News

Privacy Management for Microsoft 365 Hits 'General Availability'

Microsoft's Privacy Management for Microsoft 365 hit the "general availability" milestone on Tuesday, according to the company.     

Organizations that have attempted to comply with privacy regulatory requirements have often done so via manual processes. Privacy Management for Microsoft 365 is Microsoft's solution to simplify and automate many of those processes.

Most organizations are using manual processes to track data with privacy implications, according to a 2020 study by IAPP-FTI Consulting, as cited by Microsoft. That study indicated that "53% of the companies handle subject requests manually, 42% have a partially automated process, and only 2% have automated their response," Microsoft explained, in this Microsoft Tech Community post.

Microsoft's privacy solution works across "Exchange Online, SharePoint, OneDrive for Business and Microsoft Teams" services, according to its "Plans" description. Organizations will need top-tier E5-type licensing to use it, according to a Microsoft 365 security and compliance licensing document.

Automated Discovery
Privacy Management for Microsoft 365 uses artificial intelligence to assess privacy risks. It also has an automated discovery process whereby sensitive data get located, per the Microsoft Tech Community post:

Privacy Management automatically and continuously discovers personal data in customers' Microsoft 365 environments by leveraging data classification and user mapping intelligence. Organizations can see an aggregated view of their privacy posture, including the volume, category, location, and movement of personal data in their Microsoft 365 environments. Additionally, they get visibility into the current status and trends of the associated privacy risks arising from personal data being overshared, transferred, or unused.

The discovery process apparently extends to data in older systems that touch Microsoft 365 services. For instance, Microsoft's case study is Swiss pharmaceutical company Novartis, which has 20-year-old systems to maintain with potentially sensitive data. Novartis adopted Privacy Management for Microsoft 365 to that end.

Privacy Management for Microsoft 365 adds three capabilities for organizations overseeing privacy issues. First, it identifies risks and where personal data is stored. Microsoft's example is the communication of credit card numbers, which the system will block in some cases. Second, it lets organizations automate their responses to "subject rights requests," which is the European Union's term in the General Data Protection Regulation for outside parties requesting personal information stored by an organization. Lastly, Microsoft suggested that Privacy Management for Microsoft 365 helps educate employees on handling privacy-sensitive information.

Partner Support
The second element of Privacy Management for Microsoft 365 -- automating responses to subject rights requests -- can include Microsoft partner support for the data that's stored outside of Microsoft 365. Here's how the announcement expressed that point:

We're also excited today to partner with leading privacy software companies -- OneTrust, Securiti.ai, and WireWheel -- to extend subject rights management capabilities to personal data stored outside of the Microsoft 365 environment, enabling customers to have a unified and streamlined response to subject requests.

The partner support is utilizing an application programming interface (API) for Microsoft's Privacy Management solution, which has reached the general availability stage, per this Microsoft API announcement. The Microsoft Privacy Management solution API lets organizations use their own customizations, too. It includes built-in Power Automate workflows as well.

Two included Power Automate workflows were described in the API announcement, namely:

  • Integrate subject rights requests with in-house or partner-built privacy solution
  • Automate Privacy workflows and create calendar reminders, search files with specific tags, and track subject requests in ServiceNow

Availability
Privacy Management for Microsoft 365 is currently offered as an "add-on to a Microsoft 365 or Office 365 subscription" at the E5 level.

There's a "free 90-day trial." Microsoft also produced a video demo showing how Privacy Management for Microsoft 365 works.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

  • The 2022 Microsoft Product Roadmap

    Microsoft has a lot in the docket for 2022, including new products like SQL Server 2022, Exchange Subscription Edition and Visual Studio 2022 for Mac.

  • Microsoft Releases Entra Verified ID Service

    Microsoft announced on Monday the "general availability" of Microsoft Entra Verified ID, a new service that promises a more deliberate way for individuals and organizations to share identity information.

  • 2022 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.

  • Microsoft Muddies Water with Microsoft 365 Services and Office Connection

    Microsoft has gone out of its way to making the Office 2016 and Office 2019 connections to Microsoft 365 services unclear and confusing.