This is a continuation of a series of articles on Azure services from an operational engineering perspective with the most recent introduction to Microsoft Intune with the link here. The previous article mentioned Microsoft 365 capabilities. This article discusses data privacy with Microsoft 365.  

Microsoft 365 for enterprise is a complete, intelligent solution that empowers everyone to be creative and work together securely. It is designed for large organizations, but it can also be used for medium-sized and small businesses that need the most advanced security and productivity capabilities.   

Microsoft 365 scenarios include productivity, collaboration, education, people, and workplace intelligence. It includes services that manage user and device identity, access, compliance, security and helps protect organizations from data leakage or loss.   

An organization maybe subject to regional data privacy regulations that requires protection, management, and provisioning rights and controls over personal information stored in the IT Infrastructure. One of the examples of the data privacy regulation is the General Data Protection Regulation. Failure to comply with this data privacy regulation can result in substantial fines.

Examples of the types of data in the Microsoft 365 include chat sessions in Microsoft Teams, emails in Exchange, and files in SharePoint and OneDrive. The steps to assess risks and to take appropriate actions to protect the data in Microsoft 365 is now discussed in this section. The Microsoft 365 identity, device and threat protection controls for the data privacy needs also provide additional information.

The data privacy capabilities are brought together by several features including the compliance manager which helps to manage regulatory compliance activities, an overall score of the current compliance configuration, and find recommendations for improvement. It is a workflow-based risk assessment tool.

The Microsoft 365 defender for Office 365 helps to protect Microsoft 365 apps and data such as email messages, office documents and collaboration tools from attack.

The sensitivity labels help to classify and protect the organization’s data without hindering the productivity of users and their ability to collaborate.

The data loss and protection capabilities help to detect, warn and block risky, inadvertent or inappropriate sharing of data containing personal information, both internally and externally.

The data retention labels and policies help to implement governance controls and data retention.

The email encryption capability helps to protect personal data by sending and receiving encrypted email messages.

These capabilities help put safeguards in place but continuous monitoring, investigation and response to security incidents will be required, nevertheless.

Microsoft 365 is an identity-based cloud. When the identities are isolated, it becomes a sovereign cloud. The standard Microsoft 365 cloud is used by Enterprise, Academia and even home Office 365 tenants. It has the most features and tools, global availability, and lowest prices. Since it’s the default choice between the clouds, everyone qualifies. The sovereign 365 clouds for geared for advanced data protection both by virtue of isolated identities as well as better controls.