Microsoft Compliance Manager Review

Before I begin the review, here is the link to the product so you can look for yourself: Microsoft Compliance Manager

Easing compliance tasks is on the wishlist of many companies not only for the upcoming GDPR readiness date but for several other regulations.  Microsoft has made a great attempt to solve some compliance problems but the amount of work to complete the process is still fairly large.

The Compliance Manager’s aim to give you a scorecard of  your current status.  At first login, you’ll be faced with several areas to complete documentation.  Many of these are overwhelming, for instance we had a couple hundred activities to complete for NIST 800-53 alone.  These activities equate to points which makes the thousand point “scores” a bit easier to take.

It’s likely that if you can fill out the Compliance Manager successfully you already have another compliance platform which begs the question, why would you have two sets of compliance data?

Where Compliance Manager does shine is its integration into the rest of Office365.  By default, the entire organization can see the assessment and you can assign tasks to member of your Office365/AzureAD deployment.

Compliance Manager does not advertise itself as a full fledged compliance automation platform and I view it as a getting started tool which is actually a great thing.  Most companies receive a questionnaire from a customer or partner regarding compliance and have no idea where to start.  If that is your use case, I  recommend Compliance Manager.  It will help to start building your compliance program.

On the note, a full compliance program is not to be taken lightly but it starts with having the right policies in place to drive your controls.  A typical compliance program will have 50-70 policies and directives.  Once you have your documents ready, you can start building out the tools you need to meet your documented policies.