Old Security and Compliance Center Split in Two
Office 365 Notification MC202599 posted on January 30 tells tenants that the Microsoft 365 compliance center and Microsoft 365 security center portals are being rolled out in February 2020 with worldwide completion by early March. These portals were originally announced in April 2018 and have been significantly upgraded since (see this post for a discussion of some shortcomings that existed in the preview versions about a year ago). Tenants with Microsoft 365 subscriptions already have access.
The new portals will replace the Office 365 Security and Compliance Center (SCC) introduced in 2016. Microsoft is dividing the functionality found in the SCC across two portals to better reflect the work done in each. It’s a reasonable thing to do considering:
- The number of new features added in the security and compliance areas since 2016 (like sensitivity labels) and the expansion of functionality to handle extra workloads. The SCC was becoming a catch-call for anything remotely connected to security, compliance, or data governance.
- Although administrators might do everything in small tenants, in larger enterprises a division of work often exists and those who handle compliance issues tend not to be the same people who deal with tenant security.
- Many enterprises have upgraded their subscriptions from Office 365 to Microsoft 365. The new portals deliver a common interface for security and compliance work across all areas of Microsoft 365. At least, that’s the vision.
Not Quite Ready for a Total Switchover
The SCC will remain available at https://protection.office.com/homepage for some time to come because not all of the functionality available in it has been transferred to the new portals. It takes time to untangle everything and move code to the new locations, which is why the Microsoft 365 compliance center has a link to the SCC. At this point, the compliance center seems more complete and useful than the security center.
I don’t really have strong feelings about the change. To me, it’s more important that features work all the time, something that could never be said of the SCC in the past. While acknowledging the difficulty of slip-streaming functionality into a portal at a hectic rate, the sad lack of attention to detail was distressing at times. Recently, the SCC seems to have settled down, perhaps because the developers left it alone while they concentrated on the new portals.
Let’s hope that the quality of the new portals is better than the SCC and that Microsoft focuses effort into making sure that all the basic functionality works robustly instead of new and glitzy features like the compliance score. I consider it strange that 75% of a possible maximum score is gained by Microsoft managing controls as a cloud provider (Figure 2).
It’s also annoying that many of the rating used to increase the score could be automatically calculated and are not. For example, the improvement actions include advice such as “implement spam filter” (isn’t that what Exchange Online Protection is doing?) and “implement ATP safe links” (ditto) and “black legacy authentication (has Microsoft looked at the settings active in the tenant?). Oh well, things will improve over time. Won’t they?
The advent of the Microsoft 365 Security and Compliance portals brings joy to the hearts of book authors. We have to refresh all our content to make sure that we refer to the right option in the right portal when we describe functionality. Expect the switchover to happen in the Office 365 for IT Pros eBook over the next few monthly updates.