Planning for regulatory compliance in Microsoft 365
GDPR dashboards & reports
Using Compliance Manager
The course is part of this learning path
This course is designed to give you a firm understanding of the compliance features available to a Microsoft 365 administrator and how to manage regulatory compliance in a Microsoft 365 environment. Taking this course will also help you to prepare for the regulatory and compliance aspects of Microsoft's MS-500 certification exam.
- Understand what regulatory compliance is
- Plan and implement regulatory compliance features
- Learn how to manage regulatory compliance in Microsoft 365
- Manage Data Subject Rights (DSR) requests
- Report on compliance in Microsoft 365
This course is intended for anyone who wants a greater understanding of the regulatory compliance features that are available in Microsoft 365.
To get the most out of this course, you should have some experience using Microsoft 365 and a basic understanding of how the Microsoft 365 system works.
Microsoft Compliance Offerings: https://docs.microsoft.com/en-us/compliance/regulatory/offering-home
Microsoft 365 GDPR action plan: https://docs.microsoft.com/en-us/compliance/regulatory/gdpr-action-plan
Microsoft Compliance Documentation & Resources: https://docs.microsoft.com/en-us/compliance/?view=o365-worldwide
All right, so the next thing we are going to go into is assessments and assessment templates. So firstly, what is an assessment. Assessments are basically a grouping of controls that can be used to assess your compliance with selected regulations. Now out of the box Compliance Manager uses a data protection baseline assessment, which we can see here. So this is your current assessment. And you can see that we've got an incomplete assessment and it's 59% progress.
So if we go to the assessment templates, so we can now see our included templates in here. So these are the templates that we've got included in our subscription. Now there is a bunch more premium templates. These are not necessarily included in all of the Microsoft 365 subscriptions, and you may need to buy them separately. But if they are included in yours, you can add them to an assessment. Otherwise you can purchase them if you need them.
To create a new assessment using one of these assessment templates, we can go back to assessments and go add an assessment. So then what you would do is select the template that you want. So let's say, for example, we're gonna use the GDPR template to comply with the European Union GDPR regulations. So we would tick that, select Save. And then you can see here the assessment template name is EU GDPR, and that it is included in your subscription.
So if we go Next, we would then give it a name. We will call it Cloud Academy GDPR. And then what you can do is add it to an assessment group. So by default, you've got your default group. What groups are is just a logical way that you can use to group your assessments. So if you had a bunch of assessments for different regulations that you would want to see in a selected group, you would put them all in one group. If you wanted to split them out into multiple groups, you can just do that. You can either select a group or create a new group.
So what we're gonna do is create a new group and we're gonna call it Test Assessment, and then go next. So now we can see that we're using our EU GDPR template. The name and group is Cloud Academy GDPR. And the group of the assessment is called Test Assessment. So let's create this assessment. And it says the new assessment is created. So if we go Done, it will take us straight into the assessment and give us our current progress.
So you can see here we have 14% progress on our assessment. So Microsoft has a baseline, has achieved 192 points. We still have 1,157 points achievable. And just like before, with our standard Compliance Manager score, we can see here all of our improvement actions, which are controls basically, and how much points they have associated with them. And then you would just go through each of these improvement actions and either complete them or mark them out of scope, or mark them as failed.
Once you get through all of those controls, then you have finished your assessment. And so if we now go back to the Compliance Manager home screen, we can actually filter down to this one assessment using our filter. So if we go filter, and you can see here we've got now EU GDPR. So we can tick that and apply. And now we will just have the filter based on the European Union GDPR assessment. So that's basically how to use an assessment template. If you want it, you can use other assessment templates. You can also add more assessments into the groups.
So the next thing we'll go into is creating your own custom assessment template for your own customer assessment. So if you go to assessment templates, we can see all of the Microsoft assessments, but let's say you had a different compliance need and you wanted to do an assessment based off some other compliance need. What you can do is create a new template and then you can download the sample file and follow the instructions to create your own assessment.
So basically if you click these instructions, it will take you to a page on how to modify the assessment template Excel file. So we can download the sample file, and take a look at a sample assessment. So it will download this here and we can open it. And basically you've got these four tabs, which then in the first one, you have your assessment, you have your controls, you have the actions associated with the controls, and then you have your dimensions. So I have edited one already.
So we can see here, we've got our test template for Cloud Academy. In our controls, we've got a couple of controls in here. In our actions, we have different actions that we've set. So basically what we're gonna do here is import this template. So you would go Create a custom template, select Next. We browse for our template file. It will then upload that file. And then we click Next. You can see here we've got now our template score. There's 13 for our maximum score. We have three improvement actions, three controls, and two control families.
So if we create the template now, you can now see we've got our new template called Test Template for Cloud Academy. Inside of our controls, we have the controls that we set before and we can open the control and see the actions that we've got associated with it. So you can see here the example action three, the action type is documentation, and here's my instructions on how to implement.
So then if we want to use this new assessment template that we've created, we can go back into the assessments field, add a new assessment, select the template, and then you can see here Test Template for Cloud Academy has appeared. We can save that, go Next. We might add it into the Test Assessment group, select Next, and create the assessment. And now we'll see this assessment is there. We can go into the improvement actions and we can actually do the improvement action if we wish to.
So we can see it's implemented, select the date, and we'll see it's passed the testing, today, save, and now we'll see our points achieved for this assessment is one. So that's basically how assessments work, how to create your own assessment, how to run an assessment from a template, and also how to create your own assessment template.
Jake is an IT manager for a managed services company that works with small- to medium-size businesses and manages their IT. He mainly works with a Microsoft Stack, from Servers to Microsoft 365 & Azure. He also specializes in business process improvement helping businesses to leverage technology to speed up their workflows. Jake really enjoys testing out new technologies and seeing what they can do. Outside of work he enjoys kayak fishing, gardening, and going to the gym.