On the 22nd of September the Microsoft 365 Compliance Manager came into General Availability. Available in the Compliance Portal, the Compliance Manager helps organizations with Microsoft 365 to gain control over their compliance and risk state. In this post, we’ll look at some of the features available in the Compliance Manager.
The first think you’ll notice when opening the tool, is the Compliance Score rating. This rating which is based on a range of both Microsoft and Organizational controls, gives a quick metric of the compliance performance in the organization.
Like the traditional Secure Score, this score is relative to Microsoft 365 but may not reflect the overall security posture of the organization. For example, you can gain 27 points by implementing a spam filter, however, Microsoft’s tools will not be aware of a third party spam filter that sits in front of Exchange Online. Note: Automated tests are not available for all actions so it’s important to manually review them. We can enable automated testing on all or a subset of actions in the Compliance Manager Settings.
When we open a particular action, we can see associated regulatory requirements, details on how to go about implementing the action and any uploaded supporting documentation and notes detailed by the actions owner.
From the action itself, we can edit the status to assign someone to update and/or add the detail ourselves.
Once updated ,if completed this will adjust our Compliance Score appropriately.
From the solutions page in Compliance Manager, we can see how the different tools can help us to address our open actions. We can even open the relevant tool directly from this page allowing quick navigation and resolution.
Finally we can create assessments based on existing or custom templates such as EU GDPR assessment to group controls and actions to reach compliance with particular standards.
We can track progress against these assessments separately to our overall Compliance Score and also view any associated controls/actions.
The Compliance Manager brings some really powerful functionality to Microsoft 365 and as more automations for testing become available will help to simply what can be a tedious process to move towards compliance with various standards.
While in Compliance Manager, it’s also worth looking at some of the other great tools in the Microsoft 365 Compliance Portal as it gains more and more functionality and separates itself from the legacy Security and Compliance Portal.