This post is a part of the AB-900: Microsoft 365 Copilot and Agent Administration Fundamentals Exam Prep Hub.
This topic falls under these sections:
Understand data protection and governance tasks for Microsoft 365 and Copilot (35–40%)
--> Identify data protection and governance risks for Microsoft 365 and Copilot
--> Identify policy violations generated by Communication Compliance
Note that there are 10 practice questions (with answers) at the end of each section to help you solidify your knowledge of the material. Also, there are 4 practice tests with 30 questions each available from the hub's main page below the exam topics section.
Introduction
For the AB-900: Microsoft 365 Copilot and Agent Administration Fundamentals exam, you should understand how Microsoft Purview Communication Compliance helps organizations detect, investigate, and respond to inappropriate communications that may violate corporate policies, legal requirements, or regulatory standards. You should also understand how administrators review policy matches, investigate alerts, and take appropriate remediation actions.
What is Microsoft Purview Communication Compliance?
Microsoft Purview Communication Compliance is a Microsoft Purview solution that helps organizations detect and investigate inappropriate or risky communications across Microsoft 365 services.
Rather than preventing users from communicating, Communication Compliance monitors communications and alerts authorized reviewers when messages match organizational policies.
It helps organizations detect communications involving:
- Harassment
- Discrimination
- Offensive language
- Threats
- Confidential information sharing
- Regulatory violations
- Inappropriate behavior
- Insider risks
Communication Compliance is designed to reduce legal, compliance, and reputational risks while helping organizations meet industry regulations.
Why Communication Compliance Is Important
Organizations communicate constantly using:
- Microsoft Teams chats
- Teams channel messages
- Outlook emails
- Viva Engage (Yammer)
- Third-party communication platforms (through supported connectors)
Without monitoring, inappropriate communications may:
- Create hostile work environments
- Lead to lawsuits
- Violate government regulations
- Expose confidential information
- Damage an organization’s reputation
Communication Compliance provides visibility into these risks.
What Are Policy Violations?
A policy violation occurs when a communication matches conditions defined within a Communication Compliance policy.
Examples include:
- Use of offensive language
- Bullying or harassment
- Sharing confidential customer information
- Threatening another employee
- Insider trading discussions
- Regulatory compliance violations
- Sharing protected intellectual property
A policy violation does not automatically mean misconduct occurred.
Instead, it means the communication requires human review.
How Communication Compliance Works
The workflow follows several stages.
Step 1: Create a Policy
Administrators create policies that define:
- Users or groups to monitor
- Communication locations
- Types of violations
- Detection conditions
- Review workflow
Step 2: Monitor Communications
Communication Compliance continuously analyzes supported communications.
Examples include:
- Teams messages
- Emails
- Viva Engage posts
Content is evaluated against policy conditions.
Step 3: Generate Alerts
If content matches a policy:
- An alert is generated.
- The alert appears in the Communication Compliance dashboard.
- Reviewers receive notification.
Step 4: Human Review
Authorized reviewers investigate:
- Original message
- Conversation context
- Users involved
- Severity
- Previous incidents
Reviewers determine whether the communication truly violated policy.
Step 5: Resolution
Reviewers choose an appropriate action, such as:
- Resolve as compliant
- Confirm violation
- Escalate investigation
- Notify HR
- Notify legal
- Train employee
- Document findings
Common Types of Policy Violations
Harassment
Detects communications containing:
- Insults
- Bullying
- Abusive language
- Threats
Example:
“You’re completely useless and should quit.”
