Q & A: Office 365 Compliance in Healthcare, Finance, and Other Highly Regulated Industries

Post Date: 04/26/2018
feature image

We at AvePoint recently conducted a webinar all about Office 365 compliance in industries where compliance isn’t just a good idea; it’s the law. Our webinar had a great turnout and folks were able to hear all about how to make sure their Office 365 ecosystems are up to snuff as far as regulatory compliance is concerned, courtesy of Microsoft’s Michael Gannotti and our Esad Ismailov.

We decided to turn the question and answer portion of our webinar into a short blog post just in case you had some questions along similar lines. So sit back, enjoy the read and we hope you learn something!

Be sure to sign up for our FREE! on demand webinar, “Office 365 Compliance for Healthcare, Financial & Other Tightly Regulated Industries” 

Q: Is there product support for GDPR capabilities around Skype for Business and Teams?

A: (Esad I. – AvePoint) Yep! We have support for Skype for Business and Teams is something that will be coming up very soon. Skype for Business is also part of our Compliance Guardian solution. It can help organizations to do data discovery and can also implement security controls based on the result of the scan.

Q: What solutions does Security & Compliance cover (e.g. Alerts). Exchange, SharePoint, Teams, Yammer, Planner, etc.?

A (Mike G. – Microsoft): We provide all those. We also have different areas where you can learn those about specific applications. We do provide for all those different areas. For more information, check out Microsoft’s plan for security and compliance in Office 365 here.

Q: How critical is data mapping to my organization’s compliance?

A (Esad I. – AvePoint): Privacy and security by design and by default is the goal. So, starting from even a project that’s about to be unrolled or an asset that needs to purchased in your organization, start a data mapping and impact assessment. Ask how it will change how you do your business.

Q: What about encryption? 

A (Mike G. – Microsoft): Microsoft absolutely allows you to encrypt your data using things like Azure Information Protection, not just encryption at rest but file level, 256-bit security and encryption that travels with your content once encrypted no matter where it resides. So if somebody did take things outside of your organization, they would have to authenticate to the Azure Information Protection services, and we log that for you. We provide reporting on that. We can show you where/unauthorized attempts, etc.

Q: What kind of administrative access capabilities does Microsoft provide?

A (Mike G. – Microsoft): We give you some administrative access rolls out of the box, but you may want to create custom ones where you can restrict what certain people are able to do in the admin center by providing the appropriate level of access. So, here we can click ‘create,’ and then choose those areas in a la carte fashion.

We hope you found this Q & A to be helpful! For the full breakdown on all things Office 365 security and compliance in highly regulated industries, be sure to check out the full version of the webinar!

Subscribe to our blog