Microsoft Security Tech Accelerator
Dec 06 2023, 07:00 AM - 12:00 PM (PST)
Microsoft Tech Community

ASC Regulatory Compliance policy definition

Copper Contributor


can anyone give me an advice, where I can get information about technical description what really does Regulatory Compliance policy definition? (I do mean what do they really check in which scope - subscription I suppose etc.).

I was not able to find policy description e.g. for ISO27001 in documentation and FAQ.

Thx anyone for reply where to get right information.


3 Replies

@AdamKolak-6034 they're at the subscription level or higher.


This page describes the dynamic compliance packages (preview) feature, and talks of assigning compliance packages to subscriptions or management groups:


Hope that helps.

@melvynadam  sorry, but your answer has not reach my goal.

E.G. look at ISO27001, it is composed from a lot of policies. Where I get information what exactelly does policies connected with this Initiative assigments? ... I know that such ACS default policy assigment is scoped and enabled at the subscription level.

But my point is where I got Policy definition for particular parts of this defaul ACS policy assigment.


"A12.2.1. Controls against malware"
and its one of assessments:
"Install endpoint protection solution on virtual machines"
Where I can find such description/mapping what this assessment really technically does? (mostly probably, it checks VMs in particular subscription ... maybee windows, maybee linux ... etc.)
Hope I cleared what I seek for.


best response confirmed by AdamKolak-6034 (Copper Contributor)

Hi @AdamKolak-6034

I'm not entirely understanding what you're looking for, but I can give you a few pointers for more information.

Take a look here for mapping information of compliance requirements to assessments/ Azure policies that help address those requirements:

Specifically for ISO 27001 control mapping for example, see this section:


To learn more about what the assessments in Security Center are doing, you can take a look at the documenation on Security Center recommendations:

There are reference pages in that section for each of the ASC recommendation types.


Also, specifically for the recommendation you were interested in below on installing endpoint protection, please take a look at the following article:


Hope that helps!