Microsoft Purview Compliance Manager
In this article: Learn what Compliance Manager is, how it helps simplify compliance and reduce risk, and its key components.
Tip
If you're not an E5 customer, use the 90-day Microsoft Purview solutions trial to explore how additional Purview capabilities can help your organization manage data security and compliance needs. Start now at the Microsoft Purview compliance portal trials hub. Learn details about signing up and trial terms.
What is Compliance Manager?
Microsoft Purview Compliance Manager is a feature in the Microsoft Purview compliance portal that helps you manage your organization’s multicloud compliance requirements with greater ease and convenience. Compliance Manager can help you throughout your compliance journey, from taking inventory of your data protection risks to managing the complexities of implementing controls, staying current with regulations and certifications, and reporting to auditors.
Watch the video below to learn how Compliance Manager can help simplify how your organization manages compliance:
Compliance Manager helps simplify compliance and reduce risk by providing:
Pre-built assessments for common industry and regional standards and regulations, or custom assessments to meet your unique compliance needs (available assessments depend on your licensing agreement; learn more).
Workflow capabilities to help you efficiently complete your risk assessments through a single tool.
Detailed step-by-step guidance on suggested improvement actions to help you comply with the standards and regulations that are most relevant for your organization. For actions that are managed by Microsoft, you’ll see implementation details and audit results.
A risk-based compliance score to help you understand your compliance posture by measuring your progress in completing improvement actions.
The Compliance Manager overview page shows your current compliance score, helps you see what needs attention, and guides you to key improvement actions. Below is an example of the overview page:
Understanding your compliance score
Compliance Manager awards you points for completing improvement actions taken to comply with a regulation, standard, or policy, and combines those points into an overall compliance score. Each action has a different impact on your score depending on the potential risks involved. Your compliance score can help prioritize which action to focus on to improve your overall compliance posture.
Compliance Manager gives you an initial score based on the Microsoft 365 data protection baseline. This baseline is a set of controls that includes key regulations and standards for data protection and general data governance.
Learn more
Understand how your compliance score is calculated.
Learn how to work with improvement actions.
Key elements: controls, assessments, templates, improvement actions
Compliance Manager uses several data elements to help you manage your compliance activities. As you use Compliance Manager to assign, test, and monitor compliance activities, it’s helpful to have a basic understanding of the key elements: controls, assessments, templates, and improvement actions.
Controls
A control is a requirement of a regulation, standard, or policy. It defines how you assess and manage system configuration, organizational process, and people responsible for meeting a specific requirement of a regulation, standard, or policy.
Compliance Manager tracks the following types of controls:
- Microsoft managed controls: controls for Microsoft cloud services, which Microsoft is responsible for implementing
- Your controls: sometimes referred to as customer managed controls, these are controls implemented and managed by your organization
- Shared controls: these are controls that both your organization and Microsoft share responsibility for implementing
Learn more
Monitor progress of your controls.
Learn how Compliance Manager continuously assesses controls.
Assessments
An assessment is grouping of controls from a specific regulation, standard, or policy. Completing the actions within an assessment help you meet the requirements of a standard, regulation, or law. For example, you may have an assessment that, when you complete all actions within it, helps to bring your Microsoft 365 settings in line with ISO 27001 requirements.
Assessments have several components:
- In-scope services: the specific set of Microsoft services applicable to the assessment
- Microsoft managed controls: controls for Microsoft cloud services, which Microsoft implements on your behalf
- Your controls: sometimes referred to as customer managed controls, these are controls implemented and managed by your organization
- Shared controls: these are controls that both your organization and Microsoft share responsibility for implementing
- Assessment score: shows your progress in achieving total possible points from actions within the assessment that are managed by your organization and by Microsoft
When creating assessments, you’ll assign them to a group. You can configure groups in whatever way is most logical for your organization. For example, you may group assessments by audit year, region, solution, teams within your organization, or some other way. Once you create groups, you can filter your Compliance Manager dashboard to view your score by one or more groups.
Learn more
Build and manage assessments in Compliance Manager.
Templates
Compliance Manager provides templates to help you quickly create assessments. You can modify these templates to create an assessment optimized for your needs. You can also build a custom assessment by creating a template with your own controls and actions. For example, you may want a template to cover an internal business process control, or a regional data protection standard that isn’t covered by one of our 325+ pre-built assessment templates.
Learn more
View the list of assessment templates provided by Compliance Manager.
Get detailed instructions for creating and modifying templates for assessments.
Improvement actions
Improvement actions help centralize your compliance activities. Each improvement action provides recommended guidance that’s intended to help you align with data protection regulations and standards. Improvement actions can be assigned to users in your organization to perform implementation and testing work. You can also store documentation, notes, and record status updates within the improvement action.
Learn more
Use improvement actions to manage your compliance workflow.
Learn how actions impact your compliance score.
Supported languages
Compliance Manager is available in the following languages:
- English
- Bahasa Indonesian
- Bahasa Malay
- Chinese (Simplified)
- Chinese (Traditional)
- Czech
- Danish
- Dutch
- Finnish
- French
- German
- Hebrew
- Hungarian
- Italian
- Japanese
- Korean
- Norwegian
- Polish
- Portuguese (Brazilian)
- Russian
- Spanish
- Swedish
- Thai
- Turkish
Next steps: set up and customize
Learn how to sign in, assign permissions and roles, configure settings, and personalize your dashboard view at Get started with Compliance Manager.
Then start customizing Compliance Manager to help you comply with industry standards that matter most to your organization by setting up assessments.
To help you comply with data privacy regulations, we’ve designed a workflow to guide you through an end-to-end process to plan and implement capabilities across Microsoft 365, including using Compliance Manager. For more information, see Deploy information protection for data privacy regulations with Microsoft 365 (aka.ms/m365dataprivacy).
Feedback
Submit and view feedback for