This blog explores the usability of M365 Compliance Features and the specifics of the Compliance UI. It examines the number of repetitive tasks required to utilize the Compliance Model and associated cognitive and repetitive bio-mechanical stress factors. If these stress factors are deemed excessive, the blog aims to provide a mitigation strategy or build a case for escalating the need for such mitigation.

Anticipated issues

Sophisticated (or Complicated?) Interface

The Compliance Center and Framework have a complex and always changing interface.

New Paradigm

The introduction of new features and a new paradigm means there is no previous industry experience to draw upon. Information policies that existed in SharePoint and experience with retention and disposition within On-Prem SharePoint bear no resemblance to the modern retention or compliance framework, rendering previous experience and best practices irrelevant.

Evergreen Product

Microsoft's O365 is always getting updates. While some parts are stable, Compliance is always changing. Splitting the Security & Compliance Center into two parts in 2019 made things even more confusing, at least for a while. If, or rather when, Microsoft introduces additional changes to the UI, new tutorials, help files, and personnel training will be required.

Risk Mitigation

PowerShell Scripts:

Given the complexity of the Compliance Framework UI, leveraging PowerShell scripts can streamline and automate repetitive tasks. Organizations should invest in developing PowerShell scripts tailored to their specific Compliance needs. These scripts can automate provisioning, configuration, and monitoring tasks, reducing the manual effort required and minimizing the risk of human error.

Comprehensive Training Programs:

Implementing comprehensive training programs is essential to ensure that personnel have the necessary skills to effectively navigate and utilize the Compliance Framework. Training sessions should cover topics such as understanding Compliance components, configuring retention policies, resolving conflicts, and utilizing PowerShell scripts. Training materials should be regularly updated to reflect any changes or updates to the Compliance Framework.

Establishment of Naming Conventions:

Thoughtfully establishing and rigorously adhering to naming conventions for Compliance components can significantly reduce confusion and errors. Clear and consistent naming conventions should be developed for labels, policies, rules, and other Compliance-related entities. These conventions should be documented and communicated across the organization to ensure uniformity and clarity.

Partial or Full Automation Efforts:

Organizations should explore opportunities to automate Compliance processes either partially or fully. Automation can help streamline repetitive tasks, improve efficiency, and reduce the risk of manual errors. Consideration should be given to automating tasks such as label assignment, policy creation, conflict resolution, and reporting. Automation can be achieved through PowerShell scripts, third-party automation tools, or custom-built solutions.

Alignment with Information Architecture (IA): It's crucial to align Compliance efforts with the organization's Information Architecture (IA). This involves ensuring that Compliance policies and practices are consistent with the organization's data management objectives and governance framework. By aligning Compliance with IA, organizations can establish clear guidelines for data classification, storage, retention, and disposal, reducing the risk of non-compliance and data breaches.

By implementing these risk mitigation strategies, organizations can enhance the usability of the Compliance Framework, reduce operational complexities, and improve overall compliance posture.