7 min read

The Ultimate Guide to Microsoft Compliance Manager - What is Microsoft Compliance Manager?

Data privacy and information security is crucial to the success of any organization. At first glance, meeting compliance requirements may appear to be difficult or expensive for many organizations. Microsoft Compliance Manager may be the solution your organization needs to stay on top of your information security.

What is Microsoft Compliance Manager? 

 

Would you like to lower your monthly Microsoft licensing bill? Take advantage of Datalink Networks Free M365 Audit! We will identify unused/underused licenses, security threats and areas for improved efficiency. Our average client finds over 20% in savings!

 

Microsoft Compliance Manager is a comprehensive compliance management solution located within the Microsoft 365 compliance center. The compliance manager is a cross-Microsoft solution that helps meet complex compliance obligations, including: 

- ISO 27001

-ISO 27018

- NIST 800-53

-HIPAA

-Data Privacy

What does Microsoft Compliance Manager do?

 What does Microsoft Compliance Manager do?

Microsoft Compliance Manager helps you manage your organization's compliance needs including the inventory of data protection risks,  changes within your chosen regulation or certification, reporting to auditors, and more.  

Microsoft Compliance Manager measures your compliance through a centralized dashboard (shown above). Based on the compliance guidelines your organization is required or chooses to meet, this tool will collect information, identify issues, and confirm your progress. Microsoft Compliance Manager can also help simplify your compliance journey by offering: 

  • Pre-built assessments for common compliance standards 
  • Custom assessments to meet your organization's specific compliance needs 
  • Suggested improvements to reach compliancy 
  • The risk-based score for your organization to understand your current compliance posture. 

These specific offerings work together to build a complete and easy-to-use platform for your organization to become compliant and tighten data security. 

Core Elements of Microsoft Compliance Manager

Microsoft Compliance Manager is made up of four major elements that work together to detail your compliance journey 
Controls

This element details the requirements in the compliance standard your organization is trying to meet. It defines how you need to assess and manage configurations, processes, and people responsible for meeting the specified requirements. The Microsoft Compliance Manager helps track these controls and divides them up into two categories: Microsoft Managed Controls, or the ones that Microsoft is responsible for implementing, and shared controls, or control that your organization and Microsoft share responsibility for. The compliance manager assesses these controls by scanning your environment, and your activity status is updated daily. This means that once you implement a control to meet your compliance requirement, the status will update the following day. 

Assessments

Assessments are a grouping of controls from your specified compliance standard or regulation. These include everything within the controls element plus in-scope services and assessment scores. The in-scope services are a set of Microsoft services that apply to the assessment, and the score shows the progress made on addressing controls and achieving compliance. If you complete all the controls with a specific assessment, it will bring your Microsoft setting in line with the compliance standard initially selected.  

Templates

Assessments are built using templates, which can be prebuilt by Microsoft or customized to your organization's specific needs. You can choose which compliance standard your organization needs to meet. Microsoft has over 35 prebuilt templates, some of which are included and others that are premium. Some of the included templates are the Microsoft Data Protection Baseline, EU GDPR, ISO/IEC 27001:2013, and NIST 800-53, while some of the premium templates are SOC 1 and 2, PCI DSS, Privacy of Consumer Financial and Health Information Regulation, HIPAA/HITECH, FERPA, and Sarbanes-Oxley Act.  

Improvement Actions 

Improvement actions are the final main element of the Microsoft Compliance Manager. This feature centralizes your compliance activities and details what specific actions your organization needs to take to align you with the specified compliance regulations. These can be assigned to a specific user to complete and each improvement action can store documents, notes, and status updates within it. When an update is available for an improvement action, such as when there are regulatory changes, you will be notified via an improvement action that can either be accepted or deferred. Improvement actions directly impact and improve your compliance score.  

 

Understanding your Compliance Score

Microsoft Compliance Manager- Understanding Compliance Score

Within the Microsoft Compliance center, you can view your organization's compliance score. Your score starts with an initial score based on the Microsoft 365 data protection baseline, then additional points are added based on the standards of your selected compliance standard, such as NIST CSF or ISO 27001. 

This score is expressed as a percentage as well as points achieved out of total attainable points. These points are further broken down by customer-managed points achieved, which is based on actions that your organization took, and Microsoft-managed points achieved, which is based on actions that Microsoft took for you. At a first glance, these numbers will give you an idea of where you stand in relation to the compliance standard you are trying to meet.  

Who needs Microsoft Compliance Manager? 

In short, Microsoft Compliance Manager is for everyone. Whether your organization is required by law to meet compliance standards or your organization chooses to maintain regulatory compliance, Microsoft Compliance Manager can help you on your journey.  

Some of the most common compliance standards and industries are: 

  • HIPAA for health care organizations  
  • PCI-DSS for organizations that handle or process credit card information 
  • Sarbanes-Oxley or Gramm-Leach-Bliley for organizations that handle financial information 
  • CCPA for organizations processing information on California residents

     

    Regardless of whether or not your organization is required to meet a compliance standard, it is good practice for all organizations in order to keep data secure and costs low. 

How to Get Started with Microsoft Compliance Manager

 

Microsoft Compliance Manager is available to organizations that have Office 365 or Microsoft 365 licensing. To get started, you will need to have your organization's Global administrator sign into compliance manager and set up user permissions.

Compliance Manager uses role-based access controls permissions model, which means that only users that are assigned a role can access the tool and their actions are restricted by the role assigned to them. These roles include reader, contributor, assessor, and administration, which all hold different functions from read-only, to managing assessments and tenant data.  

Once roles are assigned and the templates are chosen, the real work can begin. View the dashboard to access your compliance score and improvement activities. Begin assigning or reassigning tasks to users, and enable automatic testing of improvement actions. As improvement actions are completed, you can manage the user history within that actions, such as documents uploaded, notes entered, and more. 

 

Need help getting started with Microsoft Compliance Manager or the Microsoft Security stack? Contact us today for a free consultation

Contact Datalink Networks

8 min read

AI in healthcare: How AI is revolutionizing healthcare with predictive analytics, personalized medicine, and disease detection

Artificial intelligence (AI) has been a buzzword in the tech industry for years, but it's not just limited to Siri and...

11 min read

Machine Learning (ML): The latest trends, developments, and applications of ML

Machine Learning (ML) has taken the technology world by storm. With its ability to analyze large amounts of data and...

4 min read

Managed Security Service Provider: Benefits For Your Business

In today's world, businesses face a multitude of security risks that threaten their operations, reputation, and bottom...