You can review audit report and compliance related information for Azure services from Microsoft

CHAPTER 9: Compliance in Microsoft 365

We will start things off by covering the Service Trust Portal and Compliance Manager. You'll learn what they are, how to access them, and what features they offer. We will then look at Compliance Center, where you’ll learn about what information it provides and how to access it.

Service Trust Portal and Compliance Manager

The Service Trust Portal and Compliance Manager are used for assessing compliance risk, protecting and governing information, and responding to regulatory requests.

Service Trust Portal

The Service Trust Portal is a web portal that provides all kinds of content and tools that pertain to Microsoft security, privacy, and compliance practices. The Service Trust Portal also features third-party audits of many of Microsoft’s online services, along with information on how Microsoft’s services can help you maintain and track compliance with laws, regulations, and other standards.

For example, the Service Trust Portal offers information on ISO compliance, service organization controls, and information on NIST compliance. You’ll also find information on GDPR and FedRAMP as well.

Compliance tools that you will find on the Service Trust Portal include Compliance Manager, Trust Documents, Regional Compliance, and Privacy. Compliance Manager is a dashboard that you can use to track standards, regulations, and assessments; while the Trust Documents area includes audit reports and other data protection information as it relates to Microsoft services. Regional Compliance information includes compliance information that is specific to your region, and the Privacy information that is available includes information about the capabilities of Microsoft services that can be used to address GDPR requirements.

The Service Trust Portal can be accessed by visiting this URL.

Compliance Manager

Compliance Manager is used to meet compliance obligations, such as GDPR, ISO, NIST, and HIPAA.

The three main capabilities that Compliance Manager provides include ongoing risk assessment, actionable insights, and simplified compliance. The ongoing risk assessment is essentially a summary of your organization’s compliance posture when measured against regulatory requirements that apply to your business. This information is provided in the context of using Microsoft cloud services. The compliance score that is provided on the dashboard can be used to help make compliance decisions.

Actionable insights offer information on the compliance responsibilities that are split between the customer and Microsoft. For components and services that are managed by the customer, the dashboard will present recommendations and instructions for implementing them.

To ensure simplified compliance, Compliance Manager offers built-in collaboration tools that can be used, to assign tasks to teams within your organization. You can also create audit ready reports that link out to evidence that you collect to demonstrate your compliance.

Microsoft Compliance Center

The Compliance Center is essentially a dashboard that’s designed for compliance, privacy, and risk management staff. You use this dashboard to assess your organization’s compliance risks through its integration with compliance manager. You also use Compliance Center to protect your data and to govern it. It’s the place to go if you want or need to respond to regulatory requests and to access other compliance and privacy solutions.

Due to its integration with Compliance Manager, you can use Microsoft Compliance Center to gain insights into your organization’s compliance posture as it relates to key standards and regulations like GDPR, ISO, and NIST. You can also perform risk assessments and follow guidance that’s provided in order to improve your privacy controls and compliance.

Microsoft Cloud Apps Security Insights, or MCAS, is available from the Compliance Center as well. You can use MCAS to do things like identify compliance risks across apps, monitor noncompliant employee behavior, and even identify shadow IT situations.

Once you’ve enabled the Microsoft Compliance Center for your tenants you can access it at this URL.

What You’ve Learned

Congratulations! You’ve reached the end of Compliance in Microsoft 365! Let’s review what you’ve learned.

In this chapter, we looked at a few key Microsoft 365 compliance tools. We started things off by covering the Service Trust Portal and Compliance Manager. You learned what they are, how to access them, and what features they offer. We then looked at Compliance Center, where you learned what information it provides and how to access it.

Prefer the PDF version? No problem.

Click here to download the full 89-page PDF version of this guide for just $2.99.

As an added BONUS, I've included 30 Microsoft 365 practice questions in the PDF version.

Prefer the full 3-hour online course? Click here to enroll in the full course.

Which of the given sources will provide audit and assessment report for the Microsoft 365 cloud services?

Where can you go to see what standards Microsoft is in compliance with in Azure?

Can we download the regulatory compliance report from the Azure Security Center?

Which Microsoft portal provides information about how Microsoft manages privacy compliance and security?