How to compute your enterprise's regulatory risk with the Microsoft Compliance Manager

Complying with data protection regulations requires tools and due diligence. The Microsoft Compliance Manager can provide the necessary documented framework.

Enterprises conduct business in a complicated data protection regulatory environment. This fact is particularly true for business operations that include, or could potentially include, international customers. And with the global reach of the internet, that would include any enterprise with a website requesting simple customer information like name and email address. In some cases, just noting the IP address of a website visitor is enough to kick in privacy regulations.

In this business environment it is vital that all enterprises take measurable and documented steps toward compliance with all relevant data protection and security regulations. Of course, this is not an easy task. Which is why Microsoft released Compliance Manager to general availability on February 23, 2018.

The online tool is now generally available for Azure, Dynamics 365, and Office 365 Business and Enterprise subscribers in public clouds. And while the Microsoft Compliance Manager cannot make your enterprise compliant with every regulation, it can help organizations meet their data protection and regulatory requirements while using Microsoft cloud services.

SEE: Intrusion detection policy (Tech Pro Research)

Compliance Manager

The Microsoft Compliance Manager is a standalone tool, separate from the normal administrative dashboard. Users can access Compliance Manager by signing into their Office 365, Dynamics 365, or Azure user account via the Service Trust Portal. Click on the Compliance Manager tab and login. The first time you sign in, you will be required to accept a rather lengthy NDA agreement, part of which you can see in Figure A.


Admittedly, this NDA was not expected and raised an eyebrow, but I decided to throw caution to the wind and accept it.

As you can see in Figure B, the Microsoft Compliance Manager is presented in fairly standard dashboard motif, showing a score that represents a level of compliance for your associated Microsoft product under specific regulations. My Office 365 assessment for the GDPR, for example, is underdeveloped with a compliance score of just 243 out of 568.


In this example, the Compliance Manager shows that Microsoft has implemented the default GDPR compliance protocols for my installation of Office 365, but that I have yet to perform my enterprise-specific due diligence. With the GDPR becoming fully enforceable on May 25, 2018, I'd better take some action. This is likely a compliance status common to many enterprises.

To increase the compliance score, enterprises would drill down into each regulatory category and check off individual security protocols and other procedures as they are completed. Some items in the list are likely to be part of your enterprise's security system already, while some will require additional resources and implementation.

A high compliance score will provide your organization with some level of assurance with regard to specific regulatory requirements and provide a clearer assessment of systemic risk. The Microsoft Compliance Manager offers enterprises measurable and documented progress toward compliance, which could be valuable when defending against future fines and assessments.

It is important to note, that the Compliance Manager is available by default to any credentialed user of Office 365, Dynamics 365, or Azure in your organization. To change the default permissions, at least one user must be added to each Compliance Manager role. After a user is added to a role, the default permissions are removed and only users that have been added to a role will be able to access Compliance Manager and perform the actions allowed by that role.

SEE: EU General Data Protection Regulation (GDPR): The smart person's guide (TechRepublic)

Bottom line

Determining whether your enterprise follows all of the potentially applicable regulations in today's work environment is no simple task. Failing to comply with even one regulation could carry with it devasting financial penalties. Enterprises need sophisticated tools to help manage this considerable and uncertain risk.

With the Microsoft Compliance Manager now available, enterprises using Office 365, Dynamics 365, or Azure can assess their risk for non-compliance for many regulations and then take documented steps toward reaching full compliance where it is lacking. A free tool that could save your enterprise financial hardship—that is certainly worth checking out.

Also read:

Your thoughts:

How regulatory compliant is your enterprise? How do you know? Share your thoughts and opinions with your peers at TechRepublic in the discussion thread below.

Image: iStock/relif

About Mark Kaelin

Mark W. Kaelin has been writing and editing stories about the IT industry, gadgets, finance, accounting, and tech-life for more than 25 years. Most recently, he has been a regular contributor to,, and TechRepublic.

Editor's Picks

Free Newsletters, In your Inbox