Microsoft Purview · Communication Compliance

Communication Compliance Admins

Configure policies and settings but cannot investigate alerts or view message content - separated administration.

Scope: Policy configuration and administration without investigation or message viewing access

Permissions

  • Policy Creation - Create and configure communication compliance policies with condition logic
  • Policy Conditions - Manage policy conditions, exceptions, supervised users, and scoped groups
  • Classifiers - Configure ML classifiers, trainable classifiers, and sensitive info types for detection
  • Policy Settings - Manage policy settings, notifications, and simulation mode
  • Statistics - View policy statistics, trends, and aggregate metrics (not individual messages)
  • Policy Templates - Configure policy templates for common violations (harassment, regulatory, threats)
  • Administrative Units - Manage administrative units for scoped policy deployment
  • Pseudonymization - Configure pseudonymization settings for privacy-preserving investigations
  • Copilot Monitoring - Set up monitoring for Microsoft 365 Copilot interactions
  • Third-Party Integration - Integrate third-party communication platforms (Zoom, Slack, etc.)
  • Retention - Configure retention and deletion policies for communication compliance data

Common use cases

  • Compliance team configuring monitoring policies per regulatory requirements
  • IT staff implementing technical policy requirements without HR involvement
  • Organizations requiring strict separation of duties between policy and investigation
  • Policy tuning specialists who optimize detection logic based on Analyst feedback
  • Regulatory compliance engineers deploying financial services supervision policies
  • Privacy officers configuring pseudonymization and data retention settings
  • Regional compliance teams managing policies scoped to their administrative units

Best practices

  • Test policies with small user groups in simulation mode before broad deployment
  • Document clear business justification and legal basis for each policy
  • Use standard policy templates as starting point and customize for organization
  • Regular policy reviews and tuning to optimize for false positive reduction
  • Coordinate closely with investigation team to understand alert volume and quality
  • Implement feedback loops where Analysts report false positive patterns for tuning
  • Configure pseudonymization to protect investigator identities during initial review
  • Use trainable classifiers with sufficient training documents (300+ per category)
  • Monitor Copilot interaction policies carefully to avoid over-blocking productivity
  • Use administrative units to manage regional or business-unit-specific policies
  • Test third-party platform integrations thoroughly before production deployment
  • Document retention periods for compliance data per regulatory requirements

Security considerations

  • Cannot view messages - maintains critical privacy separation from investigation
  • Policy configuration determines scope of employee monitoring and privacy impact
  • Should coordinate closely with legal counsel on policy definitions and scope
  • Configuration changes directly impact what investigators can see and investigate
  • Overly broad policies can create privacy violations and regulatory exposure
  • Copilot monitoring policies must balance security with productivity and user trust
  • Third-party platform integration may have additional privacy implications
  • Pseudonymization configuration affects investigator workflow and privacy protection
  • Administrative units require proper access control to prevent unauthorized viewing
  • Policy exceptions and exclusions should be documented with clear justification

Official Microsoft Learn documentation →

Open the interactive RBACMap →