Office365 Configuring compliance and security features part 1/5

Office 365 Configuring compliance and security features part 1/5

The Office 365 Security and Compliance Center is the web-based management console that you can use to manage compliance features across Office 365 for the organization. In modern Information Technology (IT) environments, information security is essential. Users require access to their IT services at all times and on any device. For many devices, such as desktops, tablets, and smartphones, you need to help ensure that data is as secure as possible. Multiple-device access benefits your users, especially with the mass consumerization of IT, which spreads to business and government organizations. Employees introduce technologies, and the devices they use at home and in their workplaces with this type of access provide malicious hackers a larger surface of attack areas.

Compliance standards for Office 365
Office 365 offers a variety of security and compliance features to help organizations comply with certain federal regulations and help keep customer data secure.

Compliance Center
In the Security & Compliance Center, on the left side, the navigation pane has the following menu
– Home. This page provides top-level information about the Security & Compliance Center and what is available here.
– Permissions. This page provides an overview of all the permissions granted to users in your organization for compliance tasks, such as device management, DLP, eDiscovery, and retention.
– Security policies. On this page, you can manage devices and set up DLP policies.
– Data Management. This page has options for importing data from other systems. You can also set data retention policies here.
– Search & Investigation. On this page, you can use eDiscovery to manage cases.
– Reports. Here, you find user activity reports.
– Service Assurance. Service Assurance provides information about how Microsoft helps to maintain the security, privacy, and compliance of Office 365.

Configuring permissions in the Security & Compliance Center
If you want to allow users in your organization to perform tasks in the Security & Compliance Center, you need to grant them permissions. Then users will be able to perform compliance tasks such as device management, eDiscovery, and retention or DLP. Permissions in the Security & Compliance Center are based on the role-based access control (RBAC) permissions model. This model is also used in Microsoft Exchange Online. It grants permissions to administrators and users based on management roles. Exchange role groups and Security & Compliance Center role groups do not share membership or permissions. Within Office 365, you will find Administrator roles such as the Global admin or Limited admin access. The Limited admin access roles contain admin roles such as Billing administrator, Password administrator, Service administrator, User management administrator, Exchange administrator, SharePoint administrator, and Skype for Business administrator.

Relationship between roles and role groups
Roles grant permissions for a set of tasks. Role groups allow users to perform their jobs across the Security & Compliance Center. A role group includes a set of permission roles.

Existing role groups in the Security & Compliance Center
To manage access to the various compliance roles, the Security & Compliance Center makes certain role groups available:
– ComplianceAdministrator. The ComplianceAdministrator manages settings for auditing, device management, DLP, reports, and preservation. The assigned roles include:
– Case Management
– Compliance Search
– Hold
– Organization Configuration
– View-Only Audit Logs
– View-Only Recipients

The eDiscovery Manager performs searches and places holds on mailboxes,
SharePoint Online sites, and OneDrive for Business locations. The eDiscovery Manager can also create and manage eDiscovery cases, including adding and removing members from a case. The eDiscovery.
Manager creates and edits compliance searches associated with a case. The assigned roles include:
– Case Management
– Compliance Search
– Export
– Hold
– Preview
– Review

The OrganizationManagement role group controls permissions for
accessing features in the Security & Compliance Center. The Organization Manager manages settings
for auditing, device management, DLP, reports, and preservation.

Global administrators are automatically members of this group. The assigned roles include:
– Audit Logs
– Case Management
– Compliance Search
– Hold
– Organization Configuration
– Role Management
– Search And Purge
Service Assurance View
– View-Only Audit Logs
– View-Only Recipients

The Reviewer uses a limited set of the analysis features in Equivio Analytics. Members of this group can see only the documents that are assigned to them. They cannot create, open, or manage an eDiscovery case. The assigned role includes:
– Review

Service Assurance User
The Service Assurance User accesses the Service Assurance section within the Security & Compliance Center. Members of this role group can use this section to review documents related to security, privacy, and compliance in Office 365 to perform risk and assurance reviews for their own organization. The assigned role includes:
– Service Assurance View
Supervisory Review. The Supervisory Reviewer controls policies and permissions for reviewing
employee communications. The assigned role includes:
– Supervisory Review Administrator

Retention policy and archiving
These permissions are set in the Exchange admin center. Members of this group can configure compliance features such as Retention Policy Tags (RPTs), message classifications, and transport rules. The assigned roles include:
– Audit Logs
– Journaling
– Message Tracking
– Retention Management
– Transport Rules

The Compliance Policy Center contains policies to protect the SharePoint content you want, and you can set policies to delete content you do not want. Policies created here are assigned to a site collection or template. Because of compliance, legal, or other business requirements you might be required to retain documents for a certain time frame. Other documents held longer than required can create an unnecessary legal risk. By creating a document deletion policy, you can delete documents after a specific time frame. For instance, a document deletion policy can delete all the documents in OneDrive for Business that are older than seven years.

Give users access to the Security & Compliance Center
Before users can manage security or compliance features, you need to assign them the appropriate
permissions. Each Office 365 global administrator or member of the OrganizationManagement role group in the Security & Compliance Center can grant permissions to users. If you assign users only selected permissions, they will be able to manage only the security or compliance features you give them access to. You can grant users access in two ways: through the Office 365 Security & Compliance Center or through Windows PowerShell.

Categories: Cloud

Tags: , , , , , ,

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: