Office 365 Security & Compliance Center


Applies to: Exchange Online, SharePoint Online

Topic Last Modified: 2016-05-27

Graphic explaining that content has moved from TechNet to SOC. Bookmarks still work (there's automatic redirection), and there are links below too.


Help withDescriptionGo to

The Security & Compliance Center

Get details and access to the Security & Compliance Center.

Read an Overview or find out how to Go to the Office 365 Security & Compliance Center.


Use the Archive page to enable or disable users’ archive mailboxes, which provide users with an alternate storage location for historical messaging data. When archive mailboxes are enabled, an archive policy will automatically move messages from a user’s primary mailbox to their archive mailbox after a specified period. The default archive policy that is assigned to mailboxes moves messages to the archive mailbox two years after the date a message is delivered to the mailbox.

Enable archive mailboxes in the Office 365 Security & Compliance Center

Data loss prevention

Use the Data loss prevention page to create DLP polices that help you protect sensitive information and prevent its inadvertent disclosure. Examples of sensitive information that you might want to prevent from leaking outside your organization include financial data or personally identifiable information (PII) such as credit card numbers, social security numbers, or health records. With a data loss prevention (DLP) policy, you can identify, monitor, and automatically protect sensitive information across Office 365.

Overview of data loss prevention policies

Device management

Use the Device management page to manage and secure mobile devices that connect to your Office 365 organization. Mobile devices like smartphones and tablets let people access their work email, calendar, contacts, and documents anytime, from anywhere. To protect your organization's information, you can use built-in Mobile Device Management for Office 365 to set device security policies and access rules, and to wipe mobile devices if they’re lost or stolen.

Overview of Mobile Device Management for Office 365


Use the eDiscovery page to manage your organization’s eDiscovery cases, which you can use to identify, hold, search, and export content found in Exchange mailboxes and SharePoint sites. An eDiscovery case allows you to add members to a case, control what types of actions that specific case members can perform, place a hold on content locations relevant to a legal case, and associate multiple compliance searches with a single case. You can also export the results of any compliance search that is associated with a case. eDiscovery cases are a good way to limit who has access to Content Searches and search results for a specific legal case in your organization.

You can also use the eDiscovery page to access Office 365 Advanced eDiscovery, which provides advanced eDiscovery capabilities that help you analyze large, unstructured data sets and reduce the amount of data that's most relevant to a legal case. Advanced eDiscovery requires an Office 365 E5 subscription for your organization. For more information, see Office 365 Advanced eDiscovery.

Manage eDiscovery cases in the Office 365 Security & Compliance Center


Use the Import page to import PST files to Exchange Online mailboxes or import data files to your SharePoint Online organization. For both types of files, you can upload the files over the network or copy them to a hard drive and then ship the drive to a Microsoft datacenter, where the data will be imported to Office 365.

Import PST files or SharePoint data to Office 365


Use the Permissions page to give users access to the compliance features that are available within the Compliance Center. Permissions in the Security & Compliance Center are based on the same Role Based Access Control (RBAC) permissions model that is used in Exchange Online. However, the role group membership from Exchange Online isn’t shared with the Security & Compliance Center. To access the Security & Compliance Center, users need to be a member of one or more Compliance Center role groups that are listed on the Permissions page.

Permissions in the Office 365 Security & Compliance Center

Give users access to the Office 365 Security & Compliance Center


Use the Retention page to manage the lifecycle of email and documents by keeping the content you need and removing content after it’s no longer required. While your organization may be required to retain content for a period of time because of compliance, legal, or other business requirements, keeping content longer than required might create unnecessary legal risk. These retention features let you manage how long your organization retains content.

  • Retention tags and policies   Use to manage the email lifecycle by archiving or deleting messages that are older than a specified period. In Exchange Online, a default retention policy is assigned to a mailbox when it’s created.

  • Document deletion policies   Use to delete documents located in SharePoint Online site collections after a specific period of time. You can enforce a single mandatory policy on all site collections created from the same site collection template or you can allow site owners to choose from several policies that you centrally create and manage. You can also allow site owners to opt out altogether if they decide a policy doesn’t apply to their content.

  • Preservation policies   Use to preserve content in mailboxes, public folders, and sites in your organization. You can set up preservation policies to preserve the content indefinitely, until you remove the policy, or for a specific period of time. You can also specify a date range and keywords to narrow down the content that’s preserved. Preserved content remains in-place, where it is currently located, so people can continue to work with the content. If the content is modified or deleted, a copy is saved to a secure location.

Retention in the Office 365 Security & Compliance Center


Use the Content search page to search mailboxes, SharePoint Online sites, and OneDrive for Business locations in your Office 365 organization. Content Search is a new eDiscovery search tool with new and improved scaling and performance capabilities. Use Content Search to run very large eDiscovery searches. You can search all mailboxes, all SharePoint Online sites, and OneDrive for Business locations in a single Content Search. There are no limits on the number of mailboxes and sites that you can search. There are also no limits on the number of searches that can run at the same time. After you run a Content Search, the number of content sources and an estimated number of search results are displayed in the details pane on the Content Search page, where you can preview the results.

Run a Content Search in the Office 365 Security & Compliance Center