Compliance Manager frequently asked questions

Are there licensing requirements for using Compliance Manager?

Yes. Organizations with Office 365 and Microsoft 365 licenses, and US Government Community (GCC) Moderate, GCC High, and Department of Defense (DoD) customers, have access to Compliance Manager. However, the assessments available to your organization and how you manage assessment templates depends on your licensing agreement. Visit the Microsoft 365 licensing guidance for security and compliance for details.

Can I use Compliance Manager for non-Microsoft products?

What changed with template licensing in December 2022?

Organizations at the E5/A5/G5 levels have greater flexibility in which regulatory templates they can use for free as part of their licensing agreement. These organizations can choose up to three premium regulatory templates for free instead of having a pre-determined set of included templates. The Microsoft Data Protection Baseline is also included by default as part of your subscription.

For customers using any of the templates that were included before the December 2022 change (NIST 800-53, ISO 27001, GDPR), continued use of those templates will count against the allotted three free premium templates. Customers who have already purchased one or more premium templates will be able to use an additional three premium templates for free.

Also new in December 2022: Templates that belong to the same regulation family now count as one template. For example, the templates for CMMC Levels 1 through 5, are now considered a single template so that you don't need to purchase multiple versions. When you purchase a template license for a regulation, the license will apply for all levels and versions of that regulation. Check the Microsoft 365 licensing guidance for security and compliance for details.

If I have a high score, does it mean I’m fully compliant?

No. Your compliance score measures your progress in completing recommended actions that help reduce risks around data protection and regulatory standards. It does not express an absolute measure of organizational compliance with regard to a particular standard or regulation. Compliance Manager, and your compliance score, should not be interpreted as a guarantee in any way.