What should you use to evaluate whether your company Azure environment meets regulatory requirements?
A total of 230 exam questions to test your understanding and help you ace the Microsoft Azure Fundamentals exam! Last updated: October 3, 2022 For each of the following statements, select Yes if the statement is true. Otherwise, select No. Home » Microsoft » AZ-900 » What should you use to evaluate whether your company’s Azure environment meets regulatory requirements? What should you use to evaluate whether your company’s Azure environment meets regulatory requirements?
Green IT SolutionsSection: Understand Security, Privacy, Compliance and TrustExplanationExplanation/Reference:References:QUESTION 92This question requires that you evaluate the underlined text to determine if it is correct.Your company implements Azure policies to automatically add a watermark to Microsoft Word documents thatcontain credit card information.Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed”. If thestatement is incorrect, select the answer choice that makes the statement correct.A. No change is needed.B. DDoS protectionC. Azure Information ProtectionD. Azure Active Directory (Azure AD) Identity ProtectionCorrect Answer:CSection: Understand Security, Privacy, Compliance and TrustExplanationExplanation/Reference:References:QUESTION 93This question requires that you evaluate the underlined text to determine if it is correct.From Azure Monitor, you can view which user turned off a specific virtual machine during the last 14 days. Skip to main content This browser is no longer supported. Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support. Tutorial: Improve your regulatory compliance
In this articleMicrosoft Defender for Cloud helps streamline the process for meeting regulatory compliance requirements, using the regulatory compliance dashboard. Defender for Cloud continuously assesses your hybrid cloud environment to analyze the risk factors according to the controls and best practices in the standards that you've applied to your subscriptions. The dashboard reflects the status of your compliance with these standards. When you enable Defender for Cloud on an Azure subscription, the Microsoft cloud security benchmark is automatically assigned to that subscription. This widely respected benchmark builds on the controls from the Center for Internet Security (CIS), PCI-DSS and the National Institute of Standards and Technology (NIST) with a focus on cloud-centric security. The regulatory compliance dashboard shows the status of all the assessments within your environment for your chosen standards and regulations. As you act on the recommendations and reduce risk factors in your environment, your compliance posture improves. In this tutorial you'll learn how to:
If you don’t have an Azure subscription, create a free account before you begin. PrerequisitesTo step through the features covered in this tutorial:
Assess your regulatory complianceThe regulatory compliance dashboard shows your selected compliance standards with all their requirements, where supported requirements are mapped to applicable security assessments. The status of these assessments reflects your compliance with the standard. Use the regulatory compliance dashboard to help focus your attention on the gaps in compliance with your chosen standards and regulations. This focused view also enables you to continuously monitor your compliance over time within dynamic cloud and hybrid environments.
The following list has a numbered item that matches each location in the image above, and describes what is in the image:
Investigate your regulatory compliance issuesYou can use the information in the regulatory compliance dashboard to investigate any issues that may be affecting your compliance posture. To investigate your compliance issues:
The regulatory compliance has both automated and manual assessments that may need to be remediated. Using the information in the regulatory compliance dashboard, improve your compliance posture by resolving recommendations directly within the dashboard. To remediate an automated assessment:
The regulatory compliance has automated and manual assessments that may need to be remediated. Manual assessments are assessments that require input from the customer to remediate them. To remediate a manual assessment:
Generate compliance status reports and certificates
Check compliance offerings statusTransparency provided by the compliance offerings, allows you to view the certification status for each of the services provided by Microsoft prior to adding your product to the Azure platform. To check the compliance offerings status:
Configure frequent exports of your compliance status dataIf you want to track your compliance status with other monitoring tools in your environment, Defender for Cloud includes an export mechanism to make this straightforward. Configure continuous export to send select data to an Azure Event Hubs or a Log Analytics workspace. Learn more in continuously export Defender for Cloud data. Use continuous export data to an Azure Event Hubs or a Log Analytics workspace:
Tip You can also manually export reports about a single point in time directly from the regulatory compliance dashboard. Generate these PDF/CSV reports or Azure and Dynamics certification reports using the Download report or Audit reports toolbar options. See Assess your regulatory compliance Run workflow automations when there are changes to your complianceDefender for Cloud's workflow automation feature can trigger Logic Apps whenever one of your regulatory compliance assessments changes state. For example, you might want Defender for Cloud to email a specific user when a compliance assessment fails. You'll need to first create the logic app (using Azure Logic Apps) and then set up the trigger in a new workflow automation as explained in Automate responses to Defender for Cloud triggers.
