Supervision policies in Microsoft 365 allow you to supervise certain employee communications and make them available for review by auditors. Specific policies can be defined that “capture” internal and external e-mails, communications in Microsoft Team, or third-party communications. Reviewers can then review the messages to make sure they conform to corporate standards.
These policies can help overcome many security and compliance challenges, including:
- Monitor the growing types of communication channels
- The increasing volume of data in messages
- Application of current regulations to avoid the risk of fines
In some companies, there may be a division of labor between IT support and the compliance management team. Microsoft 365 supports separation between the supervision policy configuration and the policy setting for intercepted communications. For example, the IT group for a company may be responsible for configuring permissions and groups for roles that support the supervisory policies, which will instead be configured and managed by the compliance team.
Scenarios for Supervision Policies
Employees must comply with acceptable conduct and meet corporate ethical standards in all their communications. Supervisory policies can detect violations and help auditors to take corrective actions to mitigate this type of inconvenience. For example, potential violations such as harassment or the use of inappropriate or offensive language in employee communications can be intercepted.
The Companies responsible for all communications distributed across their infrastructure and network systems. The use of supervisory policies to identify and manage the risk of potential legal exposure can help minimize and stem these risks before they can harm the company itself. For example, you can monitor your company for unauthorized communications regarding confidential projects such as upcoming acquisitions, mergers, disclosure of profits, etc.
Most companies must comply with certain compliance standards as part of normal operating procedures. These regulations, such as the GDPR , often require you to implement an appropriate control process for your sector. Supervision policies can help companies meet these requirements by providing a process for monitoring and reporting any nonconformities in corporate communications.
The Components Involved
Supervision policies created in the Compliance Center. These policies define which communications and which users will be supervised. Define any personalized conditions that will have to be met in corporate communications, and also specify who will perform the review. Users included in the Supervisory Review role can set policies and anyone with this assigned role can access the Supervision page in the Compliance Center.
Before you start, you need to determine who will need your communications to be supervised. In the policy, the user email addresses identify the individuals or groups of people that need to be supervised. Examples of these groups as Office 365 groups, Exchange Online-based distribution lists, and Microsoft Teams channels. It is also possible to exclude certain users or groups from supervision.
NOTE: Users monitored by supervisory policies must have a Microsoft 365 E5 compliance license , an Office 365 Enterprise E3 license with the Advanced Compliance add-on, or subscribe to an E5 subscription for Office 365 .
When creating a supervision policy, you need to determine who will perform the revisions of the supervised users’ messages. In the policy, the user’s email addresses identify individuals or groups of people who will be responsible for reviewing supervised communications. All reviewers must have mailboxes hosted on Exchange Online.
Sarah Johnson is a Microsoft Office Setup expert and I am working in the technology industry for the last 5 years. As a technical expert, I wrote technical blogs, white papers, and reviews for many websites such as www.office.com/setup