Compliance Policies allow administrators to standardise sharing activities on their organisation's sites while also monitoring and ensuring that the compliance requirements are being met. When a violation of an assigned compliance policy is detected by 365 Permission Manager, the violation will either be auto-remediated or optionally submitted to admins and site owners for audit.
To add a Policy on 365 Permission Manager, follow the steps below:
- From the CP, launch 365 Permission Manager
- Browse to the [Compliance Policies] tab and select [Add Policy]
- Compliance Policies can be created by using a template with predefined settings, copying an existing policy, or building one from scratch. In this example, a new policy will be made from scratch:
- [Settings for Sites]
All Site Settings are enforced and automatically remediated if there is a discrepancy between the Policy and Site settings.
Set the maximum external sharing level allowed: This setting limits content sharing to the chosen level or at a more restrictive level
By default, a new sharing link is set to: This setting defines the default link type and permission level applied when an item is shared via a link
Auto-remediate Guest access to this site after: This setting sets an automatic expiration of guest access to a site
Auto-remediate Anyone links after: This setting forces "Anyone Links" to expire after the set number of days
Same as Organization-Level Setting: For certain settings, admins can choose to define a specific value within the policy or inherit the values configured at organization level. When this option is selected, the setting will follow the current organization wide configuration. - [Microsoft Teams Sharing Policy Definition]
When files are shared in Teams Private Chats, a copy is uploaded to the sender's OneDrive and a sharing link is automatically created. Teams sharing is split between Internal and External, depending on the access level granted by the link. Such links are removed after a period of inactivity set in the policy. Optionally, administrators can also enable automatic deletion of the file after the same period of inactivity by enabling the toggle switch.
In this setting, different parameters for Internal & External sharing can be set. - [Sharing Policy Definition]
In this section, you can configure the sharing activity criteria that the policy will track. The first three options determine how violations are audited when policy conditions are not met.
Enable daily email notifications for users and site-owners: This setting enables emails to be sent to the users and site-owners when new violations are found on their sites.
Set a grace period for users and site-owners to remediate: This setting defines the audit window during which site owners can address or approve violations before the site is marked as non-compliant, or remediated automatically
Re-audit the approvals after: When enabled, any approved violations will need to be re-confirmed after the set period
Additionally, the administrator can set different parameters for Internal & External sharing. Moreover, the administrator can choose whether to monitor for the specific sharing activity and whether auto-remediation is desired.
OFF (Toggle Disabled): Does not raise violations for such permissions
Monitor Only: The product will check for the set criteria and raise violations accordingly. If no action is taken during the 'Grace Period' by the admin or site-owner, the site becomes non-compliant
Monitor & Auto-Remediate: The product will check for set criteria and raise violations accordingly. If no action is taken during the 'Grace Period' by the admin or site-owner, the permission will be auto-remediated. - [Trusted External Sharing]
Any domains added here will be treated as internal for this policy in 365 Permission Manager
To assign the newly created policy, follow the steps below:
- From the [Compliance Policies] tab, select [Assign Policy]
- Select one or more sites > [Assign Policy]
- Once assigned, the policy will show how many sites it has been assigned to