FAQ - Regulatory compliance dashboard
How do I know which benchmark or standard to use?Microsoft cloud security benchmark (MCSB) is the canonical set of security recommendations and best practices defined by Microsoft, aligned with common compliance control frameworks including CIS Control Framework, NIST SP 800-53 and PCI-DSS. MCSB is a comprehensive cloud agnostic set of security principles designed to recommend the most up-to-date technical guidelines for Azure along with other clouds such as AWS and GCP. We recommend MCSB to customers who want to maximize their security posture and align their compliance status with industry standards. The CIS Benchmark is authored by an independent entity – Center for Internet Security (CIS) – and contains recommendations on a subset of core Azure services. We work with CIS to try to ensure that their recommendations are up to date with the latest enhancements in Azure, but they are sometimes delayed and can become outdated. Nonetheless, some customers like to use this objective, third-party assessment from CIS as their initial and primary security baseline. Since we’ve released the Microsoft cloud security benchmark, many customers have chosen to migrate to it as a replacement for CIS benchmarks. What standards are supported in the compliance dashboard?By default, the regulatory compliance dashboard shows you the Microsoft cloud security benchmark. The Microsoft cloud security benchmark is the Microsoft-authored, Azure-specific guidelines for security, and compliance best practices based on common compliance frameworks. Learn more in the Microsoft cloud security benchmark introduction. To track your compliance with any other standard, you'll need to explicitly add them to your dashboard. You can add other standards such as Azure CIS 1.3.0, NIST SP 800-53, NIST SP 800-171, SWIFT CSP CSCF-v2020, UK Official and UK NHS, HIPAA, Canada Federal PBMM, ISO 27001, SOC2-TSP, and PCI-DSS 3.2.1. More standards will be added to the dashboard and included in the information on Customize the set of standards in your regulatory compliance dashboard. Why do some controls appear grayed out?For each compliance standard in the dashboard, there's a list of the standard's controls. For the applicable controls, you can view the details of passing and failing assessments. Some controls are grayed out. These controls don't have any Defender for Cloud assessments associated with them. Some may be procedure or process-related, and so can't be verified by Defender for Cloud. Some don't have any automated policies or assessments implemented yet, but will have in the future. Some controls may be the platform's responsibility as explained in Shared responsibility in the cloud. How can I remove a built-in standard, like PCI-DSS, ISO 27001, or SOC2 TSP from the dashboard?To customize the regulatory compliance dashboard, and focus only on the standards that are applicable to you, you can remove any of the displayed regulatory standards that aren't relevant to your organization. To remove a standard, follow the instructions in Remove a standard from your dashboard. I made the suggested changes based on the recommendation, but it isn't being reflected in the dashboard?After you take action to resolve recommendations, wait 12 hours to see the changes to your compliance data. Assessments are run approximately every 12 hours, so you'll see the effect on your compliance data only after the assessments run. What permissions do I need to access the compliance dashboard?To view compliance data, you need to have at least Reader access to the policy compliance data as well; Security Reader alone won’t suffice. If you're a Global Reader on the subscription that will be enough too. The minimum set of roles for accessing the dashboard and managing standards is Resource Policy Contributor and Security Admin. The regulatory compliance dashboard isn't loading for meTo use the regulatory compliance dashboard, Defender for Cloud must be enabled at the subscription level. If the dashboard isn't loading correctly, try the following steps:
How can I view a report of passing and failing controls per standard in my dashboard?On the main dashboard, you can see a report of passing and failing controls for (1) the 'top 4' lowest compliance standards in the dashboard. To see all the passing/failing controls status, select (2) Show all x (where x is the number of standards you're tracking). A context plane displays the compliance status for every one of your tracked standards.
How can I download a report with compliance data in a format other than PDF?When you select Download report, select the standard and the format (PDF or CSV). The resulting report will reflect the current set of subscriptions you've selected in the portal's filter.
Currently, there's no support for downloading a report for a custom policy; only for the supplied regulatory standards. How can I create exceptions for some of the policies in the regulatory compliance dashboard?For policies that are built into Defender for Cloud and included in the secure score, you can create exemptions for one or more resources directly in the portal as explained in Exempting resources and recommendations from your secure score. For other policies, you can create an exemption directly in the policy itself, by following the instructions in Azure Policy exemption structure. What Microsoft Defender plans or licenses do I need to use the regulatory compliance dashboard?If you've got any of the Microsoft Defender plan enabled on any of your Azure resources, you can access Defender for Cloud's regulatory compliance dashboard and all of its data. How do I remediate a manual assessment?By selecting attest, you'll have the ability to demonstrate compliance with this control. Learn how to remediate a manual assessment. Next stepsIn this tutorial, you learned about using Defender for Cloud’s regulatory compliance dashboard to:
The regulatory compliance dashboard can greatly simplify the compliance process, and significantly cut the time required for gathering compliance evidence for your Azure, hybrid, and multicloud environment. To learn more, see these related pages:
FeedbackSubmit and view feedback for What should you use to evaluate whether your company's Azure environment meets regulatory requirements az900?Compliance Manager in the Service Trust Portal is a workflow-based risk assessment tool that helps you track, assign, and verify your organization's regulatory compliance activities related to Microsoft Cloud services, such as Microsoft 365, Dynamics 365, and Azure.
Where can you go to check the Regulatory Compliance of your organization's Azure environment?Once you do, you can go to the Regulatory Compliance dashboard in Azure Security Center, and check for recommendations. The landing page will guide you through the actions you need to take, to fix potential issues for various compliances. That includes ones specific to identity and access management.
How do you identify whether Azure complies with the company's regional requirements?You can view a list of compliance certifications in the Trust Center to determine whether Azure meets your regional requirements.
Which tool within Azure helps you track your compliance with various international standards?Azure Compliance Manager is a new service to help customers manage the compliance requirements of the workloads they deploy in the cloud, aligned with the concept of the cloud's shared responsibility model.
|