Use Supervision to monitor email, Microsoft Teams, manage risk, meet regulatory requirement and more

January 29, 2019
The original article is published on the Microsoft Tech Community Security, Privacy and Compliance Blog.

The volume and variety of today’s electronic communications are causing many organizations to struggle to meet their communications monitoring and compliance obligations and we’ve heard your concerns about the need to simplify and streamline compliance tools in the modern workplace. Today, we’re rolling out a new supervision solution to support your organization’s compliance needs and journey.

Scenarios for Supervision

Monitoring digital communications is critical to mitigating conduct, reputational, and financial risks. Organizations require a supervision system that meets both business control needs and regulatory compliance requirements. Our supervision solutions help you address the following concerns:

  • Corporate policies: employees must comply with acceptable use, ethical standards, and other corporate policies in all business-related communications. Supervision can detect policy violations and help you take corrective actions to help mitigate these types of incidents. For example, you could monitor your organization for potential human resources violations such as harassment or the use of inappropriate or offensive language in employee communications.
  • Risk management: organizations are responsible for communications distributed through corporate systems. Implementing a supervision program helps identify and manage legal exposure and other risks before they damage corporate reputation and operations. For example, you could monitor your organization for unauthorized communications for confidential projects such as upcoming acquisitions, mergers, earnings disclosures, reorganizations, or leadership team changes.
  • Regulatory compliance: most organizations must comply with some type of regulatory compliance standards as part of their normal operating procedures. These regulations often require organizations to implement some type of supervisory or oversight process for messaging that is appropriate for their industry. The Financial Industry Regulatory Authority (FINRA) Rule 3110 is a good example of a requirement for organizations to have supervisory procedures in place to monitor the activities of its employees and the types of businesses in which it engages. Another example may be a need to monitor broker-dealers in your organization to safeguard against potential money-laundering, insider trading, collusion, or bribery activities. Supervision policies can help your organization meet these requirements by providing a process to both monitor and report on corporate communications.

New in Supervision

With Supervision policies, you can monitor internal or external Exchange email,  Microsoft Teams chats and channels, or 3rd-party communication in your organization. Listed below are key new features in our integrated Supervision solution that reduce the need to export Microsoft 365 data for compliance management or review.

Intelligent policies

  • Intelligent filters (in private preview): the offensive language data model helps identify inappropriate language by leveraging machine learning and artificial intelligence to identify communication patterns over time.
  • Sensitive information types: you can now leverage either the 100 sensitive information types (financial, medical and health or privacy) such as credit card or social security number or custom data types such as your own custom dictionary/lexicon to flag content for review, or a combination of both.
  • Advanced message filters: with domain and retention labels conditions you can now include or exclude emails based on domains and include or exclude emails based on their retention labels.

Policy creation

Efficient reviews

  • Integrated review: you can now easily review, tag, comments and resolve items flagged for review within the Security & Compliance Center using your favorite browser. If needed, you can also continue to manage flagged items using Microsoft Outlook and Outlook on the web.
  • Bulk resolve: within the new built-in review feature in the Security & Compliance Center, you can easily tag, comment or resolve multiple items with just one click.

Supervision review

Defensible insights

  • Productivity reporting: Compliance officers can monitor and ensure items are being reviewed directly in the Security & Compliance Center.
  • Stay ready for audits: All review activities are now fully audited and policy tracking allows you to document the complete history of supervised employees, reviewers, and policy rules at any point in time.

These new supervision innovations, based on customer feedback and pain points with existing solutions, will help your organization more effectively manage compliance risk and the efficiently manage the ever-increasing volume of communications data. Going forward, we’ll continue to invest in intelligent policies to handle the growing volume communications data and to make compliance reviews more efficient to help save time & money.

“With Microsoft’s Supervision solution we can get a 360 view of our risk management portfolio to understand how employees in the firm are complying to policies and procedures. For example, with domain exclusions, we now create various policies to understand how our attorneys are communicating with internal and external parties.  We also set various supervision filters to capture data on engagement letter terms and SOWs to make sure employees are complying to the policies and levels of risks the partners have agreed to at the firm.“
— Chad Ergun, DGS Law's CIO

Ready to get started?

Regardless of where you are in your compliance journey, there’s plenty of compliance solutions to explore and implement in Microsoft 365. Learn more about Supervision with Supervision policies in Office 365 and start implementing supervision policies with Configure supervision policies for your organization.

You can also engage with us in our Tech Community and provide additional feedback on UserVoice.

 

Frequently Asked Questions

Q:  What licenses are required to use Supervision?

A: All users monitored by supervision policies must have either an Office 365 Enterprise E3 license with the Advanced Compliance add-on or be included in an Office 365 Enterprise E5 subscription. If you don't have an existing Enterprise E5 plan and want to try supervision, you can sign up for a trial of Office 365 Enterprise E5.

Q: When will these updates be available for my organization?

A: We have started rolling out the new Supervision updates to Office 365 today and most customers should have access to the new features over the next several weeks.

Q: How can I join the Offensive Language private preview? 

A: Please email us at: supervisionolpreview@service.microsoft.com with a description of the use case you are trying to address and your tenant information (tenant ID or domain).We’ll review submissions and let you know if your tenant has been accepted in the program.

—Christophe Fiessinger, principal program manager Microsoft 365 Security & Compliance

Discuss this article in the Microsoft Technical Community.