Detect channel signals with communication compliance

Important

Microsoft Purview Communication Compliance provides the tools to help organizations detect regulatory compliance (for example, SEC or FINRA) and business conduct violations such as sensitive or confidential information, harassing or threatening language, and sharing of adult content. Built with privacy by design, usernames are pseudonymized by default, role-based access controls are built in, investigators are opted in by an admin, and audit logs are in place to help ensure user-level privacy.

With communication compliance policies, you can choose to analyze messages in one or more of the following communication platforms as a group or as standalone sources. Original messages captured across these platforms are retained in the original platform location in accordance with your organization's retention and hold policies. Copies of messages used by communication compliance policies for analysis and investigation are retained for as long as a policy is in place, even if users leave your organization and their mailboxes are deleted. When a communication policy is deleted, copies of messages associated with the policy are also deleted.

Tip

Get started with Microsoft Security Copilot to explore new ways to work smarter and faster using the power of AI. Learn more about Microsoft Security Copilot in Microsoft Purview.

Generative AI

Communication compliance provides support for numerous generative AI applications. You can use communication compliance policies to analyze interactions (prompts and responses) entered into these applications and help detect inappropriate or risky interactions or sharing of confidential information. Communication compliance supports the following generative AI applications:

Use the following links to learn more about creating a communication compliance policy that detects for Microsoft 365 Copilot and Microsoft Copilot interactions and other Microsoft Purview data security and compliance protections for Microsoft 365 Copilot and Microsoft Copilot:

Microsoft Teams

You can analyze chats in public and private Microsoft Teams channels and individual communications. When users are assigned to a communication compliance policy with Microsoft Teams coverage selected, chat communications are automatically detected across all Microsoft Teams where users are a member.

Watch the video below to learn how to detect communication risks in Microsoft Teams with communication compliance:

Microsoft Purview Communication Compliance automatically includes Microsoft Teams coverage for predefined policy templates and is selected as the default in the custom policy template. Teams transcripts are also included. Teams chats matching communication compliance policy conditions may take up to 48 hours to process.

For Teams private chat and private channels, communication compliance policies support modern attachment analysis. Shared Channels support in Teams is handled automatically and doesn't require additional communication compliance configuration changes. The following table summarizes communication compliance behavior when sharing Teams channels with groups and users:

Scenario Communication compliance behavior
Share a channel with an internal team Communication compliance policies apply to in-scope users and all messages in the shared channel
Share a channel with an external team Communication compliance policies apply to internal in-scope users and messages in the shared channel for the internal organization

Modern attachments are files sourced from OneDrive or SharePoint sites that are included in Teams messages. Text is automatically extracted from these attachments for automated processing and potential matches with active communication compliance policy conditions and classifiers. There isn't any additional configuration necessary for modern attachment detection and processing. Text is only extracted for attachments matching policy conditions at the time the message is sent. Text isn't extracted for attachments for messages with policy matches, even if the attachment also has a policy match.

Modern attachment analysis is supported for the following file types:

  • Microsoft Word (.docx)
  • Microsoft Excel (.xlsx)
  • Microsoft PowerPoint (.pptx)
  • Text (.txt)
  • Portable Document Format (.pdf)

Extracted text for modern attachments is included with the associated message on the Pending tab of the policy's dashboard. The extracted text for an attachment is named as the attachment file name (and format extension) and the .txt extension. For example, the extracted text for an attachment named ContosoBusinessPlan.docx would appear as ContosoBusinessPlan.docx.txt in the Pending tab of the policy's dashboard.

Select the extracted attachment text to view the details in the Source and Plain text views. After reviewing, you can resolve or take action on the attachment text using the command bar controls. You can also download the attachment for review outside of the communication compliance review process.

Use the following group management configurations to bring individual user chats and channel communications in Teams in scope:

  • For Teams chats: Assign individual users or assign a distribution group to the communication compliance policy. This setting is for one-to-one or one-to-many user/chat relationships.

  • For Teams channel communications: If any member of the channel is a scoped user within a policy and the Inbound direction is configured as the Communication direction for the policy, all messages sent within the channel are subject to review by communication compliance, even for users in the channel that aren't explicitly scoped.

    For example, consider the following set of circumstances:

    • User A is scoped in a communication compliance policy.
    • User A is a member of a Teams channel.
    • Inbound is selected as the direction for the policy.
    • User B and User C aren't scoped in a communication compliance policy.
    • User B and User C are members of the same Teams channel as User A.
    • User B and User C are posting in the channel, but aren't communicating directly with User A.

    In this scenario, a message from User B or User C could be flagged as a policy match even if they don't communicate directly with user A. This is because User A is technically receiving the message from User B and User C since they're part of the same channel. In this case, if you want to exclude User B and User C from potentially being flagged for policy matches, select a different communication direction in the applicable communication compliance policy.

    On the other hand, if User B and User C have a conversation on another channel or in a chat that doesn't include User A, the conversation wouldn't be reviewed by the policy even if the conversation would otherwise provide a policy match since User A, the scoped user, isn't included in the conversation.

  • For Teams chats with hybrid email environments: Communication compliance can detect chat messages for organizations with an Exchange on-premises deployment or an external email provider that has enabled Microsoft Teams. You must create a distribution group for the users with on-premises or external mailboxes. When creating a communication compliance policy, assign this distribution group using Choose users and groups in the policy wizard. For more information about the requirements and limitations for enabling cloud-based storage and Teams support for on-premises users, see Search for and export Teams chat data for on-premises users.

Tip

For a more flexible configuration and to reduce administrative overhead, consider using an adaptive scope instead of a distribution group.

Exchange

Mailboxes hosted on Microsoft Exchange Online as part of your Microsoft 365 or Office 365 subscription are all eligible for message analysis. Exchange email messages and attachments matching communication compliance policy conditions may take approximately 24 hours to process. Supported attachment types for communication compliance are the same as the file types supported for Exchange mail flow rule content inspections.

Viva Engage

Private messages and public conversations and associated attachments in Microsoft Viva Engage communities can also be analyzed. When users are added to a communication compliance policy that includes Viva Engage as a defined channel, communications across all Viva Engage communities that a user is a member of are included in the analysis. Viva Engage chats without attachments that match communication compliance policy conditions can take up to one hour to process. Viva Engage chats with attachments can take up to 24 hours to process.

Viva Engage must be configured in Native Mode for communication compliance policies to detect Viva Engage communications and attachments. In Native Mode, all Viva Engage users are in Microsoft Entra ID, all groups are Office 365 Groups, and all files are stored in SharePoint Online.

Third-party sources

You can analyze communications for data imported into all mailboxes in your Microsoft 365 organization from third-party sources like Instant Bloomberg, Slack, Zoom, SMS, and many others. For a full list of connectors supported in communication compliance, see Learn about connectors for third-party data.

You must configure a third-party connector for your Microsoft 365 organization before you can assign the connector to a communication compliance policy. The Third-Party Sources section of the communication compliance policy wizard only displays currently configured third-party connectors.

Note

Content from all third-party channels (such as WhatsApp or Instant Bloomberg) take from 24 to 48 hours to be detected by communication compliance, depending on how frequently the data is imported from those third-party channels.

Channel limits

Channel Current limit
All channels Maximum of 25 attachments per policy match
Teams public channels Maximum of 250 users for public channel messages for static scopes with users
Teams public channels No support or coverage for public channel messages for adaptive scopes with users