Microsoft Purview Compliance Manager
Tip
If you're not an E5 customer, use the 90-day Microsoft Purview solutions trial to explore how additional Purview capabilities can help your organization manage data security and compliance needs. Start now at the Microsoft Purview trials hub. Learn details about signing up and trial terms.
What is Compliance Manager?
Microsoft Purview Compliance Manager is a solution that helps you automatically assess and manage compliance across your multicloud environment. Compliance Manager can help you throughout your compliance journey, from taking inventory of your data protection risks to managing the complexities of implementing controls, staying current with regulations and certifications, and reporting to auditors.
Watch the video below to learn how Compliance Manager can help simplify how your organization manages compliance:
Compliance Manager helps simplify compliance and reduce risk by providing:
Pre-built assessments for common industry and regional standards and regulations, or custom assessments to meet your unique compliance needs (available assessments depend on your licensing agreement; learn more).
Workflow capabilities to help you efficiently complete your risk assessments through a single tool.
Detailed step-by-step guidance on suggested improvement actions to help you comply with the standards and regulations that are most relevant for your organization. For actions that are managed by Microsoft, you’ll see implementation details and audit results.
A risk-based compliance score to help you understand your compliance posture by measuring your progress in completing improvement actions.
The Compliance Manager overview page shows your current compliance score, helps you see what needs attention, and guides you to key improvement actions.
Understanding your compliance score
Compliance Manager awards you points for completing improvement actions taken to comply with a regulation, standard, or policy, and combines those points into an overall compliance score. Each action has a different impact on your score depending on the potential risks involved. Your compliance score can help prioritize which action to focus on to improve your overall compliance posture. Compliance Manager gives you an initial score based on the Microsoft 365 data protection baseline. This baseline is a set of controls that includes key regulations and standards for data protection and general data governance.
Learn more
Key elements: controls, assessments, regulations, improvement actions
Compliance Manager uses several data elements to help you manage your compliance activities. As you use Compliance Manager to assign, test, and monitor compliance activities, it’s helpful to have a basic understanding of the key elements: controls, assessments, regulations, and improvement actions.
Be sure to check out the Compliance Manager glossary of terms.
Controls
A control is a requirement of a regulation, standard, or policy. It defines how you assess and manage system configuration, organizational process, and people responsible for meeting a specific requirement of a regulation, standard, or policy. Compliance Manager tracks the following types of controls:
- Microsoft managed controls: controls for Microsoft cloud services, which Microsoft is responsible for implementing
- Your controls: sometimes referred to as customer managed controls, these are controls implemented and managed by your organization
- Shared controls: these are controls that both your organization and Microsoft share responsibility for implementing
Learn more about monitoring control progress.
Assessments
An assessment is grouping of controls from a specific regulation, standard, or policy. Completing the actions within an assessment help you meet the requirements of a standard, regulation, or law. For example, you may have an assessment that, when you complete all actions within it, helps to bring your Microsoft 365 settings in line with ISO 27001 requirements. Assessments have several components:
- In-scope services: the specific set of Microsoft services applicable to the assessment
- Microsoft managed controls: controls for Microsoft cloud services, which Microsoft implements on your behalf
- Your controls: sometimes referred to as customer managed controls, these are controls implemented and managed by your organization
- Shared controls: these are controls that both your organization and Microsoft share responsibility for implementing
- Assessment score: shows your progress in achieving total possible points from actions within the assessment that are managed by your organization and by Microsoft
Learn more about creating and managing assessments.
Regulations
Compliance Manager provides over 360 regulatory templates to help you quickly create assessments. Learn more about working with regulations in Compliance Manager and view the full list of regulations.
Improvement actions
Improvement actions help centralize your compliance activities. Each improvement action provides recommended guidance that’s intended to help you align with data protection regulations and standards. Improvement actions can be assigned to users in your organization to perform implementation and testing work. You can also store evidence, notes, and record status updates within the improvement action. Learn more about working with improvement actions.
Supported languages
Compliance Manager is available in the following languages:
- English
- Bahasa Indonesian
- Bahasa Malay
- Chinese (Simplified)
- Chinese (Traditional)
- Czech
- Danish
- Dutch
- Finnish
- French
- German
- Hebrew
- Hungarian
- Italian
- Japanese
- Korean
- Norwegian
- Polish
- Portuguese (Brazilian)
- Russian
- Spanish
- Swedish
- Thai
- Turkish
Next steps
- Sign in, assign permissions and roles, configure settings, and personalize your dashboard view.
- Learn about and set up multicloud support.
- Create assessments to help you comply with industry standards that matter most to your organization.
- Get detailed scenario-based guidance on using Compliance Manager and other Purview solutions to help you manage data privacy and data protection.