Level up with Data Compliance

20 February 2025

Today, data compliance isn’t just a box-ticking exercise, it’s a cornerstone of trust and legality in New Zealand. Ensuring the protection of personal information is a necessary requirement, not just for maintaining public confidence but also for meeting stringent legal criteria.

For organiations, this means managing data with a high degree of responsibility, safeguarding privacy at every turn, and steering clear of hefty penalties. It’s about building a robust framework that respects individuals’ privacy while navigating the complex landscape of data regulations.

5 Conditions for Efficient Data

Reducing Storage Requirements

It's a no brainer – Minimising storage means reduced costs and improved performance. Implementing data deduplication and archiving strategies can significantly cut down on unnecessary data storage.

Clean Data for Accurate Metrics

Clean data is the backbone of reliable analytics. With accurate and consistent data accuracy you can access meaningful insights and metrics, vital for informed decision-making.

Single Source of Truth

This is about creating a seamless flow of information that everyone in the organisation can rely on, ensuring decisions are made with the most accurate data available.

Ethical and Environmental Considerations

Responsible data management also involves ethical handling of data and considering the environmental impact of data storage. Adopting green data practices, such as using energy-efficient data centers, contributes to sustainability.

Security and Compliance

Implementing strong security measures, such as data classification, access controls, encryption, and regular updates, is crucial for protecting data and ensuring compliance.

Secure your organisation with Microsoft

Let's dive deeper into Security and compliance, and the tools available in the Microsoft arsenal to help you maintain a secure, compliant, and efficient operational environment.

Restricted SharePoint Search

This feature in Microsoft 365 is designed to help SharePoint administrators manage and secure their organisation’s data.

Administrators can create an “allowed list” of SharePoint sites that are for all user access. This helps prevent sensitive or irrelevant information (e.g., employee salary files) from appearing in organisation-wide search results and through Copilot.

When enabled, only sites and content that users have permission to access will appear in search results or within sites themselves. This ensures that users only see appropriate, role related and secure content.

Even with Restricted SharePoint Search enabled, users can still interact with files and content they own or have accessed before. It’s all about keeping things secure without sacrificing convenience, although can mean less available information for Copilot to pull from, affecting the depth of its responses.

Data Security
By limiting search results to approved sites, businesses can prevent sensitive or irrelevant information from being exposed to unauthorised users.

Compliance
Ensures only compliant and reviewed content is accessible, supporting regulatory requirements and internal policies.

Efficiency
Users find relevant information faster, improving productivity and reducing the risk of data breaches.

Restricted Search SET UP GUIDE

Conditional Access

A feature in Microsoft Entra ID designed to help administrators manage and secure access to their organisation’s resources.

Policies can be created that control access based on various conditions, such as user location, device, and risk level. This helps ensure that only authorised users can access sensitive information and applications.

Conditional Access Policies enforce specific actions, like enforcing multi-factor authentication (MFA) or changing access requirements at untrusted locations (e.g., airports). This ensures that users only access resources in a secure and compliant manner.

With Conditional Access enabled, users can still access resources they are authorised for, but with added security measures in place. It’s all about balancing security and convenience and ensuring robust protection without hindering productivity.

Data Security
By enforcing access controls based on conditions, businesses can prevent unauthorised access to sensitive information.

Compliance
Ensures that access to resources complies with regulatory requirements and internal policies, supporting data governance and legal obligations.

Efficiency
Users can securely access resources from anywhere, and from most devices, improving productivity while reducing the risk of unauthorised access.

Conditional access SET UP GUIDE

Set up guides

Restricted Search

Conditional Access

Set Up Conditional Access Policies

Creating Conditional Access policies helps you manage and secure access to your organisation’s resources. Here’s a step-by-step guide to get you started in Microsoft Entra ID

Step 1. Administrator Access

Sign in to the Microsoft Entra admin center with your admin credentials.
From the left-hand menu Navigate to Security > Click on Conditional Access.

Step 2. Create a New Policy

Click on + New policy to start creating a new Conditional Access policy.

Step 3. Configure Assignments

Select Users and Groups / Choose the users and groups to which this policy will apply. For example, you might include all employees but exclude the IT admin group.

Choose Cloud Apps or Actions / Select the cloud apps or actions that the policy will target. For instance, you might target Microsoft Teams and Outlook.

Step 4. Set Conditions

Risk Level / Apply the policy based on the risk level of the sign-in attempt. For example, require MFA for high-risk sign-ins.

Device Platforms / Target specific device platforms like iOS, Android, Windows, etc. For example, apply the policy only to Android devices.

Location / Apply the policy based on the geographic location or IP address of the sign-in attempt. For instance, enforce stricter controls for sign-ins from outside New Zealand.

Client Apps / Specify the types of client apps (e.g., browser, mobile apps) that the policy will affect. For example, apply the policy to all mobile apps.

Step 5. Configure Access Controls

Grant Controls / Choose the controls that must be satisfied to grant access. For example, require multi-factor authentication (MFA) or a compliant device.

Session Controls / Configure session controls to manage user access during a session, such as limiting the duration of the session or requiring reauthentication.

Step 6. Enable the Policy

Review your settings and enable the policy. It’s a good practice to test the policy with a small group of users before rolling it out organisation-wide.

Step 7. Monitor and Adjust

After enabling the policy, monitor its impact and make adjustments as necessary. You can view reports and logs to see how the policy is being applied and ensure it meets your security requirements.

Together, these tools help businesses protect their data, comply with regulations, and maintain efficient and secure operations.

Want to get ahead with policy based protection? Contact [email protected] to discuss how your business can improve from better data management practices.

Back to Articles

Share this Article

Level up with Data Compliance

5 Conditions for Efficient Data

Reducing Storage Requirements

Clean Data for Accurate Metrics

Single Source of Truth

Ethical and Environmental Considerations

Security and Compliance

Secure your organisation with Microsoft

Restricted SharePoint Search

Conditional Access

Set up guides

Set up Restricted Search

Set Up Conditional Access Policies

Other Recent Articles

Are AI Devices Worth the Hype?

The journey to native cloud

Announcing the Acquisition of The Laptop Company

Future Resilience Starts with Technology

Sustainable Data Management