Microsoft 365 - Using Policy Groups to Manage User Account Policy Compliance
Policy compliance is an integral part of day-to-day business at UW-Madison, and many campus departments must comply with policies specific to the work they do or information they manage. Policy groups via Manifest provide departmental IT administrators with the ability to manage and report on policy compliance for their users in Office 365.
HIPAA: If you believe you or your university work may be influenced by HIPAA and you have questions about the use of policy groups within your organization, please contact your HIPAA Security Coordinator.
If you do not work within the guidelines of HIPAA and you are interested in using policy groups within your organization, please contact the DoIT Help Desk for more information.
Policy Compliance Reporting and Enforcement
Policy groups can be used by departmental IT administrators to run reports on user account policy compliance and to prevent the enabling of certain features in Office 365
Reporting on Policy Groups
Departmental IT staff may run reports of the IMAP, POP, ActiveSync, and Auto-Forwarding policy compliance for user accounts they've selected. Departmental IT administrators start the use of policy groups simply running reports in which they are able to view the state of their users' account compliance. These reports inform departmental IT staff so they may assist users to achieve policy compliance before and after account controls are enforced. Note: until additional steps are taken by the Office 365 Team and departmental IT administrators, no actual account controls are enforced.
Preventing the re-enabling of IMAP, POP, and ActiveSync protocols, and Preventing Auto-Forwarding
Users with account policy controls enforced cannot re-enable IMAP, POP, or ActiveSync protocols once disabled, and they cannot set up Auto-Forwarding of their email. Once a departmental IT administrator has run reports and is confident in their users' account policy compliance, they can request the Office 365 Team start the enforcement of the policy controls. Users whose accounts are controlled must work with departmental IT staff to modify these options if an exception is required.
If you or your departmental IT administrators are currently working with the UW-Madison Office 365 Team to implement the use of policy groups in your department, please follow the steps and linked documentation below.
Start by creating your policy group structure in Manifest: Microsoft 365 - Creating and Managing Policy Groups (Departmental IT)
Next, run user account compliance reports on the users in your policy groups and follow up with them to address non-compliance, as needed: Microsoft 365 - Reporting on User Policy Compliance via Policy Groups (Departmental IT)
Once your user accounts are in a compliant state, work with UW-Madison's Office 365 Team to begin enforcing the policy controls: Microsoft 365 - Enforcing User Account Policy Compliance via Policy Groups (Departmental IT)