What is Compliance Manager?
Compliance Manager is a Microsoft Purview feature that evaluates and reports on tenant configuration, showing areas that need to be fixed to meet the standards or requirements of specific industries, regional areas, or accreditations. A collection of assessment templates for different industries, accreditations, regions and countries are available and used to check the configuration that should be applied. For example, configuration applicable to ISO 27001, UK Cyber Essentials, GDPR, and NIS2.
Compliance Manager is a comprehensive solution that simplifies the compliance journey, making it easier to understand where current tenant configuration drifts from the required configuration and enables manageable and controlled remediation to achieve alignment. Ongoing scoring, alerting, and ‘how to’ detail ensures the solution does more than just reporting.
Some of the key features of compliance manager are –
- ~375 pre-built assessments.
- Risk based compliance scores, updated daily.
- Improvement actions and ‘how to’ steps to remediate.
- Multicloud support covering M365, Microsoft Azure, AWS, and GCP.
For those interested in or needing to be accredited and align with industry standard regulations, Compliance Manager offers features that make this easier to report on and achieve.
What assessment templates are currently available?
There are currently ~375 templates available including –
- UK Cyber Essentials
- NIS2
- ISO (multiple)
- EU GDPR
- UK Data Protection Act
The complete list of compliance manager regulations are available here – Microsoft Purview Compliance Manager regulations list | Microsoft Learn
How much does it cost?
Compliance Manager is a premium feature and requires E5/A5 licensing. Licensing coverage is not on a per user basis, and therefore only a single E5/A5 license is required to provide access to the premium templates.
Licensing covers 3 x premium assessment templates. Additional templates are a further cost.
Example configuration
- Select ‘Compliance Manager’ from the Purview portal
- Select ‘Assessments’ from the left hand pane
- Select ‘Add assessment’
- Select the required ‘regulation’, for example ‘UK Cyber Essentials’
- Save and continue by selecting ‘Next’
- Enter a relevant name and use the default group or create a new group as required. Select ‘Next’ to continue
- Leave ‘Microsoft 365’ as the selected service (note – additional services can be added, for example AWS and GCP)
- Select ‘Next’ to continue
- Review the details and select ‘Create assessment’ to complete
The assessment will begin reporting on progress, improvement actions and the scoring controls relevant to the regulations. With this information, improvement actions can be viewed and actioned to increase the overall score and alignment to regulations.
Each improvement action displays the following –
- Owner
- Implementation status
- Test status
- Service
- Testing type
- Testing source
- Action details (including how to)
- Related controls
Each improvement action has detail to understand why it’s necessary, how to implement and monitoring of the status of implementation.
The ‘Launch Now’ hyperlink will take you directly to the relevant tenant configuration area.
The ‘Related Controls’ section details the reasoning behind the action from the regulation selected.
The assessment will continue to report on the status and the score is updated/assessed on a daily basis, enabling continuous improvement and reporting.
365Pete.blog 