Blog Post

Security, Compliance, and Identity Blog
4 MIN READ

What's New in Microsoft Purview Compliance Manager

Daniel_Hidalgo's avatar
Oct 12, 2022

In the new world of hybrid work, maintaining compliance has become a board-level directive1. Local and global regulations dictate how to manage, store, and transmit data, making the intersection between compliance and data security more critical than ever before. To adhere to this new way of working, risks need to be identified and mitigated, and data needs to be properly governed. At Microsoft we are empowering customers on their digital transformation journeys by helping improve the way compliance is managed while meeting valuable business outcomes by:

  • Eliminating blind spots with the right set of security, compliance, and privacy controls
  • Safeguarding critical data from external and internal threats
  • Identifying risks and addressing regulatory compliance requirements

Microsoft Purview Compliance Manager helps organizations simplify compliance and reduce risk. It translates complex regulatory requirements into specific controls, allowing organizations to constantly assess, monitor, and improve their compliance posture, all while saving time and money.

 

Today we are excited to share how Compliance Manager helped Webber Wentzel – South Africa’s leading law firm – improve their compliance posture by raising their score from 24 to over 80%.

 

We are constantly innovating and building product enhancements that help customers do more with less. The following features – all of which are GA – help customers get compliant, stay compliant, and scale compliance with one single tool that works out of the box. Let’s learn more about these announcements:

 

Ensuring data residency for the EU and North America

Making sure data lives within the right geographies

 

In March 2021, Brad Smith (Vice Chair and President) announced Microsoft’s promise to Storing and Processing EU Data in the EU. Today, EU customers using Compliance Manager can ensure their data resides within the EU Data Boundary as part of the Microsoft Cloud initiative. This means customer data in the Microsoft Cloud (Azure, Microsoft 365, and Dynamics 365) will only be stored and processed in the EU. For example, if an EU customer creates and manages an assessment in Compliance Manager, that data will reside within European data centers. The same applies for scenarios in North America.

 

Figure 1: EU GDPR assessment in Compliance Manager

 

Updated templates for 350+ regulations worldwide

Easily translate regulations into tangible actions

 

Did you know that there are more than 250 updates to regulations and standards every day? It is overwhelming for organizations to keep up to date with all these changes plus the evolving compliance landscape. Compliance Manager solves for this complexity by tracking and incorporating all regulatory changes. Just in the past month, we have added or updated the following regulations:

 

New    IRAP with ISM Version 3.5 - Official    
Update    Australia Public Record Act    
Update    New York Privacy Act    
Update    IRAP with ISM Version 3.5 - Protected    
Update    CMS Information Systems Security and Privacy Policy (IS2P2)    
Update    New Zealand HIPC    
Update    Australia Privacy Act    
Update    Canada - Breach of Security    
Update    Revisions to the Principle for Sound Management    
Update    Indiana Disclosure of Security    
Update    Australia Privacy (Credit Reporting)    
Update    TISAX 5.1 

 

Figure 2: New and updated templates for over 350+ regulations

 

Alerts & notifications

Stay in the know of any control changes

 

Last April, we announced the general availability of Alerts & notifications. This feature makes it easier for customers to quickly act on non-compliant controls. As a Compliance officer or admin, you can set up an alert policy to outline the conditions that trigger an alert and modify the frequency of these notifications. When Compliance Manager detects a match to your policy condition, the user receives an e-mail with details on the alert. For example, if an organization has disabled multi-factor authentication in their tenant, the admin will quickly be notified of this action so they can take remediation as quickly as possible and minimize data protection risks.

 

 

Figure 3: Setting up conditions and policies to enable alerts & notifications

 

Recommendation Engine

Pick and choose the most relevant regulations

 

According to a Gartner study, only 25% of organizations know which regulations are most relevant to them. Earlier this year, we announced the general availability of recommendation engine. This feature is intended to make it easier to get started with our solution. Compliance Manager’s recommendation engine helps surface the most relevant regulations for your organization based on your company’s size, industry, and region. With just 5 simple clicks, you can help your company begin to comply with the right set of regulations.

 

 

Figure 4: Recommendation engine helps you pick the most relevant regulations

 

 

Get started today!

We are committed to helping organizations do more with less by delivering capabilities that make the end-to-end compliance management experience more efficient. Get started with Compliance Manager through the Microsoft Purview portal today!

Additional resources:

 

On behalf of the Compliance Manager team,

Daniel Hidalgo 

Updated Oct 14, 2022
Version 2.0
No CommentsBe the first to comment