Compliance requirements at times can be quite complex to interpret; extremely manual; difficult to adequately track and thus act upon; and costly. Do you know that there are an average 201 updates per day from 750 regulatory bodies all over the world ? Research shows that 65% of firms ranked “design and implementation of internal processes” the biggest hurdle of GDPR . We know achieving organizational compliance could be very challenging. It is hard to stay up-to-date with all the regulations that matter to your organization, and to define and implement controls with limited in-house capability.

Want to manage your compliance from one spot?

Microsoft has announced a new compliance solution to help your organization to meet data protection and regulatory standards more easily when using Microsoft cloud services – Compliance Manager will enable you to manage it from one place. You can sign up for the preview program today.

3 Key Aspects That Compliance Manager Helps With

  • Enables you to perform real-time risk assessment on Microsoft cloud services
  • Provides actionable insights to improve your data protection capabilities
  • Simplifies compliance processes through built-in control management and audit-ready reporting tools


Here’s a breakdown on what It Does

The Real-time Risk Assessment

Compliance Manager provides a summarized dashboard showing your compliance posture against the data protection regulatory requirements that matter to you when using Microsoft cloud services. In each control framework, you can get a compliance score that reflects your real-time compliance posture and helps you to make real-time risk assessments.


Take Action With Actionable Insights

You can get rich insights into Microsoft’s and your responsibility to meet compliance standards. For each Microsoft-managed control, you can see the control implementation and testing details, test date and results. For the controls you manage, you will receive recommended actions with step-by-step guidance for implementation and testing. This tool will help you better understand how to use the Microsoft cloud features to efficiently implement the controls managed by you.

Simplified Compliance

It also helps you to simplify your compiance process by providing the control management tool for you to assign tasks and collaborate across teams more efficiently. You can generate audit-ready reports with evidence in a few clicks, reducing the need to manually collect information across multiple teams. This tool will help compliance / security / privacy officers, and risk assessors to perform proactive pre-assessment and get ready for the audits.

Compliance Manager available for public preview this November 2017. To get notification when the public preview is available, sign up for the preview program here.

Check out this video to learn more about how Microsoft can help you with GDPR compliance.

Top 10 FAQs

1. What cloud services are covered by the Compliance Manager?

Compliance Manager will be available for Office 365, Dynamics 365 and Azure. As Microsoft continues to grow their cloud services, they will also expand the scope of the dashboard to include them as well. Compliance Manager will not yet be available in Microsoft’s unique clouds for China, Germany and Azure Gov/GGC High and DoD.

2. Does showing a score in Compliance Manager indicate that Microsoft is an expert?

The compliance score does not express an absolute measure of how compliant you are. It expresses the extent to which you have implemented controls, which can support data protection and compliance. No service can guarantee that you will be fully compliant, and the “compliance score” should not be interpreted as a guarantee in any way.

3. What compliance offerings, in terms of regulations, come with the Compliance Manager?

Microsoft target to cover GDPR, NIST and ISO standards when Compliance Manager is released.

4. Will I be able to use it for on premise services?

The current version of the dashboard will focus on tracking, implementing, and monitoring data protection and compliance on Microsoft cloud services.

5. How is the compliance score calculated?

The score is based on the operating effectiveness of Microsoft controls and the customer controls you manage. Different controls have different levels of risk. They assign a weightage to each control based on the level of risk involved due to control failure. For example, if a control around providing information security awareness training is not fulfilled, it will create a risk to your data protection and compliance goals. However, this risk is not as great a risk as if your logical access control fails. Therefore, logical access controls will have bigger weightages in calculating compliance score than controls like security awareness training and will have bigger impact on the score. The end goal of providing you a score is to help you with your risk management decisions.

6. How does the “Compliance Score” differ from “Secure Score”?

Secure score is a security analytics tool to help organizations better understand their security posture  in Office 365, while the compliance score provides a broader view of an organization’s data protection and compliance posture in the Microsoft cloud services – Azure, Dynamics 365, and Office 365. The compliance score and secure score can be associated in that compliance score is calculated across large superset of data protection and compliance controls; whereas secure score is focused on subset of configurable security controls.

7. Does a high or perfect score mean that I am fully compliant?

The score does not express an absolute measure of how compliant you are. It helps you understand whether you have successfully implemented your controls and if Microsoft controls are compliant. Beyond Microsoft-managed controls’ contribution to the score, a high score indicates that you have implemented more controls and that you have ascertained that the implementation is successful. This supports your goal towards being on track to be compliant.

8. If there are changes in regulations and / or regulation requirements, do I get an alert and is it reflected in my score?

If any changes in regulations necessitates changes into controls that support those regulations, Microsoft will update those controls and send you a notification if you subscribed to alerts for Compliance Manager. Any changes in the status of Microsoft managed controls will be reflected in your overall compliance score within 24 hours. Any changes in the status of controls managed by you will be reflected in real time in your overall score.

9. How do I get the preview?

Microsoft 365, Azure, and Dynamic 365 users (including trial users) will have access to the public preview version in November 2017.  To get notification when it’s available, you can sign up for the preview program here.

10. What does it cost?

As of now the preview version itself will be free for Microsoft 365, Azure, and Dynamics 365 users. Microsoft is still assessing the nature of the final licensing and will provide more information when closer to general availability in 2018.

Note: Compliance Manager Preview is a dashboard that provides a summary of your data protection and compliance stature and recommendations to improve data protection and compliance. This is a recommendation, it is up to you to evaluate its effectiveness in your regulatory environment prior to implementation. Recommendations from Compliance Manager Preview should not be interpreted as a guarantee of compliance.

Was this article helpful?