No matter what the industry or company size, all businesses must comply with certain laws and regulations as part of their general operations. Simply put, regulatory compliance is when a business follows state, federal and international laws, and regulations relevant to its operations. The specific requirements can vary depending largely on the industry and type of business. For example, observing rules to ensure a safe work environment for employees or following the guidelines of the Equal Employment Opportunity Commission to ensure discrimination-free hiring practices or following HIPAA compliance to protective sensitive medical data.

Over time, data privacy-specific regulatory compliance mandates, such as GDPR, and CCPA have become more common as companies come under increasing scrutiny over their handling of consumer data. This increasing regulatory compliance around handling data has led to an increase in compliance features that are available in cloud services, such as Microsoft 365.

So what are regulations? Regulations are laws and as laws, non-compliance with regulations can have a range of consequences ranging from a warning to a fine or even in some cases, imprisonment. For example, the potential fine for a breach of the General Data Protection Regulation, or GDPR is 20 million euros or 4% of annual revenue, and that is whichever is greater. This has the serious potential to bankrupt the non-complying organization.

There's also the issue of brand reputation for the organization. Having a regulatory breach can lead to a loss in brand reputation and customer trust. As someone who is administering an IT environment, it is important that you are aware of the regulations that will be affecting your organization and it is a good idea to ensure that the systems that you set up comply with the regulations for your area or industry.

Microsoft 365 has a multitude of compliance options available. You can find them by searching Microsoft compliance offerings in your favorite search engine, and finding the Microsoft compliance offerings page. At the top of the page, you will find all of the compliance offerings that are applicable to Microsoft 365 and lower down, the compliance offerings that are specific to Microsoft Azure.

The Compliance Manager has tools that help administrators to ensure compliance through several different components. It provides customers, as in you, the Microsoft 365 customer, with access to reports and results of independent auditors' assessments of Microsoft 365, along with supporting information. You can download the certificates and the results from the Microsoft 365 compliance offerings page if you wish to. It gives administrators a place to assign actions to others in their organization, track actions, upload documents, and record compliance with applicable standards. And it also tracks a compliance score that you can use to track your organization's progress towards full compliance with the relevant standards that your organization selects.

On top of these tools, Microsoft's documentation site, docs.microsoft.com/compliance, has a huge amount of information on the compliance features of Microsoft 365, how to configure them, and also, recommended action plans, such as the GDPR action plan that takes you through your top priorities for the first 30 days, 90 days and beyond. If you get stuck trying to figure anything out, I really recommend reading through the applicable page for what you are trying to achieve.