Understanding your compliance score

  1. Home
  2. Understanding your compliance score

Go back to Tutorial

In this tutorial, we will understand about the calculating compliance score.

Compliance Manager awards you points for completing improvement actions taken to comply with a regulation, standard, or policy, and combines those points into an overall compliance score. Each action has a different impact on your score depending on the potential risks involved. Further, your compliance score can help prioritize which action to focus on to improve your overall compliance posture.

How to read your compliance score

The Compliance Manager dashboard displays your overall compliance score. This score measures your progress in completing recommended improvement actions within controls. Moreover, your score can help you understand your current compliance posture. And, it can also help you prioritize actions based on their potential to reduce risk.

Further, a score value is assign at three levels:

  • Firstly, Improvement action score. Each action has a different impact on your score depending on the potential risk involved
Practice tests compliance score
  • Secondly, Control score. This score is the sum of earning points by completing improvement actions within the control. This sum applies in its entirety to your overall compliance score when the control meets both of the following conditions:
    • Implementation Status equals Implemented or Alternative Implementation
    • Test Result equals Passed.
  • Lastly, Assessment score. This score is the sum of your control scores. The calculation is using the action scores. Each Microsoft action and each improvement action managed by your organization is counted once, regardless of how often it is referenced in a control.

Initial score based on Microsoft 365 data protection baseline

Compliance Manager gives you an initial score based on the Microsoft 365 data protection baseline. This baseline is a set of controls that includes key regulations and standards for data protection and general data governance. Moreover, this baseline draws elements primarily from NIST CSF and ISO, as well as from FedRAMP and GDPR.

However, your initial score is calculated according to the default Data Protection Baseline assessment provided to all organizations. Upon your first visit, the Compliance Manager is already collecting signals from your Microsoft 365 solutions. Further, you’ll see at a glance how your organization is performing relative to key data protection standards and regulations. Then, see suggested improvement actions to take.

How Compliance Manager continuously assesses controls

Compliance Manager automatically scans through your Microsoft 365 environment and detects your system settings, continuously and automatically updating your technical action status. Microsoft Secure Score is the underlying engine that performs the monitoring.

However, your action status is updated on your dashboard every 24 hours. Once you follow a recommendation to implement a control, you’ll typically see the control status updated the next day.

sc-900 online course

Reference: Microsoft Documentation

Go back to Tutorial

Menu