FAQ: Microsoft 365 Compliance Workshop

Will Microsoft or Infotechtion need access to one of our tenants?

  • No, all analysis will be done by customer IT admins, in the role of compliance manager, with  guidance from Infotechtion and Microsoft

What will be the impact on End Users?

  • There is no impact to end users,  except for stakeholder engagements for nominated users.

Is the compliance check a separate application?

  • The check will be done leveraging solutions that you can find and access today in the Microsoft Compliance Center (Audit, Content Search and Activity Explorer). As such there is no separate application that needs to be run. There is a need to have or trial E5 licenses and appoint a compliance administrator or equivalent role to perform the needed steps.

What do we need to install or turn on?

  • To access the compliance center advanced features you need to have or trial E5 licenses and appoint a compliance administrator or equivalent role to perform the needed steps. There is nothing to install.

Who has access to the data that the compliance check collects?

  • The data itself is only accessible by the people who have an account in your tenant and have been given the appropriate permissions by your administrators. We will ask your compliance administrator to export grouped and anonymized results which can not be led back to any specific data in your tenant. The data in your tenant will not be accessible to Infotechtion, nor to Microsoft without prior consent and actions taken by your administrators.

Will the data collected related to users be anonymous?

  • The results will be anonymous to Infotechtion. Beware though that the appointed IT admin, in the compliance manager role, will be able to identify content and activity of particular individuals in the organization.

Can we use the compliance check after the end of the engagement?

  • The features and solutions the Microsoft Compliance center are yours. We encourage you to run reports and create snapshots over time. Please consider using those results to create and support the business case for better governance.

Will any data be taken from our systems and for what purpose?

  • Your IT admin, in the compliance manager role, will be asked to to export grouped and anonymized results to be shared with Infotechtion and to be used in the deliverables of the compliance maturity scan. 

Who do we need to inform when undertaking the compliance check?

  • The role assignment for access will need to be given by the Global administrator of M365. Further to this you should inform the Identity Manager (AD admin), Data Protection Officer (or similar roles involving compliance or privacy).

How much effort will the automated compliance check take from our side?

  • The check itself is automated and runs in the background. We will take the IT admin through steps outlining the technical setup and performing the analysis of the outcome. This should not take more than 2 half days of effort.

How much time will we key stakeholders need to invest and who are those stakeholders?

  • We expect key stakeholders to invest a total of 8 hrs in a three week period. Generally speaking these stakeholders are found in the Compliance Office, Records Management team, Legal / Litigation team or Business change/transformation.