Introduction
Contoso Healthcare Systems spent the past quarter surfacing and prioritizing cloud security risks using Microsoft Defender for Cloud. The security team now faces a different kind of challenge. The Security Officer (CISO) received a request from the compliance and legal teams: "We need to demonstrate by end of quarter that our Azure environment meets ISO 27001 and NIST SP 800-53 requirements. Can you show us where we stand, identify the gaps, and produce an audit report?"
The team knows their environment has misconfigurations and vulnerabilities. What they don't yet know is how those security findings map to specific compliance framework controls—or how to communicate that mapping to auditors, legal counsel, and executive stakeholders in a format they can act on.
Microsoft Defender for Cloud's regulatory compliance capabilities connects security posture work to the compliance frameworks that matter to the organization. Every security recommendation that Defender for Cloud generates also maps to one or more compliance controls. The regulatory compliance dashboard makes that mapping visible, measurable, and reportable.
In this module, you learn to use Defender for Cloud to evaluate compliance posture. Specifically, you:
- Explain how compliance standards, controls, and assessments work in Defender for Cloud—including the role of the Microsoft Cloud Security Benchmark
- Navigate the regulatory compliance dashboard to identify and investigate failing compliance controls
- Assign regulatory compliance standards to Azure subscriptions and manage compliance scope in the Azure portal
- Generate compliance reports and communicate posture using audit downloads, compliance workbooks, and Microsoft Purview Compliance Manager