Discrimination
Detects language involving:
- Race
- Gender
- Religion
- Disability
- Age
- Protected characteristics
Offensive Language
Identifies:
- Profanity
- Hate speech
- Offensive expressions
Sensitive Information Sharing
Detects messages containing:
- Credit card numbers
- Social Security numbers
- Customer information
- Financial records
- Medical information
Regulatory Compliance Violations
Organizations in regulated industries monitor communications involving:
- Insider trading
- Market manipulation
- Financial misconduct
- Unauthorized disclosures
Confidential Information
Detects unauthorized sharing of:
- Trade secrets
- Product designs
- Internal reports
- Source code
- Financial forecasts
Policy Alerts
A Communication Compliance alert contains information such as:
- Policy name
- Date and time
- Severity
- User involved
- Communication type
- Matched rule
- Review status
Alerts help reviewers prioritize investigations.
Alert Severity
Organizations often classify alerts as:
Low
Minor language concerns.
Example:
A mildly inappropriate joke.
Medium
Behavior that may violate company policy.
Example:
Repeated offensive language.
High
Serious compliance concern.
Example:
Threats of violence or disclosure of confidential data.
Reviewing Policy Violations
Authorized reviewers access the Communication Compliance portal.
During review they can examine:
- Conversation history
- Message participants
- Attachments
- Policy triggered
- Matching keywords
- Previous incidents
- Related alerts
Context is important because individual messages may appear harmless without surrounding conversation.
Investigation Workflow
A typical investigation includes:
- Open the alert.
- Review message details.
- Examine conversation context.
- Determine whether policy was actually violated.
- Assign a review outcome.
- Document findings.
- Close or escalate the case.
Possible Review Outcomes
Reviewers may classify alerts as:
- No violation
- Violation confirmed
- Needs escalation
- False positive
- Resolved
These outcomes help improve future policy effectiveness.
False Positives
Not every alert represents an actual violation.
Examples include:
- Educational discussions
- Medical terminology
- Technical documentation
- Quoted material
- Sarcasm
- Context misunderstood by automated analysis
Human review remains essential.
Improving Detection Accuracy
Organizations can improve policy effectiveness by:
- Updating keyword dictionaries
- Using machine learning classifiers
- Adjusting policy thresholds
- Creating separate policies for departments
- Reviewing false positives
- Refining monitored user groups
Who Reviews Violations?
Communication Compliance uses role-based access control.
Typical reviewers include:
- Compliance administrators
- Compliance officers
- Human Resources
- Legal teams
- Risk investigators
Only authorized personnel can review sensitive communications.
Privacy Considerations
Communication Compliance is designed with privacy controls.
Organizations can:
- Limit reviewer access
- Use pseudonymization (where supported)
- Restrict investigations
- Audit reviewer actions
- Follow regional privacy laws
Integration with Other Microsoft Security Solutions
Communication Compliance works alongside several Microsoft security solutions.
Microsoft Purview Insider Risk Management
Communication Compliance findings may support insider risk investigations involving suspicious employee behavior.
Microsoft Purview Data Loss Prevention (DLP)
DLP prevents unauthorized sharing of sensitive information, while Communication Compliance reviews the content and context of communications.
Microsoft Purview Information Protection
Sensitivity labels applied to documents help reviewers understand the sensitivity of shared information.
Microsoft Defender
Security incidents and user risk signals can complement Communication Compliance investigations.
Communication Compliance and Microsoft 365 Copilot
As organizations adopt Microsoft 365 Copilot, Communication Compliance remains important because users increasingly collaborate through Teams, Outlook, and other Microsoft 365 services that Copilot can reference based on existing permissions.
If inappropriate communications occur, Communication Compliance can:
- Detect policy violations
- Assist investigations
- Support regulatory compliance
- Help protect organizational reputation
- Complement broader Microsoft Purview governance capabilities
Best Practices
For the AB-900 exam, remember these best practices:
- Monitor communications using clearly defined policies.
- Review alerts promptly.
- Always investigate message context before making decisions.
- Use authorized reviewers only.
- Tune policies to reduce false positives.
- Protect employee privacy while maintaining compliance.
- Integrate Communication Compliance with broader Microsoft Purview governance.
AB-900 Exam Tips
Remember these key points:
- Communication Compliance monitors communications—it does not block them.
