Seeking O365 Compliance Center Experiences

Posted by

a083c-4fc13-image-asset
Hi,

We are seeking to learn from others who have implemented and use O365 Compliance Center. We are curious to know how you are using it, as we are seeking to use it. If you would be willing to share please let me know. Please contact me at Charles.piotrowski@…
Thanks,

Chuck Piotrowski


a083c-4fc13-image-asset
Hi Chuck,

Thanks for mentioning this! I’d also be very interested in anyone’s feedback & experiences implementing O365 Compliance Centre. If you can, please share your insights for us all to see here!

Cheers,

——————————
Will Wood
Records & Information Management Analyst
ARC Resources Ltd.
——————————


a083c-4fc13-image-asset

Yes please! We have started investigating the issue as well, and any insights would be welcome.
Currently we have concerns about access and group management (e.g. ability of group owners/members to invite externals/guests without any control/approval step, mixing external users in the same groups as internal users), security clearances, retention, declaring records, the number of versions (too high due to auto-save) and the automatic roll-off of versions when the limit is reached without the possibility of users to mark/lock important versions that should not be rolled off, hidden folders/stores, etc. Perhaps we do not yet understand fully how things work, but there seem to be serious gaps compared to our current policy requirements and level of compliance.

——————————
Zsuzsanna Tozser Milam
——————————


a083c-4fc13-image-asset

Office 365 – Security and Compliance Center

Ewan Macauley, IQBG, CTO
Richard Molique, IQBG, Director of Technical Operations, AIIM Fellow
www.iqbginc.com
Aug 22, 2019

The latest updates by Microsoft to the Security and Compliance module of Office365 is reminiscent of the 90’s management book “Who moved my cheese” by Spencer Johnson. Large ECRM solution providers must be looking over their shoulders wondering what is next?

The initial product offering had a few nifty compliance reports including some rules that could be enabled to protect data and search content. Microsoft, by their own admission, decided to take on the industry giants in the Enterprise Records Management space, and the last product update clearly does that and lays down the gauntlet.  Whether Microsoft can unseat the big players is yet to be seen, however, it does warrant inclusion in any solution discussion now. In the next few paragraphs, I will highlight a few of our experiences and observations derived from a recent large deployment of Office 365 Security and Compliance.

As with any product choices, there are tradeoffs. The first major decision that must be taken into account is how the record exists within the system.  With most/all current solution providers, the document has to be consciously moved or copied to the system of record, be it manually or electronically, making up a separate repository. There are a number of regulatory requirements that mandate this, and if this is a requirement, Office 365 Records and Compliance does not fit the bill.  In Office 365 the record is created within the records management universe where it will be stored and managed. Furthermore, as part of the creation process, it will form part of the augmented Office365 product set such as Teams and other collaboration products. What this means from a deployment perspective is that the implementation of an RM strategy can form part of an Office365 deployment, overcoming traditional organizational resistance, and because it’s part of the Office365 suite of products, it is seamless and has a much higher level of adoption.

It is, however, our experience that as important as the location of the record is, the adoption of any solution or system is based on a security-centric environment. Users will question; do the consumers of the technology trust that the system is going to be secure, that access to content will be managed appropriately and that roles and permissions will be appropriately maintained? The roles, rights and responsibilities within Office 365 are integrated into the Active Directory system that users trust and rely on every day. All other systems hang off of the organizational AD, and although these are well developed and reliable systems, the perception remains that they are vulnerable.

The suitability of the Office 365 RM capability to each organization’s requirements still needs to be determined on a case by case basis, matching functional requirements to the capability of the product. Larger point solutions on the market have years of product knowledge and capability build into their solutions, so feature functions are perhaps more robust than the current O365 offering. However, the rate with which Microsoft has been releasing enhancements into this space does beg the question – how much longer with this be the case?

Finally, the security and reporting aspect of Office 365 stands head and shoulders above any other provider in this space.  Not only can an organization take proactive steps to control and manage sensitive data such as PII, the reporting capability gives a unique insight into how well you are doing as an organization in this historically very sensitive space.

If you or others in the forum have any questions, please let me know.
Best Regards,
Dan

——————————
Daniel Beck
IQBG
——————————


Dan (et al at IQBG),A good summation and narrative.  I would like to add an advantage I see that I don’t believe many organizations consider deeply enough; that being the opportunity to upgrade to, and deploy, AAD (Azure Active Directory) P1 or P2 (Premium).  As an organization that deploys any capability within the O365/M365 cloud gets Azure AD basic included (whether you want it or not), the requirement to use and sustain AAD is there.  For a comparatively modest amount, especially if the organization is large enough to have a negotiated Enterprise Agreement, an organization can upgrade to P1 or P2 and get even broader and deeper security, identity, and compliance capabilities including the ability to have automated cloud app discovery, thus significantly enhancing IT’s ability to rein in “shadow IT”, along with 122 other extended capabilities including Identity Protection and Identity Governance (P2).

 

The combination of the features in Security & Compliance plus AAD P1 or P2 (along with all of the various certifications and standards MS has around the 365 and Azure clouds and data centers that power them), makes MS a singular choice that, as you said, is continually and rapidly increasing in breadth and depth.

 

Aria

Aria Business Card-0۸
Aria Business Card-۱۰


Sorry, there is a typo in my message.  That should have read “12 other extended capabilities including Identity Protection and Identity Governance (P2)” not  “122“.  Sorry for any confusion.

 

Aria

Aria Business Card-0۸
Aria Business Card-۱۰


a083c-4fc13-image-asset

Hi Chuck,

We at HELUX are certainly seeing more clients who are using or are interested in using O365 Compliance Center.  So we are helping them explore implementation options.  The above discussions certainly touch the key points.  I can send you a presentation that can provide some information and answer some questions you might have regarding records management in O365 and SPO.  I would also be happy to share what HELUX has learnt from its engagements.  If you are interested, then please contact me at amitabh@… or call me at 613.262.6569.

——————————
Amitabh Srivastav, PMP, CIP
VP, Operations & Governance
HELUX
——————————


a083c-4fc13-image-asset
Hi Dan,

Thank you for your help!

Best,
Chuck


——————————

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.