Microsoft have announced the general availability of Privacy Management for Microsoft 365 (which has been in public preview since July) as a new add-on licence SKU with the purpose of helping customers to safeguard personal data within their Microsoft 365 environments in a more automated way with policies and actionable insights.
CPS’ Head of Practice for Security, Compliance, & Identity – Peter Rising looks at this newest addition to the M365 compliance offering and shares his insights on the included features and where this could add value to M365 customers.
What’s included in Privacy Management?
Privacy Management comprises two available plans. The first plan is Privacy Management - Risk and includes the ability to visualise personal data and associated risks in your Microsoft 365 environment, use policy templates to reduce overexposure and transfer of data, create your own custom policies, and provide recommended automatic remediation actions to individual employees to mitigate privacy risks.
The second plan is Privacy Management - Subject rights request which allows you to manage your subject rights requests at scale with automated responses such as data discovery, secure collaboration workflows, integration with business processes, and API access.
Who should use Privacy Management?
Businesses who currently undertake complex manual processes to keep track of personal data in their Microsoft 365 environments will benefit the most from adopting Privacy Management. Such manual processes are currently required due to a lack of actionable insights which are now available in Privacy Management, making it easier for users to understand all risks and keep up to date with their privacy requirements.
How do I get Privacy Management?
The two Privacy Management plans are available as an add-on to a Microsoft 365 or Office 365 subscription.
Privacy Management – Risk is available as a free 90-day trial at: https://go.microsoft.com/fwlink/p/?LinkID=2175024&clcid=0x409&culture=en-us&country=US
Privacy Management – Subject rights request is available as a free 90-day trial (or create up to 50 subject rights requests – whichever limit expires first).
These trials are simple to sign up to and can be accessed from the M365 Compliance center at https://compliance.microsoft.com under the Privacy Management section. Once enabled, you should start to see privacy insights appear here within approximately 24 hours. These insights will include:
- Items with personal data
- Policy matches
- Subject rights requests
At the end of your free trial, you will need to purchase a subscription to the Risk and Subjects rights requests plans. Otherwise, any data gathered during your trial period will be deleted after a period of 30-days.
Although Privacy Management is now generally available as a free trial, at the time of writing there is no information within the Microsoft 365 Admin center as to the cost of these add-on licences. However, it is expected that pricing will be set as $5.00 per user per month for Privacy Management and $200.00 per Subject rights request. Subject rights requests will be available to purchase in blocks of 1,10, or 100.
Summary
I see Privacy Management being mainly adopted by larger businesses or enterprise organisations who already manage compliance risk and subject rights requests at scale using manual processes. The actionable insights and customisable policies available in this new toolset will help such organisations to streamline their processes. Small to mid-sized businesses may think twice, especially as there is an add-on cost to leverage this service.
Links
Simplifying the complex: Introducing Privacy Management for Microsoft 365 - Microsoft Security Blog
Privacy Management Software | Microsoft Security
Learn about privacy management - Microsoft Privacy | Microsoft Docs
Learn about the free privacy management trial - Microsoft Privacy | Microsoft Docs
Get started with privacy management - Microsoft Privacy | Microsoft Docs
Author
Peter is an Office Apps and Services MVP with over 25 years’ experience working with Microsoft technologies. He has specialised in the Microsoft 365 platform since 2014, initially focusing on Exchange migrations but in recent years has shifted his area of focus to SharePoint, Teams, and in particular, Security & Compliance.
Peter has worked in both internal IT Management roles and as a consultant or Architect and has delivered Microsoft cloud solutions across the UK and beyond to organisations looking for guidance with their digital transformation journey.