Managing Regulatory Compliance in Microsoft 365 - Conclusion
Start course

This course is designed to give you a firm understanding of the compliance features available to a Microsoft 365 administrator and how to manage regulatory compliance in a Microsoft 365 environment. Taking this course will also help you to prepare for the regulatory and compliance aspects of Microsoft's MS-500 certification exam.

Learning Objectives

  • Understand what regulatory compliance is
  • Plan and implement regulatory compliance features
  • Learn how to manage regulatory compliance in Microsoft 365
  • Manage Data Subject Rights (DSR) requests
  • Report on compliance in Microsoft 365

Intended Audience

This course is intended for anyone who wants a greater understanding of the regulatory compliance features that are available in Microsoft 365.


To get the most out of this course, you should have some experience using Microsoft 365 and a basic understanding of how the Microsoft 365 system works.

External Resources

Microsoft Compliance Offerings: 

Microsoft 365 GDPR action plan: 

Microsoft Compliance Documentation & Resources: 




So let's do a quick review of what we have learned. The basic concept of regulatory compliance refers to an organization needing to conform with laws and regulations that are relevant to its operations. One of the most far-reaching regulations at the moment is the General Data Protection Regulation, or GDPR for short. This regulation requires organizations to protect the data and privacy of European Union citizens, and it defines personal data as any information relating to an identified or identifiable natural person. This regulation applies to organizations that are based in the European Union, and those who are not.

Microsoft 365 have implemented the GDPR Dashboard into the Microsoft 365 Security and Compliance Center. The GDPR Dashboard gives you a bunch of shortcuts to settings and areas that are useful when dealing with the requirements of the GDPR. We also covered Data Subject Rights Requests, which are otherwise known as DSR Requests. DSR Requests are made by a data subject, which is the person whose identifiable data is being held, to a data controller, which is the person or organization who is in possession of the personally identifiable data. DSR Requests are completed in the Microsoft 365 Security and Compliance Center under Data Privacy, Data Subject Requests.

We also covered assessments, which are a grouping of controls or improvement actions that are used to assess your compliance with regulations that are applicable to your organization. The assessments are based off assessment templates. Microsoft includes a bunch of pre-made assessment templates that are designed to meet the needs for common regulations, but you can create your own assessment template and use that for your assessment if that's required. The compliance score is calculated based off the amount of controls that you are compliant with on the assessments that you are running or you have completed in the Compliance Manager.

Once again, if you have any questions about the course, please email, and if you could take the time to give some honest feedback, please rate the course.

About the Author

Jake is an IT manager for a managed services company that works with small- to medium-size businesses and manages their IT. He mainly works with a Microsoft Stack, from Servers to Microsoft 365 & Azure. He also specializes in business process improvement helping businesses to leverage technology to speed up their workflows. Jake really enjoys testing out new technologies and seeing what they can do. Outside of work he enjoys kayak fishing, gardening, and going to the gym.