Microsoft 365 compliance challenges

Staying compliant in Microsoft 365 is more complex than ever, with constantly evolving regulations and an ecosystem full of interconnected tools and data. To understand where organizations struggle most, we asked Microsoft MVPs to share the Microsoft 365 compliance challenges they see every day.

Their insights reveal the gaps, pitfalls, and opportunities facing today’s M365 administrators. Check out their answers in our highlight video and read their full answers below.

Compliance isn’t fun, but the right tools make it manageable – Justine Wolters

So Microsoft 365 compliance is not really the sexy thing, right. It’s something that we have to do, rules and regulations. We have to do the policy sessions with each other. How do we comply? But there are tools that are helping you to see, okay, where are still the gaps, within my organization, within my environment.

For example, what I recommend to organizations that have no clue anymore where to start to comply, you can use a compliance tool. So, the Compliance Manager is really useful. It gives you step-by-step of what are still the actions I need to make sure I am compliant. So, there are tools available to help you with that.

But also, of course, you have to make sure that you keep track of what are the rules and regulations you have to comply with. And also, what if we decide with each other internally what we want to comply with? It’s a lot, I understand, and it’s not the most fun thing to do, but it is important to make enough time to get it clear for yourself.

Honestly, the Compliance Manager is really helpful. It gives you an overview of if you want to comply with, for example, the EU AI acts or the NIS 2, which is relevant for many companies nowadays. You get really a step-by-step plan of okay, you need to do retention policies, you need to do attacks for training your people inside your organization to make sure that they recognize phishing. Well, all kinds of steps.

And many organizations don’t know about this feature. While they do have, for example, an E5 license. So it is available. And I think that’s one of the tools that could be really useful, for organizations.

The pace of the change with the technology – Spencer Harbar

The most common challenge is understanding their Microsoft 365 compliance requirements, fundamentally, whether that be regulations or business-specific imperatives. Generally speaking, that is not well enough understood by the user population.

Automation can really attack the low-hanging fruit in a lot of cases. Things like automatic labeling and training of the system to better recognize what’s needed. It can take care of what used to be a lot of manual labor.

I would say information risk management is a compliance feature that is probably the least utilized. In a general sense, and then from the sort of more feature-specific point of view, the records management capabilities is generally not that well used at the moment.

Admins can ensure compliance with a lot of care and attention, diligence, and paying attention to the tools that are available, particularly in Purview. They need to understand where the company is with respect to compliance versus where it needs to be.

Use automation to start behavioural changes – Paul Hunt

I’m going to say licensing levels. A number of organizations, they have the standard Microsoft licenses, so they don’t get the benefits of things like you have in E5 with like adaptive scopes and the ability to do things that are scale. There are challenges with some of the things like static scopes. I’ve just been having a conversation about the dangers of static scopes. And I think a lot of organizations don’t understand where maybe some of the more limiting licenses can actually be quite dangerous if they’re not used correctly. So a lack of knowledge or lack of awareness is definitely a key there.

I think at the moment, sensitivity labels are underused, you know, actually using labeling at source to get information correctly labeled. I think we’re quite young in that process, in a lot of organizations. I think there’s work to be done there. And I think we’re going to see updates from Microsoft, hopefully at Ignite, that’s going to expand on those capabilities.

But again, licensing is definitely going to play into this. So, making sure the organizations have the right step-up licenses. That’s all going to have an impact.

So for us, if you rely on your users to do things manually, they’re just not going to do it. Things like, you know, default label policies and automation automatically applied labeling, stuff like that is going to help address some of those challenges. And you know, where the users might be reticent or resistant to the change. You can start to drive those behavioral changes through the use of automation.

There’s savings and opportunity with Microsoft 365 compliance – Steve Dalby

The most common Microsoft 365 compliance and governance issues is that nobody understands why it’s important. So why do I need to do this? Why do I need to do that? The point is that if you do it properly, there’s savings and opportunity to be had.

And also you remove something called technical debt. Technical debt is when you implement something and you find it’s costing you more money because you didn’t do it right. So compliance obviously has a legal requirement to comply with the law. But governance and compliance together means you can often do things in a more efficient, and easier to learn, and easier to adopt way.

Sensitivity labels are underused very much. People think that is a big thing about rolling them out. But we’ve just done a podcast actually, here at CollabDays Zagreb, and we’ve been talking exactly about how to roll out sensitivity labels. So, my answer is sensitivity labels are very underrated.

Would you like to hear more?

It was awesome hearing what Microsoft MVPs had to say about Microsoft 365 compliance challenges. You can also check out other MVP videos about:

• What are the biggest Microsoft 365 adoption challenges?
• What is the most underrated feature of Microsoft Copilot?
• What does Microsoft 365 Governance mean to you?

Thank you to all the Microsoft MVPs for their expert insights!