Are there licensing requirements for using Compliance Manager?
Yes. Organizations with Office 365 and Microsoft 365 licenses, and US Government Community (GCC) Moderate, GCC High, and Department of Defense (DoD) customers, have access to Compliance Manager. However, the assessments available to your organization and how you manage assessment templates depends on your licensing agreement. Visit the Microsoft 365 licensing guidance for security and compliance for details.
What's changing with template licensing in December 2022?
For organizations that currently have four included templates as part of their licensing agreement (E5/A5/G5), there will be greater flexibility in which templates you can use for free as part of your agreement. These organizations will be able to choose up to three premium templates for free instead of having a pre-determined set of included templates. The Microsoft Data Protection Baseline will continue to be included.
For current customers who are using any of the included templates (NIST 800-53, ISO 27001, GDPR), continued use of those templates will count against the allotted three free premium templates. Customers who have already purchased one or more premium templates will be able to use an additional three premium templates for free.
Also changing in December 2022: Templates that belong to the same regulation family will now count as one template. For example, the templates for CMMC Levels 1 through 5, which currently must be purchased individually, will be considered a single template so that you don't need to purchase multiple versions. When you purchase a template license for a regulation, that license will apply for all levels and versions of that regulation.
These changes will roll out to customers between mid-December and end of December 2022. Check the Microsoft 365 licensing guidance for security and compliance in December for updated guidance.
If I have a high score, does it mean I’m fully compliant?
No. Your compliance score measures your progress in completing recommended actions that help reduce risks around data protection and regulatory standards. It does not express an absolute measure of organizational compliance with regard to a particular standard or regulation. Compliance Manager, and your compliance score, should not be interpreted as a guarantee in any way.
Can I use Compliance Manager for non-Microsoft products?
Yes. Get details about Microsoft and universal templates for building assessments. You can also add custom assessments in Compliance Manager to help you manage all the controls across your digital assets.