Business Microsoft is developing their new AI Purview software to detect workplace policy violations - Coming soon to public preview, we’re rolling out several new classifiers for Communication Compliance to assist you in detecting various types of workplace policy violations.

  • Want to keep track of this thread?
    Accounts can bookmark posts, watch threads for updates, and jump back to where you stopped reading.
    Create account
1654337729050.png

Coming soon to public preview, we’re rolling out several new classifiers for Communication Compliance to assist you in detecting various types of workplace policy violations. This message is associated with Microsoft 365 Roadmap ID 93251, 93253, 93254, 93255, 93256, 93257, 93258.

The leavers classifier detects messages that explicitly express intent to leave the organization, which is an early signal that may put the organization at risk of malicious or inadvertent data exfiltration upon departure. Microsoft Purview Communication Compliance helps organizations detect explicit code of conduct and regulatory compliance violations, such as harassing or threatening language, sharing of adult content, and inappropriate sharing of sensitive information. Built with privacy by design, usernames are pseudonymized by default, role-based access controls are built in, investigators are explicitly opted in by an admin, and audit logs are in place to help ensure user-level privacy. More info

The sabotage classifier detects messages that explicitly mention acts to deliberately destroy, damage, or destruct corporate assets or property. Microsoft Purview Communication Compliance helps organizations detect explicit code of conduct and regulatory compliance violations, such as harassing or threatening language, sharing of adult content, and inappropriate sharing of sensitive information. Built with privacy by design, usernames are pseudonymized by default, role-based access controls are built in, investigators are explicitly opted in by an admin, and audit logs are in place to help ensure user-level privacy. More info

The gifts and entertainment classifier detects messages that contain language around exchanging of gifts or entertainment in return for service, which may violate corporate policy. Microsoft Purview Communication Compliance helps organizations detect explicit code of conduct and regulatory compliance violations, such as harassing or threatening language, sharing of adult content, and inappropriate sharing of sensitive information. Built with privacy by design, usernames are pseudonymized by default, role-based access controls are built in, investigators are explicitly opted in by an admin, and audit logs are in place to help ensure user-level privacy. More info

The money laundering classifier detects signs of money laundering or engagement in acts design to conceal or disguise the origin or destination of proceeds. This classifier expands Communication Compliance’s scope of intelligently detected patterns to regulated customers such as banking or financial services who have specific regulatory compliance obligations to detect for money laundering in their organization. Microsoft Purview Communication Compliance helps organizations detect explicit code of conduct and regulatory compliance violations, such as harassing or threatening language, sharing of adult content, and inappropriate sharing of sensitive information. Built with privacy by design, usernames are pseudonymized by default, role-based access controls are built in, investigators are explicitly opted in by an admin, and audit logs are in place to help ensure user-level privacy. More info

The stock manipulation classifier detects signs of stock manipulation, such as recommendations to buy, sell, or hold stocks in order to manipulate the stock price. This classifier expands Communication Compliance’s scope of intelligently detected patterns to regulated customers such as banking or financial services who have specific regulatory compliance obligations to detect for stock manipulation in their organization. Microsoft Purview Communication Compliance helps organizations detect explicit code of conduct and regulatory compliance violations, such as harassing or threatening language, sharing of adult content, and inappropriate sharing of sensitive information. Built with privacy by design, usernames are pseudonymized by default, role-based access controls are built in, investigators are explicitly opted in by an admin, and audit logs are in place to help ensure user-level privacy. More info

The unauthorized disclosure classifier detects sharing of information containing content that is explicitly designated as confidential or internal to certain roles or individuals in an organization. Microsoft Purview Communication Compliance helps organizations detect explicit code of conduct and regulatory compliance violations, such as harassing or threatening language, sharing of adult content, and inappropriate sharing of sensitive information. Built with privacy by design, usernames are pseudonymized by default, role-based access controls are built in, investigators are explicitly opted in by an admin, and audit logs are in place to help ensure user-level privacy. More info

The workplace collusion classifier detects signs of employee collusion, such as price fixing, sharing of trade secrets, or coordinating buying strategies. This classifier expands Communication Compliance’s scope of intelligently detected patterns to regulated customers such as banking, healthcare, or energy who have specific regulatory compliance obligations to detect for collusion in their organization. Microsoft Purview Communication Compliance helps organizations detect explicit code of conduct and regulatory compliance violations, such as harassing or threatening language, sharing of adult content, and inappropriate sharing of sensitive information. Built with privacy by design, usernames are pseudonymized by default, role-based access controls are built in, investigators are explicitly opted in by an admin, and audit logs are in place to help ensure user-level privacy. More info



When this will happen​

Rollout will begin in late June and is expected to be complete by mid-July.

How this will affect your organization​

The following new classifiers will soon be available in public preview for use with your Communication Compliance policies.

