A company wants to monitor Microsoft Teams messages and corporate emails for policy violations related to potential harassment and inappropriate behavior. They need a solution that allows them to define policies with conditions (e.g., keywords, patterns), automatically flag suspicious conversations, and optionally send notifications to the sender or escalate to a reviewer. Additionally, they need the ability to train employees when a minor violation is detected. Which Microsoft Purview solution should they use?
Correct. Communication Compliance provides policy-based monitoring of communications to detect regulatory and code-of-conduct violations, with flexible remediation including training messages.
Why this answer
Communication Compliance is the correct solution because it is specifically designed to detect policy violations in Microsoft Teams messages and corporate emails by scanning for keywords, patterns, and other conditions. It can automatically flag suspicious conversations, send notifications to the sender, escalate to a reviewer, and even train employees on minor violations through its built-in remediation workflows.
Exam trap
The trap here is that candidates often confuse Communication Compliance with Data Loss Prevention (DLP) because both involve policy-based scanning of communications, but DLP lacks the behavioral monitoring, notification, and training capabilities required for harassment and inappropriate behavior scenarios.
How to eliminate wrong answers
Option A is wrong because Data Loss Prevention (DLP) focuses on preventing the unauthorized sharing of sensitive data (e.g., credit card numbers, PII) and does not provide the employee training or escalation workflows for behavioral policy violations like harassment. Option C is wrong because Information Protection (e.g., sensitivity labels, encryption) is used to classify and protect data based on sensitivity, not to monitor communications for inappropriate behavior or enforce training. Option D is wrong because Audit (e.g., Microsoft 365 Audit log) only records user and admin activities for forensic investigation and cannot define policies, flag conversations, or send notifications for policy violations.