Browse all topics
All guidesGlossary

Purview Communication Compliance

Communication Compliance reviews emails, Teams chats, and Viva Engage messages against policy. Here's the model.

Microsoft Purview Communication Compliance is the policy engine for reviewing internal communications — emails, Teams chats, channel messages, and Viva Engage posts — against rules that detect harassment, regulatory violations, insider threats, or other policy concerns.

What it's for

The classic use cases:

  • Financial services supervision — regulators (SEC, FINRA, FCA) require firms to review broker-dealer communications for misconduct.
  • Code of conduct enforcement — detection of harassment, threats, discriminatory language.
  • Information protection — sensitive data shared in chat that bypasses other controls.
  • Internal investigations — suspected leaks, conflict-of-interest, regulatory violations.

It's different from eDiscovery: eDiscovery responds to specific legal requests; Communication Compliance runs continuously against defined patterns.

How a policy works

A policy bundles:

  • Locations: Exchange mailboxes, Teams chats and channels, Viva Engage, third-party connected data via the Purview Communication Compliance connector library.
  • Users: who's in scope (often a specific function, like all traders).
  • Reviewers: who triages alerts.
  • Conditions: pre-built templates (offensive language, regulatory keywords, money laundering patterns) and custom keyword lists and sensitive information types.
  • Sample rate: random sampling for supervisory reviews where 100% review isn't required.
  • Actions: route to reviewer queue, alert managers, escalate.

Pre-built classifiers

Microsoft ships trainable ML classifiers for:

  • Offensive language and harassment.
  • Threats.
  • Discrimination.
  • Regulatory compliance — financial misconduct, money laundering, customer complaints, market manipulation.
  • Confidential information disclosure.
  • Adult/racy content.

You can combine classifiers with custom keyword lists (your firm's own restricted terms).

Reviewer workflow

Reviewers see a queue of flagged messages with context — the surrounding conversation, the user's history, the policy that triggered. For each message they choose an outcome: Resolved, Escalated, Tagged with notes. Outcomes feed into reporting.

Privacy and ethics

Like Insider Risk Management, Communication Compliance has built-in privacy controls:

  • Anonymised display by default.
  • Role separation — reviewers can see content, escalation roles can see identities.
  • Audit logs of every reviewer action.

Set policies with HR, Legal, and (in regulated industries) Compliance officer sign-off. Employees should be informed of communication monitoring as part of acceptable-use policies.

Licensing

Communication Compliance requires Microsoft 365 E5 or the Purview Communication Compliance standalone licence (per-user).

When you need it

Mandatory in regulated financial services and increasingly common in healthcare and legal. Optional but useful in any organisation with strong code-of-conduct enforcement. Overkill in small businesses without specific obligations.

When deployed, treat it as an HR/Legal-owned process, not an IT one. Tooling is the easy part.