Playbooks are organized collections of policies, automated rules that continuously detect, identify, and remediate misconfigurations and permissions issues in your Microsoft 365 environment. Policies define what should be monitored or enforced, while playbooks group related policies together for easier management, reporting, and alignment with key compliance or operational objectives.
Playbooks:
- allow you to stay compliant with the most critical regulations, standards, and guidelines or best practices such as GDPR, HIPAA, PCI, ISO, FISMA, SOX, NIST, and more.
- allow you to implement and enforce your organization’s unique internal policies alongside industry best practices.
How do Playbooks work?
Playbooks and policies access and visibility
Access points
Playbooks and policies are accessed through two distinct sections in the CoreView interface:
- Governance Center: allows you to monitor policy status, remediate issues, and track compliance trends for your tenant. Access and actions within the Governance Center are dependent on roles and permissions.
- Settings: accessible only to Tenant Admins and Playbook Admins (who have been assigned the correct permissions), this section is used for managing the Playbook Policy Library and create custom Playbooks and custom policies.
Role dependency and delegation
- Playbook roles define a user’s level of access and responsibility, specifying whether someone can create or modify policies, manage exceptions, run remediations, or simply view compliance data.
- Playbook delegation allows tenant admins to grant a delegated operator permission to view and remediate policies.
Out-of-the-box vs custom policies
Policies are divided into out-of-the-box and custom:
- Out-of-the-box policies are ready-made templates for common Microsoft 365 governance needs, enabling quick and easy deployment of best practices.
- Custom policies let organizations build tailored rules and workflows to address specific requirements not covered by default, providing flexibility and control. Custom policies can be created to trigger a response to events captured in Audit reports, in which case they are defined as “event-based” custom policies.
Manage and monitor Playbooks and policies
- Enable and run policies: enabling a policy executes the detection and validation phases, identifying matched items and managing exceptions if any exist. Once enabled, the policy continuously monitors for compliance and operational issues, updating reports with relevant findings.
- Enable and schedule remediation for both out-of-the-box and custom policies. Remediation involves different settings and actions, can be manual or automatic and can be monitored
- Manage exceptions: exceptions allow administrators to specify users, groups, or resources that should not have a particular policy applied. After detection, exceptions can be set directly from the policy box for both out-of-the-box and custom policies.
- Monitoring execution: provides visibility into the status and results of automated or manual policy runs, including which items were detected and which exceptions were applied.
- Thresholds: determine the values or limits that trigger a policy action or require attention. For example, a threshold could flag when the number of inactive licenses reaches a specified count.
- Clone policy: allows tenant and playbook admins to quickly duplicate both out-of-the-box and custom policies. When cloning, admins can customize the new policy and, for custom policies, even include remediation steps. The user cloning the policy becomes its new owner.