  • Leavers: The leavers classifier detects messages that explicitly express intent to leave the organization, which is an early signal that may put the organization at risk of malicious or inadvertent data exfiltration upon departure.
  • Corporate sabotage: The sabotage classifier detects messages that explicitly mention acts to deliberately destroy, damage, or destruct corporate assets or property.
  • Gifts & entertainment: The gifts and entertainment classifier detect messages that contain language around exchanging of gifts or entertainment in return for service, which may violate corporate policy.
  • Money laundering: The money laundering classifier detects signs of money laundering or engagement in acts design to conceal or disguise the origin or destination of proceeds. This classifier expands Communication Compliance’s scope of intelligently detected patterns to regulated customers such as banking or financial services who have specific regulatory compliance obligations to detect for money laundering in their organization.
  • Stock manipulation: The stock manipulation classifier detects signs of stock manipulation, such as recommendations to buy, sell, or hold stocks in order to manipulate the stock price. This classifier expands Communication Compliance’s scope of intelligently detected patterns to regulated customers such as banking or financial services who have specific regulatory compliance obligations to detect for stock manipulation in their organization.
  • Unauthorized disclosure: The unauthorized disclosure classifier detects sharing of information containing content that is explicitly designated as confidential or internal to certain roles or individuals in an organization.
  • Workplace collusion: The workplace collusion classifier detects messages referencing secretive actions such as concealing information or covering instances of a private conversation, interaction, or information. This classifier expands Communication Compliance’s scope of intelligently detected patterns to regulated customers such as banking, healthcare, or energy who have specific regulatory compliance obligations to detect for collusion in their organization.

What you need to do to prepare​

Microsoft Purview Communication Compliance helps organizations detect explicit code of conduct and regulatory compliance violations, such as harassing or threatening language, sharing of adult content, and inappropriate sharing of sensitive information. Built with privacy by design, usernames are pseudonymized by default, role-based access controls are built in, investigators are explicitly opted in by an admin, and audit logs are in place to ensure user-level privacy.

You can access the Communication Compliance solution in the Microsoft Purview compliance portal.

Learn more​

Article | Archive

Official Microsoft Purview page | Archive

Microsoft Purview Classifiers | Archive
 
Click to expand...
Looking forward to the version in 10 years from now that detects any negative thoughts you may have about your job.

And the version 20 years from now that 'corrects' any negative thoughts you may have about your job.
 
Why would I talk about any nefarious plans I have on internal comms lmao. WFH means I have my own laptop and devices right there in my home office and so I don’t even have to like quickly pretend I wasn’t on my iPad because someone came in. I am blatantly doing whatever I want on my own devices all day.
 
Stock manipulation: The stock manipulation classifier detects signs of stock manipulation, such as recommendations to buy, sell, or hold stocks in order to manipulate the stock price. This classifier expands Communication Compliance’s scope of intelligently detected patterns to regulated customers such as banking or financial services who have specific regulatory compliance obligations to detect for stock manipulation in their organization.
Click to expand...
Lol, good luck with adoption.
 
This sounds like amateur hour when compared to something like DTEX. I seriously recommend sitting through their canned demo of "insider threat monitoring" if you aren't familiar with these sorts of tools and the granularity of the information that they can capture and aggregate. I particularly liked how the use of personal webmail was presented as one of the riskiest activities.

The most important thing to know about this stuff is that your employer already does not trust you, so do not trust anything provided to you by your employer. This includes easily overlooked stuff like the physical office space and policies allowing you to connect personal devices to anything operated by your employer.
 
Dog-O-Tron 5000v5.0 said:
Yeah, if you use your work email for any of this, you're so dumb you deserve to be caught.
Click to expand...
Couldn't agree more. BUT (big but) I work in this area of a very large bank and yes, people are that stupid.

The term "leavers", never heard that before. From a risk perspective, it's called "insider threat." Generally involves somebody pissed at the company and is going to leave and tries to steal insider data or wreak some sort of payback havoc before they are out the door.

We have real investigators that do this shit. I can't imagine how bad some AI and algorithms would fuck it up.
 
Dog-O-Tron 5000v5.0 said:
Yeah, if you use your work email for any of this, you're so dumb you deserve to be caught.
Click to expand...
There are certain things I only express verbally at work, and most of them are to protect the corporation; not myself. If there's no written record of something, there's nothing that can come out in an audit or discovery (unless they subpoena everyone, I guess).

I'm not such an idiot as to discuss any of this stuff listed through any kind of work channel, but I know an absolute ton of people who have no compunctions whatsoever about doing so. I don't even connect my phone to the wifi at work because that router can do whatever the fuck it wants to and I don't want it to see me posting dank anti-Semitic memes of Kiwifarms.

I know for a fact that we use these kinds of heuristics on email and written Teams messages and I strongly suspect Microsoft has the ability to transliterate and understand spoken MS Teams calls, so not even that's safe. Look for references to terms like "DLP" ("data loss protection") in your employee privacy policy.

If I'm calling the CEO a shithead (and he is one), I'm doing it over beers away from the office. If I'm looking for a new job, I'm sure as fuck not using my work laptop lmao. I know some people that use their work laptop as their personal laptop because they figure "hey, free laptop", including using it to watch porn. Same for our corporate phones. One person--who had previously worked for IBM for like 30 years--was fired and arrested because they decided to download a bunch of child pornography to their laptop.

Best advice I can give is that you don't have to act like a corporate drone in work communications (unless your role demands you do), but you do have to know how to be a professional. And you especially have to know that talking about leaving your current job or trying to arrange insider trading on your corporate network is really stupid.
 
Bisdejl said:
your employer already does not trust you, so do not trust anything provided to you by your employer.
Click to expand...
^this

One of the job's I worked for had a CEO who's bitchy karen of a wife (whom was also employed at the place) was being paranoid as fuck saying that nobody was doing what they were supposed to be doing and were slacking off, so the ceo issues an entire company wide mandatory software installation called Time Doctor so now everyone was being monitored from the time they punched in to the time they punched out.

Me and a couple of the other IT people had issues with this. That and when they wanted everyone to use Zoom during COVID at a time where articles were coming out about how unsecure it was and how it was linked to the Chinese.
 
Stupid microniggers will never catch me. I add "in Minecraft" to all of my problematic writings and thoughts.
 
You must log in or register to reply here.
Back
Top Bottom