strategy | 
|---|---|---|
| False positive messages | Message senders | Report misclassified items for classifier improvement. Human review before action. | 
| False negative messages | Admins, message recipients | Combine machine learning with keyword matching or user scoping. | 
| Limited support for evasive typing | Message recipients | Basic coverage for letter-number swaps, future improvements planned. | 
| Limited language support | Message recipients | 12 most used languages currently supported. | 
Breakdown of the key steps
1. Identify Stakeholders
- Collaborate with key departments like IT, Compliance, Privacy, Security, HR, and Legal to define a communication compliance workflow.
- Assign dedicated personnel to investigate and review alerts within the Microsoft Purview portal.
2. Permissions and Roles
- Ensure users have the necessary roles (6 pre-defined groups) to access Communication Compliance features. Refer to "Enable permissions for communication compliance" for details.
3. Define Scoped Users
- Determine who needs their communications reviewed by specifying user email addresses or groups (Microsoft 365 Groups, Distribution Lists, Teams channels etc.) in your policy. You can also exclude specific users or groups.
- Users must have a qualifying Microsoft 365 license to be covered by communication compliance policies.
4. Assign Reviewers
- Designate reviewers (individuals or groups with Exchange Online mailboxes) who will analyze messages from the scoped users. Reviewers need specific role assignments ("Communication Compliance Analysts" or "Communication Compliance Investigators") within the policy they investigate.
5. Groups for Efficiency
- Consider creating dedicated groups for both users under review and reviewers to simplify setup. Distribution or Microsoft 365 groups can be used here.
- Note limitations for groups like dynamic distribution or nested distribution lists.
6. Privacy Settings
- Choose a privacy setting for usernames displayed in communication compliance alerts: - Show anonymized versions: Usernames are hidden for "Communication Compliance Analysts" but visible for "Investigators."
- Do not show anonymized versions: Usernames and profile information are displayed for all reviewers.
 
7. Planning Communication Compliance Policies
- Utilize pre-defined templates to quickly create policies for inappropriate content, sensitive information, and regulatory compliance.
- Consider including all users in your organization for policies like harassment or discrimination detection.
- Initially, set the communication review percentage to 100% to identify all potential issues.
- Leverage third-party connectors to analyze communication from external sources imported into Microsoft 365 mailboxes.
- For languages other than English, build custom keyword dictionaries or trainable classifiers in Microsoft 365.
- Define specific detection criteria using policy conditions and custom sensitive information types to meet your organization's unique needs.
Create and manage communication compliance policies
- Communication compliance policies are created and managed within the Microsoft Purview compliance portal, not through PowerShell.
- These policies define: - Which communications and users are reviewed.
- Custom conditions communications must meet for flagging.
- Who conducts the reviews.
 
- Communication Compliance Admins can set up and access policies and global settings.
- Policy modification history can be exported as a CSV file, including: - Pending review alerts
- Escalated items
- Resolved items
 
- Policies cannot be renamed but can be deleted when no longer needed.
You find the communication compliance overview page from https://purview.microsoft.com/cc/overview and from there you can create a custom policy or use templates

Communication Compliance Policy Templates
| Area | Policy Template | Details | 
|---|---|---|
| Copilot Interactions | Detect Copilot for Microsoft 365 interactions | Location: Copilot for Microsoft 365 Direction: Inbound, Outbound, Internal Review Percentage: 100% Conditions: No default conditions (select at least one) | 
| Inappropriate Content (Preview) | Detect inappropriate content | Location: Microsoft Teams Direction: Inbound, Outbound, Internal Review Percentage: 100% Conditions: Hate, Violence, Sexual, Self-harm classifiers | 
| Inappropriate Text | Detect inappropriate text | Locations: Exchange Online, Microsoft Teams, Viva Engage Direction: Inbound, Outbound, Internal Review Percentage: 100% Conditions: Threat, Discrimination, and Targeted harassment classifiers | 
| Inappropriate Images | Detect inappropriate images | Locations: Exchange Online, Microsoft Teams Direction: Inbound, Outbound, Internal Review Percentage: 100% Conditions: Adult and Racy image classifiers | 
| Sensitive Information | Detect sensitive info types | Locations: Exchange Online, Microsoft Teams, Viva Engage Direction: Inbound, Outbound, Internal Review Percentage: 10% Conditions: Sensitive information, pre-built content patterns and types, custom dictionary option, attachments larger than 1 MB | 
| Regulatory Compliance | Detect financial regulatory compliance | Locations: Exchange Online, Microsoft Teams, Viva Engage Direction: Inbound, Outbound Review Percentage: 10% Conditions: Customer complaints, Gifts & entertainment, Money laundering, Regulatory collusion, Stock manipulation, and Unauthorized disclosure classifiers | 
| Conflict of Interest | Detect conflict of interest | Locations: Exchange Online, Microsoft Teams, Viva Engage Direction: Internal Conditions: None | 
Custom policy
Choose user, groups or use Adaptive scopes

And you can choose the locations to be detected

And the conditions for the direction and you can even limit the conditions further

You can use OCR to search from images for handwritten text. And exclude Mass mailer services.

Once done, you will see the policy activating.

