Service Trust Portal-Describe security, compliance, privacy, and trust in Microsoft 365

Microsoft is aware of these trust issues and has created a central storehouse called the Service Trust Portal (STP) for information about them. STP is a website, shown in Figure 3-43, available to everyone at http://aka.ms/stp, although some parts of the site are restricted to registered users of Microsoft 365 and other products. See Figure 3-44.

FIGURE 3-44 The Microsoft Service Trust Portal website

Among the many resources on the site are links to documents in the following categories:

  • Audit Reports Provide independent audit and assessment reports of Microsoft’s cloud services, evaluating their compliance with standards such as those published by the International Organization for Standardization (ISO), Service Organization Controls (SOC), National Institute of Standards and Technology (NIST), Federal Risk and Authorization Management Program (FedRAMP), and General Data Protection Regulation (GDPR)
  • Documents & Resources Consist of a large library of documents, including white papers, FAQs, compliance guides, penetration test reports, Azure security and compliance blueprints, and other data protection resources
  • Compliance Manager Assesses and scores an organization’s regulatory compliance based on multiple published standards
  • Industries & Regions Provide documents containing compliance information for specific industries—such as education, financial services, government, health care, manufacturing, and retail—and specific countries, including Australia, Czech Republic, Germany, Poland, Romania, Spain, and the United Kingdom
  • Trust Center Links to the Trust Center site, which provides documentation on how Microsoft supports security, privacy, compliance, and transparency in its cloud services
  • Resources Provide information about Microsoft’s global datacenters, security and compliance information for Microsoft 365, and a FAQ list for the Service Trust Portal
  • My Library Enables users to pin documents from the site onto a separate user page for quick reference later
Microsoft Purview

Microsoft Purview is an umbrella brand that includes Microsoft’s data risk, compliance, and governance tools, some of which were, at one time, separate products. For example, Azure Purview and the Microsoft 365 Compliance Manager are now available through the Microsoft Purview portal, shown in Figure 3-45.

FIGURE 3-45 The Microsoft Purview portal

Compliance Manager

Compliance Manager—now incorporated into the Microsoft Purview portal—is a risk assessment tool that enables an organization to track and record its activities to achieve compliance with specific certification standards. An assessment of an organization’s compliance posture is based on the capabilities of the Microsoft 365 cloud services and how the organization uses them, compared to an existing standard, regulation, or law.

The home page for the Compliance Manager tool in the Purview portal contains an Overview tab that displays the general compliance score for the network and a list of key improvement actions, along with their status, Impact values, and completion states, as shown in Figure 3-46.

FIGURE 3-46 The Compliance Manager page in the Microsoft Purview portal

Selecting an improvement action displays a detailed information screen describing the reasons for the action and providing instructions on how to implement it, as shown in Figure 3-47.

FIGURE 3-47 Detail of an improvement action in Compliance Manager in the Microsoft Purview portal

Enterprise networks can be subject to a wide variety of compliance standards, and Compliance Manager includes a long list of regulations, shown in Figure 3-48. Administrators can select a particular standard and configure Compliance Manager to assess the network and determine to what degree it is compliant with the selected standard.

FIGURE 3-48 The Regulations tab in Compliance Manager in the Microsoft Purview portal

Leave a Reply

Your email address will not be published. Required fields are marked *

Search

Popular Posts

  • Summary-Describe security, compliance, privacy, and trust in Microsoft 365
    Summary-Describe security, compliance, privacy, and trust in Microsoft 365

    Thought experiment In this thought experiment, demonstrate your skills and knowledge of the topics covered in this chapter. You can find the answers to this thought experiment in the next section. Ralph is the Director of the Brooklyn datacenter at Contoso Corp. The company currently has three office buildings in the New York area with…

  • Anticipating threats-Describe security, compliance, privacy, and trust in Microsoft 365
    Anticipating threats-Describe security, compliance, privacy, and trust in Microsoft 365

    Arguably, the most difficult part of the risk management planning process is trying to anticipate all the possible threats that could afflict the company’s data in the future. The three basic risk factors for the data—confidentiality, integrity, and availability—can be exploited in any number of specific ways, but the general threat categories are listed in…

  • Classifying users-Describe security, compliance, privacy, and trust in Microsoft 365
    Classifying users-Describe security, compliance, privacy, and trust in Microsoft 365

    The third element of the digital estate that must be considered when creating a risk management plan is the people who actually access the data. Whether deliberately or inadvertently, users are a constant vulnerability—if not an actual threat—to the organization’s data. After quantifying the organization’s information assets and their value and inventorying the hardware used…

Tags

There’s no content to show here yet.