Browse all topics

Purview Communication Compliance

Av Emil Björk · Microsoft-ekosystemskonsult, Göteborg

Communication Compliance reviews emails, Teams chats, and Viva Engage messages against policy. Here's the model.

Microsoft Purview Communication Compliance is the policy engine for reviewing internal communications — emails, Teams chats, channel messages, and Viva Engage posts — against rules that detect harassment, regulatory violations, insider threats, or other policy concerns.

What it's for

The classic use cases:

  • Financial services supervision — regulators (SEC, FINRA, FCA) require firms to review broker-dealer communications for misconduct.
  • Code of conduct enforcement — detection of harassment, threats, discriminatory language.
  • Information protection — sensitive data shared in chat that bypasses other controls.
  • Internal investigations — suspected leaks, conflict-of-interest, regulatory violations.

It's different from eDiscovery: eDiscovery responds to specific legal requests; Communication Compliance runs continuously against defined patterns.

How a policy works

A policy bundles:

  • Locations: Exchange mailboxes, Teams chats and channels, Viva Engage, third-party connected data via the Purview Communication Compliance connector library.
  • Users: who's in scope (often a specific function, like all traders).
  • Reviewers: who triages alerts.
  • Conditions: pre-built templates (offensive language, regulatory keywords, money laundering patterns) and custom keyword lists and sensitive information types.
  • Sample rate: random sampling for supervisory reviews where 100% review isn't required.
  • Actions: route to reviewer queue, alert managers, escalate.

Pre-built classifiers

Microsoft ships trainable ML classifiers for:

  • Offensive language and harassment.
  • Threats.
  • Discrimination.
  • Regulatory compliance — financial misconduct, money laundering, customer complaints, market manipulation.
  • Confidential information disclosure.
  • Adult/racy content.

You can combine classifiers with custom keyword lists (your firm's own restricted terms).

Reviewer workflow

Reviewers see a queue of flagged messages with context — the surrounding conversation, the user's history, the policy that triggered. For each message they choose an outcome: Resolved, Escalated, Tagged with notes. Outcomes feed into reporting.

Privacy and ethics

Like Insider Risk Management, Communication Compliance has built-in privacy controls:

  • Anonymised display by default.
  • Role separation — reviewers can see content, escalation roles can see identities.
  • Audit logs of every reviewer action.

Set policies with HR, Legal, and (in regulated industries) Compliance officer sign-off. Employees should be informed of communication monitoring as part of acceptable-use policies.

Licensing

Communication Compliance requires Microsoft 365 E5 or the Purview Communication Compliance standalone licence (per-user).

When you need it

Mandatory in regulated financial services and increasingly common in healthcare and legal. Optional but useful in any organisation with strong code-of-conduct enforcement. Overkill in small businesses without specific obligations.

When deployed, treat it as an HR/Legal-owned process, not an IT one. Tooling is the easy part.