Event details
MicrosoftRejina Start here, Service Trust Portal Home Page, and based on what your auditor needs you should be able to pull the correct reports. For instance, SOC 1 Type 2 Reports, SOC 2 Type 2 Reports, ISO certs, etc. The SOC 2 Type 2 explicitly lists several Defender services as in scope, including Microsoft Defender XDR, Microsoft Defender for Endpoint, etc.
Thank you. In addition to SOC 2 reports covering Microsoft-managed controls, what specific customer-side artifacts or reports (e.g., from Defender or Intune) would you recommend to demonstrate implementation and ongoing effectiveness of those controls in an audit?
- EricMoe
Rejina The Defender Security Baselines assessment here Security baselines assessment - Microsoft Defender Vulnerability Management | Microsoft Learn is generally how customers can demonstrate implementation of controls. Pls take a look and hopefully it helps.