Following a Dutch report saying that Office 365 might violate GDPR, some thoughts about how to restrict some of the flows of information from an Office 365 tenant to Microsoft.
Microsoft has launched Privileged Access Management (PAM) for Office 365. The name’s incorrect because PAM only works for Exchange Online right now. PAM is based on RBAC, which is good, but is the implementation too Exchange-centric?
Exchange administrators are accustomed to looking through mailbox audit logs to find details of events. Those same events are in the Office 365 audit log, so that’s the place to go look for information, like when you want to find out who sent a message from a shared mailbox using the SendAs permission.
Do Office 365 tenants need to take backups of Exchange Online, SharePoint Online, Teams, Planner, Yammer, and the other data that they accumulate. I don’t think they do in most cases, and the problem is exacerbated because most backup solutions sold for Office 365 can’t deal with the full suite.
Do you need to remove some offensive or otherwise doubtful material from Teams? If the original author won’t do the right thing, the team owner or an Office 365 administrator might have to step in to do the right thing.