As we roll into 2021, the Remote Workforce will continue for the near future. Because of this, many businesses are trying to find ways in which they can leverage the power of the M365 Office Suite to meet the needs of the company and those employees working from home (WFH).

We believe that Compliance will take front and center stage, with the enforcements of the GDPR and the CCPA expected to take full swing into 2021. In addition, we see the DOD CMMC requirements for the Defense Industrial Base, become the mainstream for all federal agency transactions (for businesses providing services to the public sector and from grants to local not for profits). In this article, we focus on how M365 can help you to achieve compliance in these markets.

Compliance In M365 E5

When a business purchases an M365 license with the E5 licensing security scheme, there are major add-ons that can be acquired. These are as follows:

  • The M365 Security Package:
    This consists of the Microsoft Defender Advanced Threat Protection (MDAPT), the Office 365 Advanced Threat Protection, the Azure Threat Protection, the Microsoft Cloud App Security (MCAS), and the Microsoft Active Directory Premium.
  • The M365 E5 Compliance Package:
    This consists of the Microsoft 365 E5 Information Protection & Governance, Microsoft 365 E5 Insider Risk Management, and the Microsoft 365 E5 eDiscovery and Audit.

It should be noted that for the Compliance Package going into 2021, a business does not need to purchase the entire license outright. Rather, they can purchase them individually in order to meet the specific compliance needs. A detailed summary of them is provided in the next section.

A Breakdown Of The Individual Compliance Components

  1. The Information Protection & Governance:
    • With the use of both Artificial Intelligence (AI) and Machine Learning (ML) processes, an IT Security team can very quicky detect any security breaches that are impacting the Personal Identifiable Information (PII) datasets.
    • Any confidential information and data can either be retained and/or deleted efficiently according to the statutes that have been set forth by the GDPR, CCPA, HIPAA, etc.
    • Very strong levels of encryption can be applied to business information, wherever the information is stored and accessed in Office 365 and Microsoft Azure.
  1. The Insider Risk Management:
    • Alerts and warnings are sent in real time to the IT Security team about any Cyber Threats that are looming on the horizon by making use of the SIEM package, which is known as Microsoft Azure Sentinel as required in the CMMC requirements.
    • Because of real time messaging, any Cyber Threats, both from the internal and external environments, can be mitigated in a noticeably brief time span.
    • You can easily import the thresholds into Azure that you want to implement for your network security technologies, and centrally manage them with one platform.
    • Also, with the use of both AI and ML packages, any abnormal behavior can be very quickly spotted, and further analyzed within a few minutes.
    • The relevant rights, permissions, and privileges can be quickly provisioned to the relevant members of both your IT Department and IT Security team so that they can respond to threat variants in a holistic manner. This approach helps to avoid any lateral movement that the Cyberattacker might embark upon.
  1. The E5 eDiscovery and Audit:
    • You can very quickly respond to any questions that auditors and regulators may pose to you making use of the following applications:
      • Advanced eDiscovery;
      • Content Search;
      • Data Investigations & Audits.
    • You can also respond to any type of Subject Access Requests that have been initiated by a GDPR based query;
    • Electronic information and documentation in legal/court paperwork can be easily tracked down for any discovery hearings;
    • Adherence to a common set of auditing and reporting requirements that have been set by the GDPR and the CCPA.

Summary of Compliance Packages

The following matrix summarizes the last section:

 Compliance Package Functionalities Available
Information Protection/Governance Labels for Sensitivity; Labels for Information/Data/Document & Policies; Management of Records; Data Loss Prevention
Insider Risk Management Compliance for Communications Processes; a Customer Lockbox; Privileged Access Management
eDiscovery/Audit Search of Legal Content; Advanced eDiscovery/Auditing; Investigations for Legal Data

(SOURCE: 1).


Apart from the robust compliance tools that are available, there are also many other application packages that are available with the Microsoft E5 licensing. This is illustrated in the following illustration: