Planning for Regulatory Compliance in Microsoft 365
Planning for Regulatory Compliance in Microsoft 365

This course is designed to give you a firm understanding of the compliance features available to a Microsoft 365 administrator and how to manage regulatory compliance in a Microsoft 365 environment. Taking this course will also help you to prepare for the regulatory and compliance aspects of Microsoft's MS-500 certification exam.

Learning Objectives

  • Understand what regulatory compliance is
  • Plan and implement regulatory compliance features
  • Learn how to manage regulatory compliance in Microsoft 365
  • Manage Data Subject Rights (DSR) requests
  • Report on compliance in Microsoft 365

Intended Audience

This course is intended for anyone who wants a greater understanding of the regulatory compliance features that are available in Microsoft 365.


To get the most out of this course, you should have some experience using Microsoft 365 and a basic understanding of how the Microsoft 365 system works.

External Resources

Microsoft Compliance Offerings: 

Microsoft 365 GDPR action plan: 

Microsoft Compliance Documentation & Resources: 




No matter what the industry or company size, all businesses must comply with certain laws and regulations as part of their general operations. Simply put, regulatory compliance is when a business follows state, federal and international laws, and regulations relevant to its operations. The specific requirements can vary depending largely on the industry and type of business. For example, observing rules to ensure a safe work environment for employees or following the guidelines of the Equal Employment Opportunity Commission to ensure discrimination-free hiring practices or following HIPAA compliance to protective sensitive medical data.

Over time, data privacy-specific regulatory compliance mandates, such as GDPR, and CCPA have become more common as companies come under increasing scrutiny over their handling of consumer data. This increasing regulatory compliance around handling data has led to an increase in compliance features that are available in cloud services, such as Microsoft 365.

So what are regulations? Regulations are laws and as laws, non-compliance with regulations can have a range of consequences ranging from a warning to a fine or even in some cases, imprisonment. For example, the potential fine for a breach of the General Data Protection Regulation, or GDPR is 20 million euros or 4% of annual revenue, and that is whichever is greater. This has the serious potential to bankrupt the non-complying organization.

There's also the issue of brand reputation for the organization. Having a regulatory breach can lead to a loss in brand reputation and customer trust. As someone who is administering an IT environment, it is important that you are aware of the regulations that will be affecting your organization and it is a good idea to ensure that the systems that you set up comply with the regulations for your area or industry.

Microsoft 365 has a multitude of compliance options available. You can find them by searching Microsoft compliance offerings in your favorite search engine, and finding the Microsoft compliance offerings page. At the top of the page, you will find all of the compliance offerings that are applicable to Microsoft 365 and lower down, the compliance offerings that are specific to Microsoft Azure.

The Compliance Manager has tools that help administrators to ensure compliance through several different components. It provides customers, as in you, the Microsoft 365 customer, with access to reports and results of independent auditors' assessments of Microsoft 365, along with supporting information. You can download the certificates and the results from the Microsoft 365 compliance offerings page if you wish to. It gives administrators a place to assign actions to others in their organization, track actions, upload documents, and record compliance with applicable standards. And it also tracks a compliance score that you can use to track your organization's progress towards full compliance with the relevant standards that your organization selects.

On top of these tools, Microsoft's documentation site,, has a huge amount of information on the compliance features of Microsoft 365, how to configure them, and also, recommended action plans, such as the GDPR action plan that takes you through your top priorities for the first 30 days, 90 days and beyond. If you get stuck trying to figure anything out, I really recommend reading through the applicable page for what you are trying to achieve.

About the Author

Jake is an IT manager for a managed services company that works with small- to medium-size businesses and manages their IT. He mainly works with a Microsoft Stack, from Servers to Microsoft 365 & Azure. He also specializes in business process improvement helping businesses to leverage technology to speed up their workflows. Jake really enjoys testing out new technologies and seeing what they can do. Outside of work he enjoys kayak fishing, gardening, and going to the gym.