Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

SC - 900 Microsoft Security, Compliance, and Identity Fundamentals > Describe the compliance management capabilities in Microsoft Purview > Flashcards

Describe the compliance management capabilities in Microsoft Purview Flashcards

1
Q

Microsoft Purview compliance portal

A
  • The Microsoft Purview compliance portal is a centralized platform that consolidates tools and data to help organizations understand and manage their compliance needs effectively.
  • Access to the compliance portal is available to customers with a Microsoft 365 SKU who hold one of the following roles: Global administrator, Compliance administrator, or Compliance data administrator.
  • Upon signing into the compliance portal, administrators are presented with a card section on the home page, providing a comprehensive overview of the organization’s data compliance status.
  • The card section offers a quick glance at the organization’s compliance performance, available compliance solutions, and a summary of any active alerts or issues that require attention.
  • Administrators have the flexibility to customize the card section by rearranging cards, adding new cards, or removing cards to tailor the displayed information based on their preferences and priorities.
  • The compliance portal serves as a central hub for managing compliance-related tasks, accessing relevant compliance tools and features, and gaining insights into the organization’s overall compliance posture.
  • Through the compliance portal, administrators can access a range of compliance-related capabilities, including compliance assessments, data governance, data classification, information barriers, communication compliance, eDiscovery, and more.
  • The portal provides a user-friendly interface that simplifies compliance management, allowing administrators to navigate different compliance areas, configure settings, generate reports, and take necessary actions to ensure compliance with regulatory requirements.
  • By leveraging the Microsoft Purview compliance portal, organizations can streamline their compliance efforts, stay informed about compliance status, and proactively address any compliance-related challenges.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Default Compliance Portal Cards

A
  • The default compliance portal home page features several cards that provide quick access to essential compliance-related functionalities and information.
  • The Compliance Manager card leads to the Microsoft Purview Compliance Manager solution. Compliance Manager helps simplify compliance management by calculating a risk-based compliance score. It measures progress towards completing recommended actions to mitigate data protection and regulatory risks. The solution offers workflow capabilities and built-in control mapping to facilitate improvement actions.
  • The compliance score card displays the organization’s compliance score, providing an overview of its current compliance posture based on completed actions and risk assessments.
  • The Solution catalog card provides links to collections of integrated solutions that support end-to-end compliance scenarios. The solutions are grouped into categories:
    • Information protection & governance: Helps with data classification, protection, retention, data loss prevention, information protection, and records management.
      - Privacy: Focuses on privacy management, providing insights on personal data to identify and address potential issues and risks.
      • Insider risk management: Offers solutions for identifying, analysing, and remedying internal risks, including communication compliance, information barriers, and insider risk management.
      • Discovery & respond: Supports quick discovery, investigation, and response with relevant data through solutions such as Audit, data subject requests, and eDiscovery.
  • The Solutions catalog card serves as a centralized access point to explore and utilize the integrated solutions tailored to specific compliance needs.
  • The Active alerts card provides a summary of the most active alerts, including details such as alert severity, status, and category. It offers a link to view more comprehensive information about the alerts, facilitating prompt response and remediation actions by administrators.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Navigation

A

In addition to the cards on the home page, there’s a navigation pane on the left of the screen that gives easy access to the Compliance Manager and the Data Classification page where you can get snapshots of how sensitive information and labels are being used across your organization’s locations.

You can access alerts, reports, policies, and all the solutions that are included in the solutions catalog.

There’s access to data connectors that you can use to import non-Microsoft data to Microsoft 365 so it can be covered by your compliance solutions.

The Customize navigation control allows customization of which items appear in the navigation pane.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Microsoft Purview Compliance Manager

A
  • Microsoft Purview Compliance Manager is a feature within the Microsoft Purview compliance portal that aids administrators in managing an organization’s compliance requirements effectively.
  • Compliance Manager simplifies compliance management and reduces risk by offering prebuilt assessments based on common regional and industry regulations and standards. It also allows administrators to create custom assessments tailored to their organization’s unique compliance needs.
  • The platform provides workflow capabilities to streamline risk assessments and offers step-by-step improvement actions that help meet relevant regulations and standards. Microsoft manages certain actions on behalf of the organization, providing implementation details and audit results.
  • Compliance Manager calculates a compliance score that reflects an organization’s overall compliance posture. This score measures progress in completing improvement actions and provides insights into the organization’s compliance journey.
  • The Compliance Manager dashboard displays the current compliance score and highlights areas requiring attention. It guides administrators towards key improvement actions that need to be addressed.
  • Compliance Manager utilizes various data elements, including controls, assessments, templates, and improvement actions, to facilitate and track compliance activities.
  • Controls refer to the specific measures and safeguards implemented to address compliance requirements.
  • Assessments are evaluations conducted to determine an organization’s compliance status and identify areas of improvement.
  • Templates are preconfigured assessment questionnaires based on common regulations and standards.
  • Improvement actions are specific steps recommended to enhance compliance based on assessment results and regulatory requirements.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Controls in Microsoft Purview Compliance Manager

A
  • Controls are requirements derived from regulations, standards, or policies that define how to assess and manage system configurations, organizational processes, and responsibilities to meet specific compliance requirements.
  • Compliance Manager tracks three types of controls: Microsoft-managed controls, Your controls, and Shared controls.
  • Microsoft-managed controls are controls implemented and managed by Microsoft for its cloud services.
  • Your controls, also known as customer-managed controls, are controls implemented and managed by the organization.
  • Shared controls are controls for which responsibility is shared between the organization and Microsoft.
  • Compliance Manager continuously assesses controls by scanning through the Microsoft 365 environment, analysing system settings, and automatically updating the technical action status.
  • The assessment of controls helps organizations evaluate their compliance posture and identify areas where improvements or remediation may be needed.
  • By tracking and monitoring controls, Compliance Manager provides organizations with insights into their compliance status and progress in meeting regulatory and policy requirements.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Assessments

A

An assessment is a grouping of controls from a specific regulation, standard, or policy.

