Scribd
Upload
103 views7 pages

Data Protection Baseline For Microsoft 365

The Microsoft Compliance Manager report assesses the compliance status of Microsoft 365 controls, indicating that all 28 controls tested failed. It highlights the need for organizations to improve their compliance posture by addressing the identified gaps. The report draws from various standards, including NIST CSF and GDPR, and provides recommendations for enhancing compliance efforts.

Uploaded by

hars4u
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
103 views7 pages

Data Protection Baseline For Microsoft 365

The Microsoft Compliance Manager report assesses the compliance status of Microsoft 365 controls, indicating that all 28 controls tested failed. It highlights the need for organizations to improve their compliance posture by addressing the identified gaps. The report draws from various standards, including NIST CSF and GDPR, and provides recommendations for enhancing compliance efforts.

Uploaded by

hars4u
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 7

Microsoft Compliance Manager

Data Protection Baseline for Microsoft 365 Report


2025-05-08 6:30:25 AM UTC
Data Protection Baseline for Microsoft 365 2025-05-08 6:30:25 AM
UTC
Assessment Report

Table of contents
1. Executive Summary
2. Microsoft Compliance Manager Sections Summary
* Control Category Summary : Microsoft 365
* Control Summary : Microsoft 365
Data Protection Baseline for Microsoft 365 2025-05-08 6:30:25 AM
UTC
Assessment Report

Executive Summary

Introduction
The Compliance Manager report summarizes the current status of those assessments on your
environment, as they map to the associated controls. This report does not represent a complete
compliance report for the standard, nor does it ensure compliance. However, it can be a valuable tool
for organizations that are looking to improve their compliance posture
The Compliance Manager report includes the following information:
* The name of the compliance standard or framework that is being assessed.
* The specific controls that are being assessed.
* The current status of each control (compliant, non-compliant, or not applicable).
* Any recommendations for improving compliance.
The Compliance Manager report can be used to identify areas where your cloud environment is not
compliant with a particular standard or regulation. This information can then be used to take steps to
improve your compliance posture.

About Data Protection Baseline Mapping Template Regulation


The Microsoft 365 data protection baseline is a set of controls that includes common industry
regulations and standards. This baseline draws elements primarily from NIST CSF (National Institute
of Standards and Technology Cybersecurity Framework) and ISO (International Organization for
Standardization), as well as from FedRAMP (Federal Risk and Authorization Management Program)
and GDPR (General Data Protection Regulation of the European Union).
This set of controls also include Microsoft Zero Trust security requirements and were added in the
month of September 2021.

More info on the Microsoft 365 data protection baseline and Compliance Score - https://aka.ms/Data-
Protection-Baseline

Total Controls Tested


28

Passed Controls
0

Failed Controls
28
Data Protection Baseline for Microsoft 365 2025-05-08 6:30:25 AM
UTC
Assessment Report

Microsoft Compliance Manager Sections


Summary
The following is a summary status for each of the sections of the Microsoft cloud security benchmark.
For each section, you will find the overall number of passing and failing controls, based on automated
assessments run by Microsoft Compliance Manager.
A failing control indicates that at least one Microsoft Compliance Manager assessment associated with
this control failed. A passing control indicates that all the Microsoft Compliance Manager assessments
associated with this control passed. Note that status is shown only for supported controls, i.e. controls
that have relevant Microsoft Compliance Manager assessments associated with them.

Control Category Summary : Microsoft 365


The control status for each of these areas can be either passed or failed. The Compliance Posture
report provides a summary of the control status for your cloud environment, as well as any
recommendations for improving compliance.

Control Family Passed Failed


Controls Controls
Zero Trust Application 0 6 0%

Individual Participation 0 4 0%

Cryptography 0 2 0%

Zero Trust Visibility, 0 3 0%


automation, and
orchestration
Zero Trust Data 0 6 0%

Zero Trust Endpoint 0 6 0%

Zero Trust App 0 1 0%


development guidance

Control Summary : Microsoft 365


The following is a summary status for each supported control of the Data Protection Baseline for
Microsoft 365 Assessment. For each control, you will find the overall number of passed and total
actions associated with that control.
Note that status is shown only for supported controls, i.e. controls that have relevant Microsoft
Compliance Manager assessments associated with them.

Control Name Test Completed


Protect sensitive information and 1/9 11%
activities automatically by
implementing policies
Gain visibility into the activities and 1 / 6 16%
data in your applications by
connecting them via APIs
Discover and control the use of 2/5 40%
shadow IT
Deploy adaptive access and 1/3 33%
session controls for all apps
Assess the security posture of your 2 / 4 50%
cloud environments
Strengthen protection against 1/5 20%
cyber threats and rogue apps
Individual Participation Policy and 1/6 16%
Procedures - Management
Redress - Correcting or Amending 0/5 0%
Inaccurate Personally Identifiable
Information
Content and Authority to Collect 0/4 0%

Redress - Disseminating 0/2 0%


corrections or amendments of
Personally Identifiable Information
Key Management - Asymmetric 5 / 14 35%
Keys
Key Management - Symmetric 5 / 14 35%
Keys
Establish visibility 2/3 66%

Enable additional protection and 2/5 40%


detection controls
Enable automation 1/4 25%
Access decisions are governed by 2/4 50%
a cloud security policy engine
Access decisions are governed by 2/3 66%
encryption
Audit data to understand user 2/6 33%
labeling, classification, and
protection behaviors
Classification is augmented by 1/2 50%
smart machine learning models
Data is automatically classified and 1 / 5 20%
labeled
Prevent data leakage through DLP 1 / 8 12%
policies based on a sensitivity label
and content inspection
Access control is gated on 1/7 14%
endpoint risk for both corporate
devices and BYOD
Access is only granted to cloud- 2/7 28%
managed and compliant endpoints
and apps
Data loss prevention (DLP) policies 1 / 8 12%
are enforced for corporate devices
and BYOD
Endpoint threat detection is used to 2 / 3 66%
monitor device risk
Endpoints are registered with a 2/3 66%
cloud identity provider
Use alternative sign-in method that 1 / 3 33%
replaces passwords
Define app roles for IT to assign to 0 / 1 0%
users and groups

You might also like