- Policy violations generate alerts, not automatic disciplinary actions.
- Human reviewers determine whether a true violation occurred.
- Context matters when reviewing communications.
- Communication Compliance supports compliance, legal, HR, and risk management teams.
- Alerts can detect harassment, discrimination, offensive language, regulatory violations, and sensitive information sharing.
- Communication Compliance works together with Insider Risk Management, DLP, Information Protection, and Microsoft Defender.
Practice Exam Questions
Question 1
What is the primary purpose of Microsoft Purview Communication Compliance?
A. Encrypt all Microsoft Teams messages
B. Detect and investigate communications that may violate organizational policies
C. Prevent users from sending emails
D. Back up Microsoft 365 communications
Correct Answer: B
Explanation: Communication Compliance monitors supported communications and generates alerts when messages match configured compliance policies.
Question 2
A Communication Compliance alert indicates that a Teams message matched a harassment policy. What should happen next?
A. The user account is automatically disabled.
B. The message is permanently deleted.
C. An authorized reviewer investigates the communication.
D. The policy is automatically removed.
Correct Answer: C
Explanation: Communication Compliance generates alerts for human review rather than taking automatic disciplinary actions.
Question 3
Which type of communication can Microsoft Purview Communication Compliance monitor?
A. BIOS startup messages
B. Local Windows Event Logs
C. Microsoft Teams chats
D. Printer configuration files
Correct Answer: C
Explanation: Teams chats are one of the primary communication sources monitored by Communication Compliance.
Question 4
Why is conversation context important when reviewing alerts?
A. It determines network bandwidth.
B. It identifies device drivers.
C. It encrypts communications.
D. It helps reviewers determine whether a message truly violates policy.
Correct Answer: D
Explanation: Individual messages may appear inappropriate when viewed alone but may be acceptable within the full conversation.
Question 5
Which activity is an example of a Communication Compliance policy violation?
A. Updating Windows patches
B. Sharing vacation schedules
C. Sending offensive or harassing messages to coworkers
D. Resetting a forgotten password
Correct Answer: C
Explanation: Offensive or harassing communications are common scenarios monitored by Communication Compliance.
Question 6
Who should review Communication Compliance alerts?
A. Any employee
B. Only authorized compliance reviewers
C. External customers
D. Guest users
Correct Answer: B
Explanation: Access to Communication Compliance investigations is limited through role-based access control.
Question 7
What is a false positive in Communication Compliance?
A. A communication incorrectly identified as violating policy
B. A deleted user account
C. An expired Microsoft 365 license
D. A successful malware scan
Correct Answer: A
Explanation: False positives occur when automated detection flags communications that are ultimately determined not to violate policy.
Question 8
Which Microsoft Purview solution focuses primarily on preventing sensitive information from leaving the organization?
A. Communication Compliance
B. Insider Risk Management
C. Data Loss Prevention (DLP)
D. Compliance Manager
Correct Answer: C
Explanation: DLP is designed to detect and prevent unauthorized sharing of sensitive information, while Communication Compliance focuses on reviewing communications.
Question 9
What does a Communication Compliance alert indicate?
A. A confirmed policy violation requiring disciplinary action
B. A communication matched a configured policy and should be reviewed
C. The user’s account has been compromised
D. Microsoft 365 licensing has expired
Correct Answer: B
Explanation: Alerts indicate potential policy matches that require investigation; they are not proof of wrongdoing.
Question 10
Which statement best describes Microsoft Purview Communication Compliance?
A. It replaces antivirus software.
B. It automatically blocks every risky message.
C. It permanently archives all Microsoft 365 files.
D. It helps organizations identify, investigate, and respond to inappropriate communications.
Correct Answer: D
Explanation: Communication Compliance helps organizations manage communication-related compliance risks through monitoring, alerting, investigation, and response.
Go to the AB-900 Exam Prep Hub main page
The Data Community 