Planning for regulatory compliance in Microsoft 365
GDPR dashboards & reports
Using Compliance Manager
The course is part of these learning paths
This course is designed to give you a firm understanding of the compliance features available to a Microsoft 365 administrator and how to manage regulatory compliance in a Microsoft 365 environment. Taking this course will also help you to prepare for the regulatory and compliance aspects of Microsoft's MS-500 certification exam.
- Understand what regulatory compliance is
- Plan and implement regulatory compliance features
- Learn how to manage regulatory compliance in Microsoft 365
- Manage Data Subject Rights (DSR) requests
- Report on compliance in Microsoft 365
This course is intended for anyone who wants a greater understanding of the regulatory compliance features that are available in Microsoft 365.
To get the most out of this course, you should have some experience using Microsoft 365 and a basic understanding of how the Microsoft 365 system works.
Microsoft Compliance Offerings: https://docs.microsoft.com/en-us/compliance/regulatory/offering-home
Microsoft 365 GDPR action plan: https://docs.microsoft.com/en-us/compliance/regulatory/gdpr-action-plan
Microsoft Compliance Documentation & Resources: https://docs.microsoft.com/en-us/compliance/?view=o365-worldwide
All right. So the next thing we're going to go through is the Microsoft 365 compliance center. So when you go to the compliance center, which you can get to by going to compliance.microsoft.com or you can also get to it by clicking 'compliance' inside of the Microsoft 365 admin center. So when you go to the Microsoft 365 compliance center, you will go to the dashboard.
In the dashboard, we have our compliance score. So you can see here, we've got a 59% compliance score. And if we wanna find out more about the compliance score, we can go to the compliance manager. You can get to the compliance manager directly from the widget by clicking here or if you're anywhere else inside of the compliance center, you can go to compliance manager by clicking there, both links will take you to the same spot.
So once you're in the compliance manager, you will be greeted with your compliance score and your overall points achieved. Now by default, Microsoft will achieve a number of points for you. So depending on which compliance settings you have, Microsoft have already achieved as a baseline, a certain amount of points that go towards your compliance score, just because you're using Microsoft products and they are compliant to a certain level.
Now, the part that you can control is your points. So your points achieved is based off settings that you have made to the Microsoft 365 system. How this is calculated is based off all of these key improvement actions that are available here. So there's a lot more than what you see. You can click here to see all the improvement actions, which we'll do in a moment, but something to note is each of these improvement actions have some points allocated, so you can see here, if we were to use IRM to protect online documents and storage, you would then get 27 points.
So once that's completed, your points will go up and your compliance score will go up. Something to note inside of the compliance manager, in a lot of these areas, you can actually filter down what sections you want to view. So on the right-hand side, we have the filter button. If you click that filter button, you can then filter down on different solutions or different regulations and that will change what you're seeing as your compliance score.
So let's, for example, select a cloud app security and we'll apply the cloud app security filter. Now you can see Microsoft managed points achieved is zero. So Microsoft as a baseline achieved zero points under the cloud app security. At the moment, we have achieved three out of 56 points, and we can see our compliance score for the cloud app security filter is 5%.
So there's a bunch of filters available. You can filter based on what your needs are. If you wanna remove the filter, you can just click the 'X' and now your filters gone and we're back to an unfiltered compliance score. So the next thing we'll take a look at is our improvement actions. So, you can get there by clicking the 'improvement actions' button up here, or 'view all improvement actions'. Both of those buttons are gonna take you to here, which you can see we're here because it's got the underline underneath it.
Now, just like before we can filter this view as well. So you can see here, we can filter by the regulation, or we can filter by the solution. At the moment it's already filtered by these. So we are not displaying any of the ones that we have passed or any of the ones that are out of scope. So that's just by default, if you did want to see the ones that you have already passed, you can tick 'passed', and it will show you. Select 'save', for example, 'enable multifactor for non-administrator users'.
We'll click on that improvement action and then it will give us a description of how to implement and what this improvement action is actually about. So you can see here, it gives us a bit of an overview of how to implement this, testing, standards, what standards it comes under and if we wanted to attach documents, we can attach them. Now this one is an automatically monitored one so you can see here, this action is automatically monitored.
So basically, it's gonna tell you how to use Microsoft solutions to implement this. You can click 'launch now' and do what it says in here. And then this will automatically monitor it and once it's enabled, it will then give you the points that are achieved based on your settings. So we're not going to actually implement this at this point because I don't want to turn on multi-factor authentication for all non-admins in my test in it. But you understand what I mean, so we'll close that.
The other type of improvement action is a manually tested one. So let's go to 'use IRM to protect email messages and attachments'. Now you can see here, this one gives you the ability to select a drop-down. So it gives you how to implement, how to use Microsoft solutions to implement, and then you can select the implementation status. So these are a manual verification, basically, you select when you have implemented it and it will affect your score.
So let's pretend that we have actually done this. So what we can do is say 'implement it' and we select the date that it's implemented, then we save. Now one thing to note: notice that our points have not changed. So to actually change the points, we have to test the solution and make sure that it's working. So, if you go to 'testing' and 'select the testing status', so you can select any of these statuses, let's say it passed, and we will give it the date of today and then save it. What you'll notice now is our points have changed. So now that we have both implemented the improvement action and tested the improvement action, we now have the points assigned to our compliance score.
So if we were to go back to the compliance manager now, you should see that our score has changed. So you can see now, we have 165 points. So we actually have increased our points for the compliance score. So that's an overview of how the compliance score is actually calculated. It's calculated off these key data points, and it basically just keeps adding points onto your points achieved. The higher the compliance score, the more things you comply with. The lower the compliance score, the less things you comply with.
Jake is an IT manager for a managed services company that works with small- to medium-size businesses and manages their IT. He mainly works with a Microsoft Stack, from Servers to Microsoft 365 & Azure. He also specializes in business process improvement helping businesses to leverage technology to speed up their workflows. Jake really enjoys testing out new technologies and seeing what they can do. Outside of work he enjoys kayak fishing, gardening, and going to the gym.