How Communication Compliance Policies Scan Teams Messages from Hybrid Users

Posted on by Tony Redmond

Communication Compliances Policies Depend on Compliance Records Captured by Microsoft 365 Substrate

In a change so good that it deserved two identical Office 365 notifications (MC218305 and MC218304). Microsoft revealed on July 11 that communications compliance policies now support hybrid deployments by monitoring Teams chat and channel messages sent by users with on-premises Exchange mailboxes.

Communication compliance policies replaced supervision policies in April 2020 as part of Microsoft’s Insider Risk solution. Background processes monitor user communications in email, Teams, and Skype for Business Online to detect potential violations of regulatory, legal, or business policies. To check Teams messages, the processes use the compliance records captured in user and group mailboxes.

Communications compliance policies required Office 365 E5 or Microsoft 365 E5 compliance licenses.

Cloud-Only Mailboxes or Shards

In hybrid deployments, the Microsoft 365 substrate creates special cloud-only mailboxes for users with on-premises mailboxes. These mailboxes, or “shards,” cannot be accessed by users or any administrative tools available to tenants. The substrate creates compliance records in the cloud-only mailboxes to capture details of messages sent by hybrid users.

Content from the mailboxes used for hybrid users are indexed and are discoverable by Office 365 content searches, but only if you ask Microsoft to enable “app content” searches. When this is done, an extra option appears in content search settings (Figure 1).

Depends on Compliance Records Captured by Microsoft 365 Substrate In a change so good that it deserved two identical Office 365 notifications (MC218305 and MC218304). Microsoft revealed on July 11 that communications compliance policies now support hybrid deployments by monitoring Teams chat and channel messages sent by users with on-premises Exchange mailboxes. Communication compliance policies replaced supervision policies in April 2020 as part of Microsoft’s Insider Risk solution. Background processes monitor user communications in email, Teams, and Skype for Business Online to detect potential violations of regulatory, legal, or business policies. To check Teams messages, the processes use the compliance records captured in user and group mailboxes. Communications compliance policies required Office 365 E5 or Microsoft 365 E5 compliance licenses. Cloud-Only Mailboxes or Shards In hybrid deployments, the Microsoft 365 substrate creates special cloud-only mailboxes for users with on-premises mailboxes. These mailboxes, or “shards,” cannot be accessed by users or any administrative tools available to tenants. The substrate creates compliance records in the cloud-only mailboxes to capture details of messages sent by hybrid users. Content from the mailboxes used for hybrid users are indexed and are discoverable by Office 365 content searches, but only if you ask Microsoft to enable “app content” searches. When this is done, an extra option appears in content search settings (Figure 1).
Figure 1: The option to include mailboxes for hybrid users in a content search

It’s also possible to create a content search which includes hybrid mailboxes by setting the AllowNotFoundExchangeLocationsEnabled parameter to $True for the New-ComplianceSearch cmdlet.

Why Few Extra Violations Might Be Detected

The change made to communications compliance policies extend their reach to process the messages held in the cloud-only mailboxes. As reported by the Exchange engineering group at Ignite 2019, hybrid deployments often move most of their mailboxes to Exchange Online to take advantage of the functionality available there. The mailboxes which remain on-premises are there for a specific reason which stops them being moved to Exchange Online.

The update might not detect many more violations because it’s likely that a copy of offending messages are already available in a tenant user’s mailbox or group mailbox. However, it increases the coverage by communications compliance policies by scanning conversations from the scenario when all the participants in personal or group chats are hybrid users.

Understanding the detail behind how compliance policies work inside Office 365 is key to constructing a solid data governance framework for a tenant. Learn more from the in-depth coverage in the Office 365 for IT Pros eBook.

4 Replies to “How Communication Compliance Policies Scan Teams Messages from Hybrid Users”

  1. Pingback: The Practical 365 Weekly Update: Ep 38 - Inspire 2020, Azure AD and Microsoft Teams
  2. Pingback: The Practical 365 Weekly Update: Ep 38 – Inspire 2020, Azure AD and Microsoft Teams – 365 admin service
  3. Pingback: The Practical 365 Weekly Update: Ep 38 – Inspire 2020, Azure AD and Microsoft Teams – RAD Group Limited | IT Support
  4. Pingback: The Practical 365 Weekly Update: Ep 38 - OfficeRambo

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.