Microsoft Viva Compliance
Microsoft offers a comprehensive set of compliance offerings to help your organization comply with national, regional, and industry-specific requirements governing the collection and use and data. Microsoft Viva is also covered under the Microsoft Product Terms and Data Protection Agreement (DPA).
For more information, see the Microsoft Trust Center.
In this article you can learn about:
Shared responsibility model
Microsoft works to ensure that we are compliant with industry and international standards, and customers are responsible for ensuring their data within the Microsoft Cloud is protected in a manner that is compliant with the standards and regulations imposed on the customer.
Inheritance of compliance features and settings
Microsoft Viva apps are built on your existing infrastructure and, depending on the app, inherit compliance features and settings from Microsoft Teams, Exchange Online, SharePoint Online, Azure, and Viva Engage. In addition, all Viva modules are built on the Microsoft Graph API.
For detailed information on each service, see:
Microsoft 365 Plan for security and compliance
Microsoft Teams Overview of security and compliance in Microsoft Teams
Microsoft SharePoint Plan compliance requirements for SharePoint and OneDrive
Microsoft Graph Use the Microsoft Graph compliance and privacy APIs
Viva Engage Overview of security and compliance in Viva Engage
Microsoft Entra ID Microsoft Entra security baseline for Microsoft Entra ID
Azure Azure, Dynamics 365, Microsoft 365, and Power Platform compliance offerings
System and Organization Controls (SOC) 2
A SOC 2 report is an independent assessment of a service organization's systems and processes that are relevant to the trust services criteria. The report is conducted by a third-party auditor and evaluates the effectiveness of the controls in place to meet these criteria. Following is the SOC 2 audit report status for each Viva app:
| Viva app | SOC 2 report |
|---|---|
| Viva Connections | Covered within scope of SharePoint Online SOC 2 report, although not individually called out in the report. Excludes third-party content. |
| Viva Learning | Covered by Microsoft 365 Microservices T1 - SSAE 18 SOC 2 Type 1 Report (2022) |
| Viva Engage | Covered by Office 365 – Viva Engage – SOC 2 Type 2 (2022) |
| Viva Goals | Covered by Microsoft 365 Microservices T1 - SSAE 18 SOC 2 Type 1 Report (2022) |
| Viva Insights Personal | Covered by Microsoft 365 Microservices T1 - SSAE 18 SOC 2 Type 1 Report (2022) |
| Viva Insights Organizational | Covered by Microsoft 365 Microservices T1 - SSAE 18 SOC 2 Type 1 Report (2022) |
General Data Protection Regulation (GDPR)
All Viva apps built on your Microsoft 365 infrastructure support compliance with EU General Data Protection Regulation (GDPR) requirements. For detailed information, see Microsoft Viva Privacy
Data residency
Data residency refers to the geographic location where data is stored at rest. Many customers, particularly in the public sector and regulated industries, have distinct requirements around protecting personal or sensitive information. In addition, in certain countries, customers are expected to comply with laws and regulations that explicitly govern data storage location.
For information about data residency for Viva apps, see Microsoft Viva Privacy.
Microsoft Purview
Microsoft Purview is a family of data governance, risk, and compliance solutions that can help your organization govern, protect, and manage your entire data estate.
Currently, certain features in Viva Engage (through Yammer) and Viva Connections (through SharePoint) are supported by Microsoft Purview.
Viva Engage is supported by Microsoft Purview features through Yammer, including eDiscovery and Data Retention. Sensitivity Labels and Data Loss Prevention are not supported. Native Mode is required to take advantage of eDiscovery and the Microsoft Purview compliance portal. This functionality is unavailable for networks in non-Native mode. For more information, see Overview of Native Mode.
Viva Connections inherits eDiscovery and Data Retention support from SharePoint Online for files involved in each service.
More resources
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for