Welcome to the first episode in our Compliance Chronicles Video Series. My name is Andrew Field and I am a cloud compliance specialist at Bulletproof. In today’s episode we’ll discuss, at a high level, some common compliance challenges faced by today’s organizations and we’ll cover Microsoft Compliance platform’s workloads to see how they help address these challenges.

Today’s organizations face many compliance challenges such as preventing data leaks, insider risks, classifying data, evolving regulations and responding to audits and data subject rights requests. Couple that with organizations having limited resources and tools to help identify and mitigate risks while also meeting their compliance requirements and employee privacy standards. All at a time of exponential growth of data, blurring of traditional organizational boundaries and the acceleration of collaboration among the workforce; has made compliance and governance more challenging than ever. Microsoft Compliances is here to help address these challenges and is well positioned with a large footprint comprised of a number of workloads. Before looking at the workloads, for the sake of clarity, I will be categorizing them within the following areas:
• Information Protection & Governance
• Internal Risk Management
• Discover & Respond
• And Compliance Management

Now, the main goal of the first area, Information Protection & Governance, is to enable organizations to identify important information and protect it. This is accomplished by the data classification workload that allows for the auto-detection of sensitive information and the labelling of your organization’s content. Building on this identified sensitive or labeled content, Data Loss Prevention, will track, encrypt or block this sensitive/confidential information that is being sent through email or shared from teams, SharePoint or OneDrive, protecting your organization from inadvertent or malicious loss.

And let’s not forget the important function of records management. This compliance feature allows for the classification of content for the purpose of retention and provides an end-end process to track content during its retention periods through to archive or disposition.

The next area, Internal Risk Management, helps minimize internal risks, from your users or contractors, by enabling you to detect, investigate, and act on malicious and inadvertent activities. This is accomplished through its three workloads:

1. Insider risk management – that help you quickly identify, triage, and act on risky user activity.
2. Endpoint Data Loss Prevention that logs and controls what users can do with the organization’s content while using their laptops or phones. And,
3. Communication Compliance which focuses on Protecting sensitive information and detecting and acting on inappropriate messaging and code of conduct violations.

The third area, Discover & Respond, centers around the management of investigations for when incidents are discovered. The main workload, Advance eDiscovery which builds on the existing Microsoft eDiscovery and analytics capabilities, provides your human resources and legal teams with an end-to-end workflow to preserve, collect, analyze, review, and export content related to your investigations.

The final area is Compliance Management and it’s primary workload, Compliance Manager, helps you manage your organization’s regulatory compliance requirements from taking inventory of your data protection risks to managing the complexities of implementing controls,
staying current with regulations and certifications, and finally reporting to auditors.

As you've heard Microsoft Compliance provides a complete solution to help customers meet compliance needs through one platform.

Well, that brings us to the end of episode 1 of the Compliance Chronicles. I hope you have found this overview useful, and I recommend that you check out our other upcoming episodes where we will be digging deeper into the different areas of the Microsoft compliance stack. Thank you for watching.