Read time 4 minutes

Summary: Microsoft Office 365 offers a comprehensive Compliance Center to help organizations meet security and regulatory requirements. Key functions include eDiscovery, data governance, threat management, user permissions, auditing, and alerts. These features enhance data security and compliance in Office 365.

Microsoft Office 365 has gained popularity among organizations for its mobility and collaboration features. In the context of cloud-hosted environments, security is a paramount concern. Office 365 addresses these concerns by providing built-in capabilities and controls to assist businesses in achieving security compliance.

Microsoft consistently enhances Office 365 with new features to meet diverse compliance requirements of organizations. The Security & Compliance Center within Office 365 empowers users to efficiently manage a range of compliance-related tasks.

Office 365 Compliance Center

Microsoft has seamlessly integrated numerous compliance features into the Office 365 Compliance Center, serving as a central hub for ensuring compliance across Office 365, Exchange Online, and SharePoint Online. This platform enables users to address legal, regulatory, and technical compliance needs effectively. Here are key tasks that can be performed within the Compliance Center.


The eDiscovery feature, as outlined in the Microsoft eDiscovery documentation, serves as a powerful tool for searching, identifying, locating, and retrieving records relevant to legal matters. It extends its capabilities to extracting content from SharePoint sites, Exchange mailboxes, and OneDrive locations. This feature excels in analyzing extensive and unstructured data, enabling precise identification of information pertinent to specific legal cases. Notably, the eDiscovery tool can search for specific items such as:
eDiscovery tool

  • Exchange online mailboxes and public folders
  • Skype for business conversations
  • Office 365 Groups
  • SharePoint Online and OneDrive for Business sites
  • Microsoft Teams
Data Governance

The Data governance center allows users to import email from external platforms, create archive mailboxes, and establish new policies to retain email and other content. The various features of Data governance are as follows:
Data Governance

  • Import – The import service allows users to import PST files to Exchange mailboxes.
  • Data Retention – The data retention feature in Office 365 enables you to manage your email lifecycle by retaining the content that is necessary and delete the content which is no longer required.
  • Archiving – The archiving feature automatically moves Exchange online emails to archive mailboxes.
  • Supervision – It makes sure that your emails and third-party communications are compliant with your business policies.
Threat Management

The Threat management component within Office 365 Compliance plays a vital role in safeguarding your business data against data loss, malicious software, and spam. It actively protects your domain’s reputation by detecting and mitigating undesirable activities originating from accounts within your domain. Some distinctive features and capabilities offered by Threat management include:
Threat Management

  • Device Management – Helps in managing and securing mobile devices that are connected to Office 365. You can set device security policies and access rules and wipe data from mobile devices if they’re lost.
  • Anti-spoofing – It protects your domain’s reputation by eliminating unwanted activities from it.
  • Encryption – Secures your data using effective encryption policies and settings.
  • Anti-malware & anti-spam – Protect your Office 365 mailboxes from viruses and spyware by creating anti-malware policies.
Set User Permissions

The Permissions page in Office 365 Compliance is dedicated to assigning precise permissions that dictate compliance-related responsibilities. Access to content and task execution is contingent on the permissions granted. Additionally, users must be members of designated Security and Compliance Center role groups, which include Compliance Administrator, eDiscovery Manager, Organization Management, Records Management, Reviewer, Security Administrator, Security Reader, Service Assurance User, and Supervisory Review.

Office 365 Auditing

Office 365’s auditing capability diligently records and reports activities spanning various applications within the Office 365 ecosystem, including SharePoint, Exchange, Azure Activity Directory, and OneDrive. This auditing function significantly bolsters transparency, facilitating in-depth investigations into activities, risk identification, intellectual property protection, and threat response. Using Office 365 Auditing, you can track a wide range of actions, such as:
Office 365 Auditing

  • User activities in SharePoint Online, Exchange Online, and Azure Active Directory
  • User activities in Sway, Power BI, Microsoft Teams, Yammer, and OneDrive for Business

With alerts, you can create and view alerts for specific activities in Office 365. To know more about how alert policies work and how signals are triggered when users activities match the conditions of an alert policy, you can check the below image or visit Microsoft’ Office 365 Alert Policies.


If your organization must adhere to compliance regulations, it’s essential to familiarize yourself with Office 365’s compliance features and understand how they can be advantageous to your operations. For a detailed guide of Office 365 Compliance, you can visit their official website.