Navigating Compliance in the AI Era
As artificial intelligence (AI) and generative tools like Microsoft 365 Copilot transform how enterprises operate, the stakes for data protection, regulatory alignment, and operational resilience continue to increase. The July 2025 Quarterly Compliance Update – released at the beginning of each quarter – is designed to help CISOs, IT administrators, and compliance leaders stay ahead of emerging risks and regulatory shifts, while maximizing the value of Microsoft’s cloud and AI services.
Why This Update Matters
This quarterly report is more than a summary of audit results. It’s a practical guide for organizations navigating the complexities of compliance in regulated industries. The update provides:
- Guiding summaries and direct links to third-party audit reports, penetration testing results, and best practices for risk management.
- Actionable insights for evaluating your organization’s risk and compliance posture across Microsoft 365, Azure, and Dynamics.
- Expert guidance on interpreting findings, remediations, and new regulatory requirements – especially as they relate to AI and cloud adoption.
AI and Copilot: Governance, Security, and Responsible Deployment
With the rapid adoption of generative AI, governance and risk management are top of mind for enterprise leaders. The update features a dedicated section on maximizing the potential of M365 Copilot and generative AI, including:
- Trust by Design: How Microsoft embeds compliance, privacy, and security into AI initiatives from the start, aligning with regulatory standards and operational resilience goals.
- Responsible AI Framework: Guidance on risk identification, mitigation, and stakeholder engagement for Copilot deployments.
- Security and Oversharing Risks: Practical articles on data security, privacy, and defense-in-depth strategies to address internal oversharing and policy enforcement gaps.
- Transparency and Auditability: Updates on Copilot’s inclusion in SOC 2 Type 1 audits, with a roadmap for Type 2 coverage in 2026, and our new transparency note detailing how Copilot interacts with enterprise data.
Key Regulatory Shifts: DORA, ISO, and Beyond
One of the most significant developments this quarter is the continued rollout of the Digital Operational Resilience Act (DORA) in the financial sector. Microsoft’s update includes new resources to help organizations map their controls to DORA requirements, strengthen operational resilience, and reduce concentration risk. The report also details Microsoft’s ongoing compliance with global ISO standards, including the ISO 42001 for AI management systems, ISO 22301 for business continuity, and ISO 27001/27701 for information security and privacy.
Emerging Risks and Practical Insights
We believe it is critical to directly acknowledge, test, and remediate the realities of enterprise risk, so we surface the operational gaps and lessons learned that matter most to security and compliance leaders. By sharing where controls fell short and how those issues were addressed, the report turns real incidents into actionable guidance for organizations facing similar challenges. For example, with exception updates, the report highlights exceptions and how Microsoft is addressing them.
Microsoft: Your Trusted Partner for Secure, Responsible AI
Microsoft’s approach to compliance is grounded in transparency, continuous improvement, and partnership. The Quarterly Compliance Update is an invitation to collaborate and provide our customers with the information they require. Whether you’re preparing for a regulatory audit, deploying Copilot, or strengthening your data governance, Microsoft provides the tools, documentation, and expert support you need to move forward with confidence.
Ready to Dive Deeper?
The July 2025 Quarterly Compliance Update is packed with practical guidance, detailed audit results, and links to essential resources—including ISO certificates, DORA mapping guides, penetration testing results and more. Don’t wait for the next regulatory deadline or security incident to review your compliance posture.
Available to Microsoft customers only: Download the full Quarterly Compliance Update at the beginning of every quarter for deeper guidance, actionable recommendations, and the latest on secure, responsible AI deployment: aka.ms/thecomplianceupdate.
Microsoft