Configure supervisory review policies for your organization

By defining a supervisory review policy, you can capture employee communications for examination by internal or external reviewers.

Follow the steps in this topic to implement Supervisory review in your organization:

  • Set up groups for Supervisory review. Before you start using Supervisory review, determine who will have their communication reviewed, and who will perform those reviews. If you want to get started with just a few individuals to see how Supervisory review works, you can skip setting up groups for now.

  • Make Supervisory review available in your organization. Add the supervisory review role for yourself so you can set up policies. Anyone who has this role assigned can find Supervisory review in the Office 365 Security & Compliance Center menu.

  • Set up a supervisory review policy in the Security & Compliance Center. These policies define which communications are subject to review in your organization, and specifies who should perform reviews.

  • Install the supervisory review Outlook app for reviewers. This gives reviewers access the Supervisory Review folder in Outlook so they can assess and categorize each item.

Note: Currently, Supervisory review only captures communication via email.

Supervisory review report Run the Supervisory review report to check the review process is working well for your organization.

Set up groups for Supervisory review

By creating a supervisory review policy, you can determine who will have their communication reviewed, and who will perform those reviews. In a policy, you use email addresses to identify individuals or groups of people. It can simplify your setup if you create groups of people that are reviewers, and groups of people who will have their communication reviewed. If you’re using groups, you might need several—for example, if you want to monitor communication between two distinct groups of people, or if you want to specify a group that isn’t going to be supervised. See the example below to see how this works. To supervise communications between or within groups in your organization, set up distribution groups in the Exchange Admin Center. To do this, in the Exchange Admin Center, click recipients, and then click groups. For more information about setting up distribution groups, see Manage distribution groups.

Note: You can also use dynamic distribution groups or security groups for Supervisory review if you prefer. To help you decide if these better fit your organization needs, see Manage mail-enabled security groups, and Manage dynamic distribution groups.

Example distribution groups

This example includes a distribution group that has been set up for a financial organization called Contoso Financial International.

In Contoso Financial International, a sampling of communications between brokers in the United States must be supervised. However, compliance officers within that group do not require supervision. For this example, we can create the following groups:

Set up this distribution group

Group address (alias)

Description

All US brokers

US_Brokers@Contoso.com

This group includes email addresses for all US-based brokers who work for Contoso.

All US compliance officers

US_Compliance@Contoso.com

This group includes email addresses for all US-based compliance officers who work for Contoso. Because this group is a subset of all US-based brokers, you can use this alias to exempt compliance officers from a supervisory review policy.

The Set up a supervisory review policy section describes how you can use these groups when you configure the policy.

Make Supervisory review available in your organization

To make Supervisory review available as a menu option in the Security & Compliance Center, create or update a role group to include the Supervisory Review Administrator role.

To do this, go to https://protection.office.com. Then, sign in to Office 365 using the credentials for an administrator account in your Office 365 organization. You're now in the Security & Compliance Center. Next, in the left-hand navigation, click Permissions.

If you already have a role group set up that only includes those who will be supervisory review administrators in your organization, you can update that role group. Otherwise, create a new role group.

Update an existing role group

  1. Select the role group you want to update. Click the edit icon.

  2. In the Roles section, click Add (+) and scroll down to Supervisory Review Administrator. Add this role to the role group.

  3. Check the other details for the role group including the Members; once you save this change, all the members of this role group can access Supervisory review for your organization.

Add a new role group

If none of the existing role groups have the right membership for supervisory review administrators:

  1. Click Add (+) to add a new role group and enter the name and description you want to use for this group.

  2. In the Roles section, click Add (+) and scroll down to Supervisory Review Administrator. Add this role to the role group.

  3. In the Members section, add email addresses for each supervisory review administrator. Once you save this change, all the members of this role group can access Supervisory review for your organization.

For more information about role groups and permissions, see Permissions in the Office 365 Compliance Center.

Set up a supervisory review policy

To create a supervisory review policy, go to https://protection.office.com. Then, sign in to Office 365 using the credentials for an administrator account in your Office 365 organization. Next, in the left-hand navigation click Search & investigation, and then click Supervisory review. To create a new supervisory review policy, click the plus symbol (+) as shown in the following screenshot.

Shows the Office 365 Security & Compliance Center menu with Supervisory review selected. Click "+" to add a policy.

Follow the wizard to set up each aspect of the policy. Click Next to progress through the wizard.

Policy name and description

Enter a name and a description for your policy. For example, "All US Brokers."

Whose communications do you want to review?

Choose which user or group communications to supervise:

  • In the first section of the screen, enter email addresses or distribution groups to identify those you want to include in the policy.

  • If you entered an email distribution group for this policy, you can use the second section of the screen to enter the email addresses of users or groups that are exempt from supervision under this policy. For example, compliance officers who belong to the brokers alias might be exempt from supervision under this policy.

Using the example for Contoso US brokers, we would enter US_Brokers@Contoso.com in the first section of the screen and US_Compliance@Contoso.com in the second section as shown in the following screen shot.

Shows how to add a group and exclude a group in supervisory review.

Which communications do you want to review?

If you want to review all communications for the groups or individuals you specified, you don’t need to add any conditions. If no conditions are needed for this policy, click Next to skip this screen. Otherwise, choose conditions that identify which communications you want to review. For example, you might want to review communications that contain an attachment over a certain size limit, or messages that contain certain words or phrases. You can specify one or more conditions.

To add a condition to the policy, click the down arrow to display the list of conditions as shown in the following screen shot:

Shows a list of all the conditions you can apply to a supervisory review policy including message size and words contained in the message.

Click the condition you want to add. You can add as many or as few conditions as you like. If you don’t add a given condition, such as direction, all directions will be matched. You can also enter exceptions. The following table explains how to set up each condition.

Condition

How to use this condition

Direction is

Select Inbound if you want to review communications that are sent to the supervisory group.

Select Outbound if you want to review communications that are sent from the supervisory group to individuals outside of the group.

Select Within if you want to review communications sent between members of the supervisory group that you defined for this policy.

Message contains words

To apply the policy when certain words or phrases are included in a message, enter each word or phrase on a separate line. Each line of words you enter will be applied separately (only one of these lines must apply for the policy to apply to the message). For more information about entering words or phrases, see the next section Matching words and phrases to emails or attachments.

Any attachment contains words

To apply the policy when certain words or phrases are included in a message attachment (such as a Word document), enter each word or phrase on a separate line. Each line of words you enter will be applied separately (only one line must apply for the policy to apply to the attachment). For more information about entering words or phrases, see the next section Matching words and phrases to emails or attachments.

Any attachment has the extension

Enter file extensions such as .exe or .pdf if you want to supervise communications that include attachments with these file extensions. If you want to include multiple file extensions in this policy, enter these on separate lines. Only one attachment extension needs to match for the policy to apply.

Message size is larger than

To review messages over a certain size, specify the maximum size a message can be before it is subject to review. For example, if you specify 1.0 MB, all messages 1.01 MB and over will be subject to review. You can choose bytes, kilobytes, megabytes, or gigabytes for this condition.

Any attachment is larger than

To review messages that have attachments over a certain size, specify the maximum size an attachment can be before the message and its attachments are subject to review. For example, if you specify 2.0 MB, all messages with attachments 2.01 MB and over will be subject to review. You can choose bytes, kilobytes, megabytes, or gigabytes for this condition.

Matching words and phrases to emails or attachments

Each line of words you enter will be applied separately (only one line must apply for the policy condition to apply to the email or attachment). This example uses the condition, Message contains words, as shown in the following screen shot.

Shows the use of Message contains words. On line one, "banker", on line two, "insider trading", on line three "profit NEAR(4) guaranteed".

In this example, the policy applies to any messages that include the word "banker", or the phrase "insider trading". The policy also applies to any message that includes the word "profit" when it appears within four words of the word "guaranteed". Only one of these words or phrases must occur for this policy condition to apply. Words in the message or attachment must exactly match the way you enter them here.

Entering multiple conditions

If you enter multiple conditions, Office 365 uses all the conditions together to determine when to apply the policy to communication items. When you set up multiple conditions, they must all be met for the policy to apply, unless you enter an exception. This example shows a policy will apply if a message contains the word "trade", and is larger than 2MB. However, if the message also contains the words "Approved by Contoso financial", the policy does not apply, as shown in the following screen shot.

Shows a policy with multiple conditions that must all apply and a single exception.

When you have finished entering conditions, click Next.

What percentage of this content should be reviewed?

For communications that meet the conditions you entered, specify the percentage of communications for review. If you want reviewers to review all items, enter 100%. If you want to review a sample of items that meet policy conditions, enter a different percentage. Click Next to continue.

Who should review this content?

Specify who will review communications. Choose the email address for each reviewer, or use groups. You can include email addresses for internal reviewers or external reviewers. Click Next to continue.

Save your supervisory review policy

Once you've completed all sections of the supervisory review policy, click Finish to save your policy. It might take a few hours for the policy to start capturing email communication according to your settings. Supervisory review delivers all email for review into a shared folder that reviewers can access from Outlook.

Install the supervisory review Outlook app for reviewers

To review communication, each reviewer needs the supervisory review Outlook app. You can add the app for multiple users, or each reviewer can install the app themselves.

To add the app for multiple users enter the following PowerShell command:

New-App -OrganizationApp -Url https://supervisoryreview.blob.core.windows.net/app/manifest.xml -ProvidedTo SpecificUsers -UserList "user1","user2","user3","user4","user5" -DefaultStateForUser Enabled

Replace each user listed in the command with the email address for each reviewer, or enter the group email address(es) that you’re using for reviewers. For example, you could enter the distribution group US_Compliance@Contoso.com which represents all the reviewers at Contoso. For more details about using this PowerShell command, see the second example in the topic, New-App.

Review communication identified by a supervisory review policy using Outlook

Reviewers can find and review communication directly in Outlook. Outlook organizes communication into folders that correspond to each supervisory review policy. After you install the supervisory review app, open Outlook and any communications identified for review appear in a folder called Supervisory Review. Under Folders, click More as depicted in the following screen shot.

Shows where to click More in the left pane.


When you click More, the Supervisory Review folder displays as depicted in the following screen shot. Click Supervisory Review to see a list of active policies. Each communication is categorized by policy.

Shows Outlook and where to click the Supervisory Review folder in the left pane.


For each policy listed under Supervisory Review, open and categorize the communication using the supervisory review Outlook app.

Share Facebook Facebook Twitter Twitter Email Email

Was this information helpful?

Great! Any other feedback?

How can we improve it?

Thank you for your feedback!

×