>> Thank you for joining today's
session on how to create out of the box assessments and monitor your progress with
Compliance Manager. As we've all observed, the number of regulations that companies are subject
to is increasing, as is the complexity of these regulations and the frequency
with which they're updated. Many organizations
collect consumer or user data and there is an increasing
need to protect that data. For example, following the
enforcement of GDPR in 2018, many regions have enacted their
own data protection regulations, several of which have gone
into effect this year, including California's
Consumer Privacy Act in July, Thailand's PDPA in May, and Brazil's LGPD in August. Accordingly, it is becoming increasingly difficult
to stay up-to-date with the volume and frequency of new regulations and
regulatory updates. We developed Compliance
Manager to help you at this issue and are here today
to show you how to assess, monitor, and improve your compliance
posture using our solution. Now, I'll walk you through how
you can make the best use of our library of over 150
out-of-the-box assessments. Explain how you can make the most of their built-in control
mapping and provide some additional detail on
the logic that goes into our powerful compliance
score recording capability. Here, we are on the
Compliance Manager homepage, where you can quickly assess
your compliance posture by taking a look at
your compliance score. Once configured, this score will illustrate your progress
against the set of regulations and
standards that you have chosen based on their relevance
to your organization. Your compliance score
consists of points, which you achieve by taking recommended actions to
improve your compliance. You are also given points based
on the actions that Microsoft has taken on your behalf as your
Cloud service provider. To make your compliance score
relevant to your organization, you will first want to setup
assessments which represent the regulations that your
company is subject to. To get started, let's jump
straight into the Assessments tab. Here, you'll find a list of all of the assessments that have been
set up in your tenant already. By pulling from these assessments, Compliance Manager provides specific and actionable
compliance recommendations and shows you details
regarding your compliance against the control
supporting these regulations. By default, you'll have the data protection
baseline setup already, which provides a set of recommendations for how
you can protect your data. The data protection baseline
derives these recommendations from best practices for
compliance across NIST, ISO, and GDPR frameworks. If you would like to quickly
add additional assessments, you can do so by leveraging the Add Assessment button
located on this tab. Alternately, if you prefer
to take a closer look at the full library of assessment
templates available to you, including digging in to the
specific recommendations, actions, and control mappings, you can hop into the
Assessment template tab. Either way, you'll
be able to leverage our expansive library of
assessment templates, which cover major
regulations and standards, as well as those pertaining to regional and industry
specific requirements. In case we don't have
what you're looking for or you'd like to perform
additional customization, you can modify Assessment
templates to meet any unique compliance
needs you may have. Let's head to the
Assessment Template tab to take a look at our options
for assessment creation. Here, we can view our library of out-of-the-box
Assessment templates and dive into any specific
templates of interest. For now, let's start
working on NIST 800-53. We can click into this Assessment
template to take a closer look. Each out-of-the-box template maps to a specific regulation
or framework. In this case, NIST 800-53, and contains all of that
regulation of works, control families, and controls built directly from the
text of the framework. On top of that, we provide
details on the actions that Microsoft has already taken to
meet any relevant controls, as well as recommended
actions that users such as yourself can implement to help
address the remaining controls. As I mentioned, we are creating an assessment of this
template to start the work of assessing
ourselves against the NIST 800-53 regulation. If I wanted additional information on the included controls and actions, I could use the controls, Improvement Actions and Microsoft
Actions tabs to perform a deep dive or export the
whole template to Excel. For now, though, we'll
go ahead and click the Create Assessment
button in order to bring the NIST 800-53 Assessment into our tenant and start assessing
ourselves against the regulation. Now, we can name our assessment
as well as select a group. Groups help you manage your
work on assessments in accordance with your organization's
compliance processes. For example, if you'd
like to delineate your compliance projects
by audit year, subsidiary, or regional business unit, you can create
representative groups and add assessments to each
to separate the work. Once we add the assessment
to the appropriate group, we can click "Next" then review our choices and confirm
by hitting "Create Assessment" then "Done," at which point we're redirected to
our newly created assessment. It looks like we've already made
some progress on this assessment. Microsoft's actions are contributing
all of our current points, but Compliance Manager
will also begin to scan our current M365 configuration and indicate when we complete
recommended actions. If we wanted to extend beyond the
Microsoft 365 product boundary, you can create a custom
assessment to assess the compliance of non M365 products. In fact, you can tune into
our other skilling session, which addresses exactly that. We can also click into the "Controls" tab to take
a closer look at exactly how all these actions relate to the specific controls
within NIST 800-53. Each assessment that we ship
contains the mapping details of how the regulation or frameworks controls relate to the
actions we recommend, allowing you to see exactly
how the work you're doing help satisfy various
control requirements. Here, we can see our progress within each control area and drill
down into specific controls. Clicking directly into
a specific control allows us to see recommended
improvement actions for this control, as well as relevant actions
already taken by Microsoft. Thanks to our Control
Mapping Framework, the actions that we recommend
you take can be relevant to multiple controls within
other assessments, removing the need for
duplicative work. For example, turning on
multi-factor authentication helps address controls from
nearly 50 different regulations. As you take these recommended
actions and address controls, you can export a report to demonstrate
the work that you've done. This report will include all of the relevant status and
documentation areas, including any notes
that you've taken, showing you a complete
picture of all of the work that you and
Microsoft have completed. In addition to reporting, you can always refer back to
your compliance score to see how the actions you have taken have
impacted your overall progress. Your compliance score is
a quantifiable measure of your compliance posture across all
of your assessments in groups, and each action you take has a
different impact on your score, depending on the potential risks
you're helping to mitigate. As a result, the points assigned to each action can help
prioritize where to direct your compliance efforts to maximize the impact on your overall
compliance posture. Efficiency in achieving compliance
and prioritizing actions to meet multiple regulations and
standards is a must have, but is often challenging. We hope that this session today has helped you understand
how to leverage Compliance Manager's over 150
out-of-the-box assessment templates. To learn more about customizing
these assessments to meet your business's unique
compliance requirements, tune in to our sessions
about extending and customizing assessments
in Compliance Manager. Thank you for listening
and have a great day. [MUSIC].
