Over the last year, Microsoft has introduced several new features which help manage and control your data to meet your compliance needs. Their integrated solutions for data governance include increased encryption, access control, eDiscovery and auditing.
Compliance Manager within Office 365 provides in-depth information around data protection and risk, helping you to maintain compliance and respond appropriately to audits and legal requests.
To help you make the most of Compliance Manager, we’ve put together the following 5 steps.
- Assign permissions for eDiscovery
If users need to perform eDiscovery tasks, they will need to be assigned specific role groups within the Security and Compliance Centre. There are two groups which a user can be added to: Reviewer and eDiscovery Manager. The role of the reviewer has the most restrictive permissions. Members of this group can only see the open list of cases on your eDiscovery page and access Advanced eDiscovery analysis. eDiscovery managers can fully manage the eDiscovery process. They can add and remove members from groups and cases, place information on hold, create and edit searches and export the results of a search for analysis in Advanced eDiscovery.
You can assign permissions within the permissions menu in the security and compliance centre. Once you have selected the permission required, use the add button to add users to the eDiscovery Manager and Administrator roles. To add a Reviewer, repeat the process but select the Review role group.
- Creating eDiscovery cases
To create a new case within the security and compliance centre click search & investigation, eDiscovery and then click create a case.
Once you have done this you will be asked to create a name and description for the case. After this, your case will then be displayed on the main eDisocvery site.
- Add users to a case
When you have created a case, you will then need to add members. The only people who have permission to do this will be Reviewers and eDiscovery Managers. In the security and compliance centre click search and investigation, then eDiscovery to find a list of cases in your organisation. Click the name of the case you need to add members to and then click the add function to add users as members.
All you need to do next is select the users from the list of eDiscovery managers and then press the add button to update your case. Once you have done this you will receive a confirmation on screen which lets you know that your additions have been made.
- Legal hold
Creating holds within Compliance Manager allows you to preserve content which might be relevant to a case. You can place a mailbox on hold as well as OneDrive for Business, SharePoint sites and group mailboxes. You can also place a mailbox and site on hold that is associated with Microsoft Teams. When you have placed items on hold they will stay in place until you remove the hold from the content location or until you delete the hold itself. When you create a hold, you can either specify a date range to hold only content that was sent, received or created within that date range. Or you can create an infinite hold which will hold all content within that location.
To add a hold, go back to your list of cases in your organisation and open the one you need. On the homepage for the case go to the Hold tab. On the hold page, click new and then give it a name. You will then be able to add the content locations you want to place on hold. If you add a SharePoint location press the add button and then type in the URL you want to put on hold.
Next, you will need to create a query with conditions. To do this all you need to do is fill in the keywords list and let Compliance Manager know what it is you want to search for. If you leave the box blank, then all content will be put on legal hold.
After configuring a query-based hold, click Finish to create the hold. This process may take some time to complete as it will not only enable the hold but also filter the content for the hold to the query that you defined earlier. In the Hold pane you will be able to see the number of mailboxes and sites on hold, as well as statistics about the content – including the size of items on hold. You can access this information any time by clicking Update Statistics.
- Run a Search
Content searches associated with a case can only be accessed by eDiscovery Managers. To search go to the Search tab (next to the hold tab) and then click the add button. It will then ask you to name your search.
Next, choose the locations you wish to search. If you want to search information that has been put on hold you can opt to look at all case content. If you need a wider search use Search Everywhere and then select all options. Custom location allows you to select specific mailboxes and sites you want to search. When you select this option, it will bring up a list of all content locations you have put on hold. You can also select all of these.
After you select the content locations to search, click Next, then add any keywords and conditions to create the search query. You can utilize Sensitive Type syntax and a simple list of terms.
Once you have saved the search it will begin to run. You can get the results at any time by clicking on Update Statistics which will rerun a search to estimate the current number of items found.
When the search is complete you can export the results. Mailbox items will be downloaded in PST files or as induvial messages. When content is exported from SharePoint and OneDrive for Business, copies of documents are exported.
Compliance Manager has been specifically developed to help organisations specifically comply with the likes of HIPAA and the EU General Data Protection Regulation, or GDPR, as well as ISO 27001, ISO 27018, and NIST. At bluesource, we help you regain control, making the journey to compliance a smooth ride for everybody involved.
By our very core we are compliance and eDiscovery experts from working with many organisations that are heavily regulated in sectors such as finance and insurance and can provide invaluable insights into optimising compliance solutions. To find out how we could help you get started with Compliance Manager, get in touch.