Then it's time for the next step
Investigate and remediate communication compliance alerts and reports
Once communication compliance policies are configured, you'll receive alerts for messages flagged by policy conditions. Here's what you need to investigate and remediate these issues.
Required Permissions
- Communication Compliance Analyst or Communication Compliance Investigator role group membership
- Reviewer designation in the specific policy associated with the alert
Investigating Policy Matches and Alerts
- Policies Page (Microsoft Purview): - Review policy details like new pending alerts, total pending/resolved alerts, status, last modification/scan dates.
- Select a policy to launch the "Policy details" page for further actions.
 
- Alerts Page (Microsoft Purview): - View the last 30 days of alerts grouped by policy (most to least alerts).
- Note: An alert represents multiple policy matches triggering email notifications.
 
- Reports Page (Microsoft Purview): - Access communication compliance report widgets for insights into policy matches and remediation actions.
 
Tips for Reviewing Policy Matches
- Pending/Resolved Tabs: - A yellow banner highlights the triggering condition(s) at the top of the "Source" tab for each reviewed message.
- Select "View all" in the banner to see all conditions causing the match (currently limited to trainable classifiers and sensitive information types).
 
- Policy Settings Button: - Quickly review policy conditions without opening the entire policy (useful for comparing multiple policies).
- View and edit settings (Communication Compliance/Admins role) or view only (Analysts/Investigators).
 
Policy Matches and Alerts
This table summarizes the steps involved in reviewing and remediating policy matches and alerts in Communication Compliance:
| Stage | Description | Options | 
|---|---|---|
| Examine Message Basics | Quickly assess message for remediation based on source or subject. | Resolve - Item was misclassified: Classify message as incorrect and remove it from pending queue (applicable to trainable classifiers only). Tag as or Escalate: Assign tags or send messages to designated reviewers. | 
| Examine Message Details | View complete message details to determine further action. | Sentiment: Analyze message sentiment (Positive, Negative, Neutral) to prioritize review. Attachments: View extracted text content of modern attachments. Source: Standard message view with header information and body. Plain Text: Line-numbered text with keyword highlighting for sensitive information. Conversation: View up to 10 messages before/after flagged message for context (Teams chats only). Download conversation details as image and CSV files. User History: See past alerts generated for the message sender. Pattern Detected: Identify recurring harassing/bullying behavior by a user (applicable to policies). Translation: Automatically translate message text to reviewer's configured language. | 
| Decide on Remediation Action | Choose an action based on message details. | Resolve: Remove message from pending queue (no further action possible). Power Automate: Use a flow to automate message processing tasks. Tag as: Classify message as compliant, non-compliant, or questionable. Notify: Send a warning notice to the message sender using a pre-configured template. Escalate: Send message to additional reviewers for further review. Escalate for Investigation: Create a new eDiscovery (Premium) case for the message(s). Remove message in Teams: Block inappropriate messages and content in Teams channels and chats. (For Teams messages only). | 
| Review Microsoft Teams Meetings Transcripts (Preview) | Analyze transcripts for actionable alerts (if Teams transcripts are enabled). | Review transcripts for scheduled, recurring, and unscheduled meetings based on specific user roles and participation. | 
You can read the detailed instructions from Learn

Investigate and remediate communication compliance alerts
Closure
Breakdown
- Stakeholders & Permissions: - Collaborate with relevant departments to define workflow.
- Assign roles for investigating and reviewing alerts.
 
- Scoped Users: - Define users/groups whose communications are reviewed.
- Assign reviewers with proper roles.
 
- Groups (Optional): - Create dedicated groups for users and reviewers for easier setup.
 
- Privacy Settings: - Choose a privacy setting for usernames displayed in alerts.
 
- Communication Compliance Policies: - Use templates for common policy types.
- Consider including all users for sensitive topics.
- Set a high review percentage initially.
- Explore third-party connectors for external communications.
- Build custom dictionaries/classifiers for non-English languages.
- Define specific detection criteria using policy conditions.
 
Create and manage policies
- Communication compliance policies are created and managed within the Microsoft Purview compliance portal, not through PowerShell.
- These policies define: - Which communications and users are reviewed.
- Custom conditions communications must meet for flagging.
- Who conducts the reviews.
 
- Communication Compliance Admins can set up and access policies and global settings.
- Policy modification history can be exported as a CSV file, including: - Pending review alerts
- Escalated items
- Resolved items
 
- Policies cannot be renamed but can be deleted when no longer needed.
Required Permissions
| Role | Actions | 
|---|---|
| Communication Compliance Analyst or Communication Compliance Investigator | Investigate policy matches and alerts | 
| Reviewer (assigned to specific policy) | Review messages flagged by the associated policy | 
Portals
| Location | Information | 
|---|---|
| Policies Page (Microsoft Purview) | * Review policy details (pending/resolved alerts, status, dates) * Launch "Policy details" page for further actions | 
| Alerts Page (Microsoft Purview) | View the last 30 days of alerts grouped by policy | 
| Reports Page (Microsoft Purview) | Access communication compliance report widgets | 
Reviewing Policy Matches
| Feature | Description | 
|---|---|
| Yellow Banner (Pending/Resolved Tabs) | Highlights triggering conditions for reviewed messages | 
| "View all" Button (Yellow Banner) | Shows all conditions causing the policy match | 
| Policy Settings Button | Quickly review policy conditions without opening the entire policy | 
Link to main post

Exam cram for SC-400 – Administering Information Protection and Compliance in M365
