Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
Compliance Manager Preview is now available
Published Nov 16 2017 08:00 AM 73.4K Views

 

Customers have told us about their compliance challenges, such as the lack of in-house capabilities to define and implement controls, the lack of collaboration between compliance and IT teams, and inefficiencies in audit preparation activities. At Microsoft Ignite, we introduced Compliance Manager, a new solution that helps you manage the end-to-end regulation-to-audit compliance process and connect the technology solutions with the regulatory requirements. It provides recommended actions and a control management tool for your organization to improve data protection capabilities and implement controls across teams more seamlessly. Moreover, it enables you to perform real-time risk assessment that helps you to be better prepared for auditing.

 

We are thrilled to announce that the Compliance Manager Public Preview program is now available for organizations with a paid or trial subscription for Microsoft cloud services (e.g., Office 365, Microsoft Azure, etc.). Sign in to Compliance Manager using your Office 365 or Azure Active Directory user account.[1]

 

To help you get the most out of the Compliance Manager Preview, watch our short demo and learn more about the solution’s capabilities including:

 

  • A dashboard that summarizes Microsoft’s and your organization’s control implementation progress for Office 365 across various standards and regulations, such as the EU General Data Protection Regulation (GDPR)[2], ISO 27001, and ISO 27018.

Compliance Manager dashboardCompliance Manager dashboard

  •  Actionable insights that are designed to improve your data protection and compliance posture.

Recommended actions for customer managed controlsRecommended actions for customer managed controls

  • Control management and audit-ready reporting tools to streamline your compliance workflow.

Collaborate across teams more seamlessly by assigning tasks in Compliance ManagerCollaborate across teams more seamlessly by assigning tasks in Compliance Manager

Visit our support page for additional information about the Compliance Manager Preview. After trying the Compliance Manager Preview, please provide us with your questions and comments by clicking the Feedback button within Compliance Manager.

 

As we get closer to general availability in 2018, we will add support for additional products, including Azure and Dynamics 365, along with a Compliance Score feature that reflects your organization’s compliance posture based on your activities in Compliance Manager. We’ll also be adding more regulatory standards like National Institute of Standards and Technology (NIST) Special Publication 800-53, along with additional evidence to support Microsoft’s compliance to the GDPR. We’ll be increasing depth in the recommended actions for your GDPR program as well as the evidence that you can use to demonstrate support for the GDPR when using Microsoft services.

 

To provide you with access to all of Microsoft’s cloud-related security, compliance, and privacy information, we have also revamped the Service Trust Portal, which provides auditing and assessment reports, technical whitepapers, and various how-to guides.

 

***Update on Feb 22nd 2018: Compliance Manager is now generally available for Azure, Dynamics 365, and Office 365 Business and Enterprise subscribers in public clouds. Learn more about the official product launch here.***

 

*Compliance Manager is a dashboard that provides a summary of your data protection and compliance stature and recommendations to improve data protection and compliance. This is a recommendation, it is up to you to evaluate its effectiveness in your regulatory environment prior to implementation. Recommendations from Compliance Manager should not be interpreted as a guarantee of compliance.

 

 

[1] Currently, the Compliance Manager preview is not available in Office 365 operated by 21Vianet or Office 365 Germany.

[2] We will add more GDPR-related content between now and May 2018.  For now, we are publishing what we have to gain your feedback, and so that you can start reviewing and acting on your organization’s GDPR-related responsibilities.

29 Comments
Silver Contributor

If an organization has the Office Graph disabled in their tenant, how will this tool be affected?

You appear to be using Microsoft Internet Explorer. The Service Trust Portal currently supports Microsoft Edge, Google Chrome, Apple Safari, and Mozilla Firefox. Please use one of those browsers to access the Service Trust Portal.

Seriously? :)

 

Bronze Contributor
Nice, right of the bat I would have requested individual assessments, like for on prem or custom applications and stuff like records keeping of data processing. But, having reviewed other providers that are specialized on that topic I'm not sure it would be wise. If you plan to extend Compliance Manager to be a fully competitive product for managing all kinds of compliance, then you're in some real competition here. There are so many technical solutions to multiple GPDR problems that I haven't even thought of, like cookie compliance, self-service consent management, bla bla bla  It might be helpful to get a clearer roadmap for this product before we decide try to license it. If it remains a compliance manager for Microsoft Cloud services, which is nice in its own product specify and detailed way, I see can only see this as a small add-on to existing Office 365 suites.
Brass Contributor

When trying to open this in Edge or Chrome i get the following error. 

 

"The request to load the application context has failed."

Hi @Dean Gross, it shouldn't impact on your usage on Compliance Manager. Please let me know if you have more question regarding to it. Thanks for asking!

 

Hi @Vasil Michev, we will support IE 11 in the future. We will share more details in December about it. Sorry for not being able to provide the support now. Thanks for the feedback.

 

Hi @Ivan Unger, thanks for the feedback. We also saw there are many solutions and it's a competitive area. We released the preview to gather more feedback from users, and want to know the market needs better. We will prioritize the potential features based on the users' feedback. Please keep giving us feedback and follow us here to know the most updated product roadmap information.

 

Hi @Phillip Shilling, thanks for reposting this error to us. You can try to close out browser and try to log in again. If that doesn't work, please try other browser except IE for now. If it still doesn't work, please take a screenshot of error and message me.

 

 

Hi @Vasil Michev, I'd like to inform you that Compliance Manager now supports IE 11! Thanks for the feedback, and we hope to hear more from you in the future.

Copper Contributor

Hi, 

Can I confirm if Compliance Manager is available for all Office 365 plans? (ie Business essentials through to E5?)

 

thanks

s

Silver Contributor

@Steven Osprey i was on a call earlier this week and they said it would be hitting General Availability in February. 

Yup, does work fine with IE now, thanks :)

Copper Contributor

@Dean Gross Looks like it maybe in March/April.

@Steven Osprey It will be available across the business and enterprise licenses.

@Dean Gross@Usama Sikander General availability will be available in spring soon. We will announce the date/month when we have more confirmed information. Thanks for asking!

 

@Steven Osprey It will be available for all Business and Enterprise SKUs in public clouds. Note that GCC customers can access Compliance Manager, however users should evaluate whether to use the document upload feature of compliance manager, as the storage for document upload is compliant with Office 365 Tier C only. Compliance Manager is not yet available in sovereign clouds including DoD, Gallatin and Blackforest. Thank you for asking!

Copper Contributor

When trying to open this in Safari and Crome i get the following error "The request to load the application context has failed"

Hi @Mykola Antoniv, could you share when you saw the error messages? If it still doesn't work now, you can try to delete cache images and files, as well as cookies from your browser. Please let me know if the issue still persists after that. Thank you!

Copper Contributor

@Tina Ying (OFFICE MARKETING) I am receiving the error message after  login.  

@Mykola Antoniv, if you still can't sign in, could you send me an email and I will help to solve the error issue? My email is juying@microsoft.com

Thank you and sorry for any inconvenience it may cause.


 

Copper Contributor

The in-scope section under O365 GDPR assessment lists these:

Sharepoint Online, Exchange Online, Microsoft Booking, Microsoft Graph API, Microsoft Analytics, Microsoft Planner, Microsoft Stream, Office Delve, Office 365 Groups, Office 365 Video, Sway, Microsoft StaffHub, Microsoft PowerApps, Microsoft Teams, Skype for Business

What about those not mentioned? - Like: Forms, Flow, To Do and Power BI.

Expect that OneDrive is covered since it is powered by SharePoint Online.

Copper Contributor

My company does a lot of work for US Federal government, DoD using SCM 4.0. Will the Compliance Manager work with SCM 4.0?  

Hi @SOEREN PEDERSEN, we just released the GA version of Compliance Manager yesterday, and the in-scope service is updated now. Let us know if you have any other question on it. Thanks!

 

Hi @Anthony Dennis, SCM focused on a small subset of configuration management controls; Compliance Manager is a solution for Microsoft cloud customers to easily manage and demonstrate implementation of controls that help customers comply with data protection standards and regulations. The scopes of these 2 tools are different. We will share more information about the roadmap of Compliance Manager for GCC High/DoD in the near future.

Update on Feb 22nd: Compliance Manager is now generally available for Azure, Dynamics 365, and Office 365 Business and Enterprise subscribers in public clouds. Learn more about the official product launch here.

Copper Contributor

There are a number of functional settings in an Office 365 subscription, which in and by themselves, are (or could be) a violation of GDPR requirements, particularly in Delve (how do you arrange consent?), Skype (again, consent), OneDrive (access by managers of leavers) and protection.office.com (need-to-have access).

 

What would really help me, is for Microsoft to tell me exactly which settings could be an issue from an GDPR perspective (coupled with an advise).

 

I scanned the content of the GDPR section of compliance manager, but couldn't find anything like this. Is this something that we can expect between now and May?

 

Thanks.

Iron Contributor

I am receiving the following error which has been mentioned several times in this discussion but never explained or solved. It seems as if there isn't an explanation and solution then? Please offer an update/current status. Thank you.

 

I am receiving this regardless of what browser I am using: Edge, Chrome or Firefox (I don't routinely use IE anymore)
2018-03-02_8-15-56.png

Please advise. Thank you.

Silver Contributor

@Lisa Stebbins it is working fine for one of my tenants, i would open a support ticket

Iron Contributor

@Dean Gross and @Tina Ying (OFFICE MARKETING)

I am interested in learning how those who have already asked this same question, having rec'd the same error when attempting to access the website, were told before I open a service ticket. Are you saying that there is no reason I, and others, are getting this error? Are you saying no one else ( @Mykola Antoniv or @Phillip Shilling ) has followed up their inquiry here with a ticket? If so, that would mean their issue with this is resolved and I would like to learn what they did to resolve it before submitting, potentially, another ticket for an issue that has already be corrected and addressed.

 

Thank you. 

Silver Contributor

@Lisa Stebbins i'm just reporting that it is working and there is not a system wide outage. I have no information about the status of the problems reported by others. Cryptic error message like that are not very helpful but the MS support engineers should be able to help you troubleshoot.

Thank you @Dean Gross!

Hi @Lisa Stebbins, Could you send me your email at juying@microsoft.com? I can help you to investigate the issue. Sorry for the inconvenience it may cause!

 

Thank you!

Tina

Copper Contributor

Hello!

 

Will you add GDPR for Azure on Compliance Manager?

 

Thanks,

Nick

 
 

Hi Nick, we are working on adding the GDPR assessment for Azure in Compliance Manager. Will share more information when we have it ready. 

 

Thank you!

Tina

Hi @Patrick van de Ven, Currently, within Compliance Manager, we don't have specific advices on these matters. However, let me update you if I hear any update around it. Thank you!

Microsoft

I found the document.

https://support.office.com/en-us/article/use-compliance-manager-in-the-service-trust-portal-preview-...
---
Assigning permissions to Compliance Manager
---
By default, everyone in your organization with an Office 365 or Azure AD account has access to Compliance Manager and can perform any action in Compliance Manager.
After a user is added to a role, the default permissions are removed and only users have been added to a role will be able to access Compliance Manager and perform the actions allowed by that role.
---

I would like to deny users access to Compliance Manager.
Despite setting "Portal Admin" role to some user, user can access to Compliance Manager dashboard.
Is this by design for now?

Version history
Last update:
‎May 11 2021 01:54 PM
Updated by: