How can companies address Office 365 compliance gaps?

Office 365 compliance problems vary, according to the nature of the Microsoft services that companies use. Shawn Shell explains.

The gaps manifest themselves differently based on the product, so there is probably not one sweeping piece of advice. Office 365 compliance is tricky because it's not just one product. Sway is a brand-new way of telling a story. It's the new PowerPoint for the 21st century. It does have a different modality to telling a story, presenting information, but it also has few controls that allow you to control that information and probably not a great deal of control around compliance. So, for example, how do I archive a Sway story or presentation? And it's that gap that I think is the most severe. There are three issues in terms of archiving and technology:

  1. Pay attention to which products your employees are using.
  2. Carefully control how those products are introduced to your employee population.
  3. Ensure that a product has a minimum level of compliance capability built in.

Health Insurance Portability and Accountability Act compliance is something Microsoft does well, but it's an example of a very industry-specific set of regulations that may or may not have implications for what tools within the Office 365 suite your employees can use. Another good example is the question, "Do I use Office or OneDrive on-premises or in the cloud?" The default is in the cloud, but for various reasons, that may violate regulatory or company policy, and you may need to deploy OneDrive on-premises. Now that's not something that speaks to a gap in Office 365 more than it says, "Let's look at the tools and identify what we need to accomplish and what rules we need to adhere to and then choose the right implementation." 

Next Steps

Security tools to help ensure Office 365 compliance

Finding the balance between Office 365 and SharePoint

Understanding the Office 365 security features

Dig Deeper on Enterprise SharePoint strategy