Skip to Content
ComplianceRisk ManagementCommunication Compliance

Communication Compliance

Monitor organizational communications for policy violations, regulatory compliance, and code of conduct adherence. Detect inappropriate content, sensitive information sharing, and potential harassment across email, Teams, and other communication channels.

Note: Communication Compliance requires Microsoft 365 E5, Microsoft 365 E5 Compliance, or Microsoft 365 E5 Insider Risk Management add-on.

Dashboard Overview

MetricDescription
Active PoliciesNumber of communication compliance policies enabled
Pending ReviewItems flagged and awaiting reviewer action
Policy MatchesCommunications that matched policy conditions
Resolved RatePercentage of flagged items that have been resolved

Policy Templates

Inappropriate Content

Detect profanity, threats, harassment, and discriminatory language. Uses machine learning classifiers trained on workplace communications. Category: HR/Legal

Sensitive Information

Detect sharing of sensitive data like SSN, credit cards, health records. Uses sensitive information types from Microsoft Purview. Category: Data Protection

Regulatory Compliance

Monitor for regulatory violations in financial services, healthcare, or other regulated industries. SEC, FINRA, HIPAA monitoring. Category: Compliance

Conflict of Interest

Detect communications suggesting conflicts of interest or inappropriate business relationships. Category: Ethics

Communication Channels

Exchange Email

  • Sent and received emails
  • Attachments (text extracted)
  • Calendar invites

Microsoft Teams

  • Channel messages
  • Private chats
  • Meeting chats

Yammer

  • Community posts
  • Comments
  • Private messages

Third-Party Sources

  • Bloomberg
  • Reuters
  • Custom connectors

Skype for Business

  • IM conversations
  • Archived content

Creating a Policy

1. Policy Settings

  • Name and description — Identify the policy purpose
  • Supervised users — Who to monitor (users or groups)
  • Reviewers — Who reviews flagged content
  • Direction — Inbound, outbound, or internal

2. Conditions

  • Communication channels — Which channels to monitor
  • Conditions — Keywords, patterns, or classifiers to detect
  • Exceptions — Content or users to exclude
  • Review percentage — Random sample size (1-100%)

3. Detection Methods

Trainable Classifiers: Threat, Profanity, Targeted harassment, Discrimination

Sensitive Info Types: Credit card numbers, Social Security numbers, Bank account numbers, Health records (PHI)

Keyword Dictionaries: Custom word lists, Industry-specific terms, Code words

Regular Expressions: Pattern matching, Custom formats, Complex conditions

Review Workflow

  1. Policy Match — Communication matches policy conditions. Item added to review queue.
  2. Reviewer Investigation — Designated reviewer examines flagged content in context. Can view conversation thread and user history.
  3. Remediation Action — Take action: resolve, escalate, notify user, create case, or tag false positive.
  4. Documentation — Record resolution and any follow-up actions for audit trail.

Remediation Actions

  • Resolve — Mark as reviewed and closed. No further action needed.
  • Tag as False Positive — Mark as incorrectly flagged. Helps improve classifier accuracy.
  • Notify User — Send notification to user about policy violation using customizable templates.
  • Escalate — Send to another reviewer or management for decision.
  • Create Case — Open an eDiscovery case for formal investigation.
  • Remove Content — Delete the offending message from Teams or Yammer.

Reports and Analytics

  • Policy Match Trends — Track volume of matches over time. Identify patterns and emerging issues.
  • Reviewer Performance — Average review time, resolution rates, escalation frequency.
  • User Statistics — Users with most policy matches. Identify repeat offenders or users needing training.
  • False Positive Rate — Track accuracy of detection. High rates indicate policy needs tuning.

Best Practices

  • Start with templates — Use Microsoft’s pre-built templates as a starting point and customize
  • Use random sampling initially — Start with 10-25% sample rate to understand baseline before full monitoring
  • Train reviewers — Ensure reviewers understand policy intent and escalation procedures
  • Communicate to employees — Inform users that communications are monitored per company policy

API Reference

  • GET /api/compliance/communication-compliance/policies — List all policies
  • GET /api/compliance/communication-compliance/alerts — Get pending review items
  • PUT /api/compliance/communication-compliance/alerts/:id — Update alert status
  • GET /api/compliance/communication-compliance/reports — Get compliance reports
  • POST /api/compliance/communication-compliance/policies — Create new policy
Last updated on
Retention PoliciesInsider Risk Management