Completing the actions within an assessment helps to meet the requirements of a standard, regulation, or law.

For example, an organization may have an assessment that, when completed, helps to bring the organization’s Microsoft 365 settings in line with ISO 27001 requirements.

An assessment consists of several components including the services that are in-scope, the controls, and an assessment score that shows progress towards completing the actions needed for compliance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Templates

A

Compliance Manager provides templates to help admins to quickly create assessments.

They can modify these templates to create an assessment optimized for their needs.

Admins can also build a custom assessment by creating a template with their own controls and actions.

For example, the admin may want a template to cover an internal business process control, or a regional data protection standard that isn’t covered by one of Microsoft’s 150-plus prebuilt assessment templates.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Improvement actions

A

Improvement actions help centralize compliance activities.

Each improvement action provides recommended guidance that’s intended to help organizations to align with data protection regulations and standards.

Improvement actions can be assigned to users in the organization to do implementation and testing work.

Admins can also store documentation, notes, and record status updates within the improvement action.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Benefits of Compliance Manager

A

Compliance Manager provides many benefits, including:

Translating complicated regulations, standards, company policies, or other control frameworks into a simple language.

Providing access to a large variety of out-of-the-box assessments and custom assessments to help organizations with their unique compliance needs.

Mapping regulatory controls against recommended improvement actions.

Providing step-by-step guidance on how to implement the solutions to meet regulatory requirements.

Helping admins and users to prioritize actions that will have the highest impact on their organizational compliance by associating a score with each action.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Understanding the compliance score in Microsoft Purview Compliance Manager

A
  • The compliance score is an overall measure of an organization’s compliance posture.
  • The compliance score is calculated based on the scores assigned to actions.
  • Actions in Compliance Manager can be categorized as “Your improved actions” or “Microsoft actions.”
  • Your improved actions are actions that the organization is responsible for managing, while Microsoft actions are managed by Microsoft on behalf of the organization.
  • Actions can be categorized as mandatory or discretionary based on their importance and adherence requirements.
  • Mandatory actions are critical and should not be bypassed, while discretionary actions depend on user understanding and adherence to policies.
  • Actions can further be classified as preventative, detective, or corrective, based on their purpose and impact.
  • Preventative actions address specific risks and aim to mitigate them, such as implementing encryption for data protection.
  • Detective actions actively monitor systems for irregularities and help identify risks or breaches.
  • Corrective actions aim to minimize the impact of security incidents and restore the affected systems or data.
  • Organizations earn points for completing actions, and the compliance score is represented as a percentage of completed actions compared to outstanding ones.
  • The compliance score provides organizations with a visual representation of their progress in meeting compliance requirements and helps prioritize actions that need attention.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Difference between Compliance Manager and compliance score?

A

Compliance Manager is an end-to-end solution in the Microsoft Purview compliance portal to enable admins to manage and track compliance activities.

Compliance score is a calculation of the overall compliance posture across the organization. The compliance score is available through Compliance Manager.

Compliance Manager gives admins the capabilities to understand and increase their compliance score, so they can ultimately improve the organization’s compliance posture and help it to stay in line with compliance requirements.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A new admin has joined the team and needs to be able to access the Microsoft Purview compliance portal. Which of the following roles could the admin use to access the compliance portal?

A. Compliance Administrator role

B. Helpdesk Administrator role

C. User Administrator role

A

A. Compliance Administrator role

This is one of the multiple roles you can use to access the compliance portal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Your new colleagues on the admin team are unfamiliar with the concept of shared controls in Compliance Manager. How would the concept of shared controls be explained?

A. Controls that both external regulators and Microsoft share responsibility for implementing.

B. Controls that both your organization and external regulators share responsibility for implementing.

C. Controls that both your organization and Microsoft share responsibility for implementing.

A

C. Controls that both your organization and Microsoft share responsibility for implementing.

Both your organization and Microsoft work together to implement these controls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A customer has requested a presentation on how the Microsoft Purview compliance portal can help improve their organization’s compliance posture. The presentation will need to cover Compliance Manager and compliance score. What is the difference between Compliance Manager and compliance score?

A. Compliance Manager is an end-to-end solution, in the Microsoft Purview compliance portal, to enable admins to manage and track compliance activities. Compliance score is a calculation of the overall compliance posture across the organization.

B. Compliance Manager is an end-to-end solution, in the Microsoft Purview compliance portal, to enable admins to manage and track compliance activities. Compliance score is a score the organization receives from regulators for successful compliance.

C. Compliance Manager is the regulator who will manage your compliance activities. Compliance score is a calculation of the overall compliance posture across the organization.

A

A. Compliance Manager is an end-to-end solution, in the Microsoft Purview compliance portal, to enable admins to manage and track compliance activities. Compliance score is a calculation of the overall compliance posture across the organization.

Compliance Manager provides admins with the capabilities to understand and improve their compliance score so that they can ultimately improve the organization’s compliance posture and help it to stay in line with its compliance requirements.​​​

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

SC - 900 Microsoft Security, Compliance, and Identity Fundamentals (17 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions