If you own a small business, you might not have an IT staff or someone to constantly check to see if your data and information floating around Microsoft 365 is safe and secure. Luckily, Microsoft has a new preview feature covered in your subscription called the Compliance Score which can help you out.
With Compliance Score, you get a simplified way to manage compliance standards. You get recommendations for security actions you can take to comply with industry regulations and standards that other companies often pay IT departments to think about and handle. Here's how you can use it.
Key things to understand
Before diving into the Compliance Score, there's a set of terms you'll need to understand. You'll see something called a control. Control is a requirement or regulation, standard, or policy. You'll also see an action, which is an activity that helps you implement control. Finally, you'll see an assessment which is a grouping of controls from a specific regulation, standard, or policy.
Additionally, Compliance Score is not to be confused with the Compliance Manager or Center. They share the same backend, but Compliance Score as a simplified version of Compliance Manager and gives you a more complete view of your organization's current compliance situation, plus the steps you can take to improve it.
Please in mind that Microsoft will provide you with an initial numbered score based on some of the most common regulations and standards. As explained by Microsoft, this risk-based score "measures your progress in completing actions that help reduce risks around data protection and regulatory standards."
You'll be able to improve this score by creating and taking assessments that are relevant to your company. You'll be able to select these assessments, modify them, or create your own to see things that are most important to you. Just be aware that having a high score doesn't always mean you're fully compliant. According to Microsoft, it "does not express an absolute measure of organizational compliance with any particular standard or regulation."
Finally, you'll want to understand that you'll be able to see quick actions to improve your compliance. They'll be detailed guidance with step by step instructions for the right solution. Completing these will improve your score.
How to use the home dashboard
Once you head to see your Compliance Score, by clicking Compliance from the Microsoft 365 App launcher, you'll be taken to the Microsoft 365 Compliance Center. From here, you'll see different sections. The first will show your compliance score, which is divided up into various actions like protecting information, controlling access, managing devices, and more.
From here, you'll be able to navigate to the sections which we will describe below. You'll also see things such as cloud app compliance, as well as users who are sharing files. In addition, there will be a section here for security alerts, a list of shared files that might be compromising your security, and high-risk apps. You can click each of these sections for more details and a look at how your data is moving.
How to see your compliance score
To dive deeper into your compliance score, you can click compliance score in the sidebar. From here, you'll see your overall score. You can scroll up and down to see the data that went into the score, and some key improvement actions you can take.
Along the top, there will be some tabs, one of which has improvement suggestions. Clicking this will give you a step by step guide on how to take certain actions to bump your score.
Another tab will have solutions and assessments. These will show you how certain solutions can contribute to your score. They'll also be assessments, too. Clicking these will help you implement data protection controls specified by certain types. These include compliance, security, privacy, and data protection standards, regulations, and laws.
How to check data classification
The third section in the Compliance Score will be data classification. From here you can build classifiers that can be used to protect and govern your sensitive data. You'll then be able to explore what data is being labeled so you can fine-tune your classification strategies.
You'll get a snapshot on an overview page. From here, you'll get a quick look at where sensitive info and labels are being used across Microsoft 365 apps and some links to investigate them. You also can dive deeper into classified content with content explorer, which allows you to filter by sensitive info type or label to see how many items are classified inside your business. Finally, you can monitor and review activity with a detailed view into classification activities and trends across locations.
How to manage policies
From the policies section, you'll be able to set up certain policies in Microsoft 365 which can help you improve your score. These policies will be listed by types, be it data, access, or security. Typically, these policies are meant for more experienced users and IT Admins, but clicking one will give you the basics and an explanation of how you can change the policy to improve your compliance score. In most cases, there is also a link that will take you to Microsoft's documentation for said policy.
How to manage permissions
Next up, there is the permissions section. From here, you can assign Microsoft 365 permissions and roles in Office 365. You can add users as global administrators, data administrators, compliancy administrators, and more. Keep in mind, though, that Office 365 roles has a separate page, and you'll need to go here for that. If you're having trouble setting permissions, we invite you to check out our guide on the different administrative roles in Microsoft 365.
How to use the catalog
In the catalog section, you'll find some solutions that you can take inside your organization to improve the overall compliance store This includes topics such as data loss prevention, information governance, information protection, records management, and more. You'll also see topics on how you can identify, analyze, and remediate internal risks, as well as respond to audits, data investigations, and more. Each of these solutions come with step-by-step guides and even videos explaining how you can get started with them.
Customizing and more
These are the basics of checking the Compliance Score, but there is a bit more you can do. If you like to customize the look of the Compliance dashboard, you can do so by clicking Customize navigation on the side. This will show you a variety of things which we've discussed here already. Your changes are unique to you and won't impact other admins.
Fell free to play around with your Compliance Score, and let us know how you're liking this experience by dropping us a comment below. Also, feel free to check out our Microsoft 365 hub for more how-tos and other guides.