--- name: Communication Compliance Coverage description: Assess Microsoft Purview Communication Compliance policy coverage, AI-interaction monitoring, match rates and escalation health in Microsoft 365. --- # Communication Compliance Coverage > **TL;DR:** This skill reads your Microsoft Purview Communication Compliance configuration to show which users, channels and AI interactions are monitored, how often policies match, and whether escalations are being actioned, so coverage gaps and unreviewed risks surface before they become incidents. ## What Microsoft Purview Communication Compliance covers Microsoft Purview Communication Compliance inspects messages across Microsoft 365 workloads, including Microsoft Teams chats, Exchange Online email, Viva Engage and connected third-party channels, to detect potentially inappropriate, risky or non-compliant communications. It can also monitor Microsoft 365 Copilot and other AI-interaction prompts and responses, helping organisations govern how staff use generative AI. Policies pair scoped users and reviewers with classifiers, sensitive information types and conditions, and they feed alerts into a review and escalation workflow. This skill reports on how completely those policies cover your people, your channels and your AI surface area. ## When should you run this skill? - "Which staff and groups are actually in scope for Communication Compliance policies?" - "Are we monitoring Microsoft 365 Copilot and AI prompt interactions for risky use?" - "How many policy matches are we generating, and how many are still unreviewed?" - "Are escalations being actioned, or are alerts piling up without a reviewer?" - "Do our policies cover Teams, Exchange and Viva Engage, or only email?" - "We are preparing for an audit and need evidence of communication monitoring coverage." - "Has anyone been left out of scope after a recent reorganisation or licence change?" ## How this skill works, step by step 1. Connect read-only to Microsoft Purview using the Security and Compliance PowerShell endpoint with delegated, least-privilege credentials. 2. Enumerate all Communication Compliance policies, their enabled state, scoped users and groups, and assigned reviewers. 3. Inspect each policy's conditions, classifiers, sensitive information types and the workloads it targets, including Teams, Exchange Online, Viva Engage and AI-interaction sources. 4. Identify whether Microsoft 365 Copilot and other AI-interaction monitoring is configured and which policies capture those prompts and responses. 5. Retrieve policy match and alert volumes over the reporting window and calculate match rates per policy and per workload. 6. Measure escalation health by counting alerts that are open, under review, resolved or escalated, and flag those with no assigned reviewer. 7. Compare scoped users against the organisation's active, licensed population to detect coverage gaps left by reorganisations or licence changes. 8. Derive a risk score weighting unmonitored workloads, missing AI-interaction coverage, unreviewed alert backlog and policies without reviewers. 9. Compile the findings into a prioritised report with remediation guidance. ## Output format The skill produces a coverage table followed by a summary of the headline risks. | Policy | Workloads monitored | AI interactions | Scoped users | Match rate | Unreviewed alerts | Risk | | --- | --- | --- | --- | --- | --- | --- | | Executive Conduct | Teams, Exchange | Not configured | 142 | 3.1% | 27 | High | | Copilot AI Usage | Copilot, Teams | Configured | 1,860 | 0.4% | 4 | Low | - High-risk findings: policies with no reviewer assigned, no AI-interaction coverage, or a growing unreviewed alert backlog. - Coverage gaps: active licensed users and workloads not captured by any policy. - AI monitoring status: whether Microsoft 365 Copilot prompts and responses are inspected. - Escalation health: counts of open, under-review, resolved and escalated alerts per policy. ## Scope and safety This skill is read-only by default and makes no changes to your tenant, policies, alerts or reviewer assignments. It only inspects configuration and reports findings. This skill does NOT: - Create, modify, enable or disable any Communication Compliance policy. - Resolve, escalate, dismiss or reassign alerts or review items. - Read or expose the content of monitored messages or AI interactions. - Alter scoped users, reviewers, classifiers or sensitive information types. ## Licensing and permissions ### Licences and add-ons | Capability used | Minimum licence | | --- | --- | | Communication Compliance policies and alerts | Microsoft 365 E5 or E5 Compliance (or Insider Risk Management add-on) | | Microsoft 365 Copilot and AI-interaction monitoring | Microsoft 365 E5 or E5 Compliance plus a Microsoft 365 Copilot licence | ### Least-privilege roles - Communication Compliance Viewers role group, for read-only access to policy configuration and reports. - Global Reader, for read-only visibility of tenant configuration and licence assignments. ### Microsoft Graph permissions (read-only) - Not applicable. Communication Compliance is administered through the Microsoft Purview portal and the Security and Compliance PowerShell endpoint (`Get-SupervisoryReviewPolicyV2` and related cmdlets), not Microsoft Graph. This skill connects read-only over Security and Compliance PowerShell with delegated, least-privilege credentials. ## Sources and compliance - [Microsoft Purview Communication Compliance](https://learn.microsoft.com/en-us/purview/communication-compliance) - [Communication Compliance policies](https://learn.microsoft.com/en-us/purview/communication-compliance-policies) - Supports Essential Eight monitoring and logging objectives by evidencing communication and AI-interaction oversight; aligns with ISM controls for event logging and personnel security monitoring. - [ASD Essential Eight Maturity Model](https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/essential-eight/essential-eight-maturity-model) - Output in Australian English.