Simplifying the complex: Introducing Privacy Management for Microsoft 365

Vasu Jakkal
Corporate Vice President, Security, Compliance and Identity

The data privacy regulation landscape is more complex than ever. With new laws emerging in countries like China and India, shifts in Europe and the United Kingdom, and currently 26 different laws across the United States, staying ahead of regulations can feel impossible.

But this work is critical—to safeguarding people and the tools they use to stay connected, get work done, and thrive in today’s hybrid environment.

We have been working closely with our customers to help. Today, I’m excited to share with you some of the new investments we’re making to attempt to bring some simplicity to the complex topic of data privacy regulations.

Introducing Privacy Management for Microsoft 365

With the latest regulation going into effect soon in China, most of the world’s population will soon have its personal data covered under modern privacy regulations. But how organizations manage their regulatory responsibilities with all those laws in mind is often manual, time-consuming, and expensive.

Today, I’m excited to announce that Privacy Management for Microsoft 365 is generally available to help customers safeguard personal data and build a privacy-resilient workplace. With role-based access controls and data de-identified by default, Privacy Management for Microsoft 365 helps organizations to have end-to-end visibility of privacy risks at scale in an automated way.

  1. Identify critical privacy risks and conflicts: One of the biggest challenges in managing privacy is finding where personal data is stored, especially in an unstructured environment. Most companies still use manual processes to maintain data inventory and mapping, primarily through email, spreadsheets, and in-person communication, which is costly and ineffective. Privacy Management automatically and continuously helps to discover where and how much private data is stored in customers’ Microsoft 365 environments by leveraging data classification and user mapping intelligence. Organizations can see an aggregated view of their privacy posture, including the amount, category, and location of private data, and associated privacy risks and trends over time.
  2. Automate privacy operations and response to subject rights requests: Privacy Management correlates data signals across the Microsoft 365 suite of solutions to deliver actionable insights that allow privacy administrators to automate privacy policies by using an out-of-box template—data transfers, data minimization, data overexposure, and subject-rights request management—or create a custom policy to meet an organization’s specific needs.
  3. Empower employees to make smart data handling decisions: To build a privacy-resilient culture, you need to educate your employees, so they know how to handle data properly. Privacy Management provides insights and contexts to administrators, enabling them to automate privacy policies and protect sensitive data. Additionally, data owners are given recommended actions, training, and tips to make smart data-handling decisions, eliminating the need to choose between privacy and productivity.

The privacy management dashboard shows an overview of privacy alerts, such as items containing personal data, subject rights requests, and more.

Figure 1: Overview dashboard showcasing privacy risks and trends.

“Privacy Management for Microsoft 365 will help us identify and prevent critical privacy risks that arise from transferring private data across borders and oversharing,” said Beni Gelzer, Head of Data Privacy (Switzerland), Novartis. “We’ll empower our employees to mitigate risks themselves, freeing our IT resources to focus on more urgent, high-severity risks.”

You can learn more about Novartis’ experience with Privacy Management for Microsoft 365 in their case study.

Partnering to give customers greater visibility beyond Microsoft 365

Because data lives across so many clouds, systems, and applications, solving the challenge of data privacy requires great insight—and partnership.

To meet you where you are in your privacy journey, we have built APIs that allow you to integrate with your existing processes and solutions to automatically create and manage subject rights requests in Privacy Management.

We’re also excited today to partner with leading privacy software companies—OneTrust,, and WireWheel—to extend subject rights management capabilities to personal data stored outside of the Microsoft 365 environment, enabling customers to have a unified and streamlined response to subject requests.

“Our mission at OneTrust is to empower businesses to build trust into the fabric of their organization and our collaboration with Microsoft supports this,” noted Adam Rykowski, OneTrust Vice President of Product Management. “By automating and syncing the fulfillment of Data Subject Access Requests (DSAR) from OneTrust’s Privacy Management Solution with Privacy Management for Microsoft 365, available within the Microsoft 365 compliance center, we can seamlessly incorporate IT admins into privacy operations from the OneTrust platform.”

You can learn more about these partnerships in today’s Tech Community blog.

New regulation assessments in Microsoft Compliance Manager

Staying ahead of data privacy regulations and understanding the technical actions you can take to address compliance can be daunting. To help, Microsoft Compliance Manager today has more than 200 regulatory assessment templates covering global, industrial, and regional Data Protection and Privacy regulations, making it easier for customers to interpret, assess, and improve their compliance with regulatory requirements. We recently added three privacy-specific assessments for Colorado Privacy Act, Virginia Consumer Data Protection Act (CDPA), and Egypt Privacy Law.

Additionally, we have mapped privacy-specific controls across these assessment templates to the new Privacy Management solution to help you scale your compliance efforts.

You can learn more about Compliance Manager, our list of available assessments, and how to use the assessment in our documentation. You can also try the Compliance Manager 90-day trial, which gives you access to 25 assessments.

Privacy is a journey

We recognize that navigating the complexity of data privacy regulations is a journey, and we are excited to partner with you, our customers, and others in the ecosystem to help to ease some of the complexity, making the world a safer place for all.

Privacy Management for Microsoft 365 is generally available to customers as an add-on to a Microsoft 365 or Office 365 subscription. To get started with Privacy Management, you can leverage the free 90-day trial. You can learn a lot more about Privacy Management in today’s Tech Community blog or watch the new Microsoft Mechanics video.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.