Microsoft 发布法规遵从性管理器预览


在这 问管理员, 我将了解 Microsoft 的新服务如何帮助组织满足法规遵从性要求.

本周早些时候, 我参加了一个由微软主持的活动, 宣布它的新的合规经理为微软 365. While the presentation was geared towards Microsoft 365’s unique approach to GDPR, the EU General Data Protection Regulation comes into force May 25th next year, Compliance Manager will be made available to all customers of Microsoft’s cloud services.

Microsoft views GDPR as a way to drive digital transformation and has responded by creating Compliance Manager to help organizations in that process. EU GDPR differs from current legislation. Organizations must comply, even if the data controller and processor are located outside the EU because it is important to note the location of the data subject. Because of the pending new legislation, Microsoft has updated Office 365 to comply. And as part of that effort, Compliance Manager passes on Microsoft’s knowledge about GDPR, and other standards and regulations, to customers to help them achieve compliance.

For more detailed information on GDPR, 请参见 你需要知道的关于欧盟通用数据保护监管 关于 Petri.

microsoft 365 fits into the picture by providing end-to-end data governance and protection of sensitive data. Not just on Microsoft’s servers in the cloud but also on end-user devices and on-premise servers. And this is the part that Office 365 alone cannot provide because Microsoft 365 Enterprise brings together Office 365, Windows 10 企业, and the Enterprise Mobility + Security suite.

Aidan Finn provides a good summary of Microsoft 365 在 Understanding Microsoft 365 关于 Petri.

Like Office 365 Secure Score, Compliance Manager provides a score that shows compliance posture by looking at over a thousand controls in Microsoft’s services. Compliance Manager analyzes the organization’s environment, gives it a score, and then recommends how to remediate any highlighted issues. In addition to Microsoft’s out-of-the-box controls, organizations can also add their own.

Compliance Manager dashboard (Image Credit: Microsoft)

Compliance Manager Dashboard (Image Credit: Microsoft)

Compliance Manager’s dashboard shows your compliance scores for selected regulations and standards. You can drill down to get detailed information on controls, their status, and how to remediate any issues. Audit-ready reports provide evidence that controls have been implemented, alleviating the need to collect information from different systems.

Each technical control provided Microsoft is mapped to a certification control for the selected regulation, like GDPR. Information is provided about whether the control is implemented when it was last tested, and by whom. You can assign controls that need to be implemented to a member of IT staff, set a priority, and optionally send a notification by email.

Compliance Manager (Image Credit: Microsoft)

Compliance Manager (Image Credit: Microsoft)

Compliance Manager is a simple tool but it looks like it will be valuable for organizations trying to manage the compliance minefield. And not just those struggling with GDPR, Microsoft is aiming to provide support for NIST 800-53, ISO 27001, and ISO 27018 when the tool reaches general availability. But there’s no magic bullet when it comes to compliance. As Microsoft points out, no tool can guarantee one hundred percent compliance. But Compliance Manager can help make the process of achieving compliance easier.

Compliance Manager preview was released November 16th. For more detailed technical information about Compliance Manager and to sign up for the preview program, 看看微软的网站 在这里.

邮报 》 Microsoft 发布法规遵从性管理器预览 首先出现在 Petri.