Making Compliance Simpler: An Introduction to Microsoft Purview Compliance Manager
If you're in records management, legal, IT, or risk management, you’ve probably felt the pressure of keeping up with ever-changing regulations. From privacy laws to AI governance, the landscape is shifting fast—and staying compliant can feel like playing Whack-a-Mole.
That’s where Microsoft Purview Compliance Manager comes in. It’s more than just a dashboard—it’s your compliance co-pilot. Whether you're navigating PIPEDA, GDPR, or Europe’s AI Act, this tool helps you track, manage, and demonstrate compliance with confidence.
Example scenario: A mid-sized healthcare provider can use Compliance Manager to reduce audit preparation time by 30-40%, freeing up their IT team to focus on innovation instead of documentation.
Why the Purview Compliance Manager Matters
1. Stay Ahead of Changing Regulations
Regulations like Canada’s PIPEDA, the EU’s Artificial Intelligence Act or ISO regulations evolve and change constantly. Compliance Manager helps you track and respond to these changes by offering pre-built assessments that map directly to the regulations your organization cares about. These assessments break down complex requirements into manageable actions—so you don’t have to start from scratch.
Even better, Microsoft handles updating the actions when the regulations change. As a Compliance Manager, you can choose to review and accept the changes as needed.
Before vs. After: What Changes When You Use It?
| Feature | Benefit |
|---|---|
| Spreadsheets everywhere | Centralized dashboard |
| Manual tracking of regulations | Pre-built assessments that auto-update |
| Confusing roles and responsibilities | Clear task assignments and collaboration |
| Stressful audits | Exportable reports and evidence tracking |
| No idea where to start | Guided improvement actions and scoring |
See the full list of regulations included with Purview Compliance Manager: Microsoft Purview Compliance Manager regulations list | Microsoft Learn.
2. Works Across Platforms
Compliance isn’t only about Microsoft 365. Many organizations use services like Google Cloud, Amazon Web Services, and others. Compliance Manager integrates with these platforms, giving you a broader view of your compliance posture across your entire environment.
This means you can manage assessments in one place that covers multiple services. For example, you can create a single EU GDPR assessment that covers Microsoft 365, Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP). The details in Compliance Manager shows a breakdown of control progress by service to help you evaluate how you’re doing across all your services.
It also works across AI or large language models as well. Compliance Manager provides four premium regulatory templates that are applicable to all generative AI apps that Microsoft Purview supports for AI interactions, such as Microsoft 365 Copilot, Security Copilot, ChatGPT Enterprise, Azure AI services, Gemini and DeepSeek.
3. Collaborate Across Teams
Compliance isn’t a solo sport. Legal, risk, IT, and business teams all play a role. Compliance Manager makes it easier to assign tasks, track progress, and share updates—so everyone’s on the same page.
Improvement actions can be assigned to users in your organization to perform implementation and testing work. You can also store evidence, notes, and record status updates within the improvement action.
Key Features at a Glance
Pre-built assessments for 350+ global regulations and standards
Custom assessments tailored to your organization’s policies
Improvement actions with step-by-step guidance
Compliance score to track progress and prioritize efforts
Multicloud support, including integrations with Google Cloud, AWS, and Okta
Reporting to help with audits, evidence tracking and export options
Getting Started: What You’ll See
First go to the Microsoft Purview Portal (purview.microsoft.com) and find the Compliance Manager solution.
When you open the Compliance Manager, you’ll land on a neat dashboard that shows your current compliance score. This score reflects how well your organization is doing based on the actions you've completed to meet regulatory requirements.
Compliance Manager Dashboard
Microsoft helps you get started – you don’t start with 0 points because the Compliance Manager is already collecting signals from your Microsoft 365 solutions.
The initial score is calculated according to the default Data Protection Baseline assessment provided to all organizations. You can see how your organization is performing relative to key data protection standards and regulations and see suggested improvement actions to take.
Set Up Roles & Access
Users need at least the Compliance Manager reader role, or Microsoft Entra global reader role, to access Compliance Manager. Here is a full table of the roles you could configure for your team:
Source: Microsoft
Building Your Roadmap
Start by selecting a regulation that matters to your business. For example, adding PIPEDA will generate a list of actions—some for your team, and some that Microsoft handles on your behalf. This gives you a clear, bottom-up roadmap of what needs to be done. Over time, you can track trends, show improvement, and export reports for leadership or auditors.
List of improvement actions for an example regulation
Work with Improvement Actions
The Purview Compliance Manager works within a shared responsibility model where some actions are completed by you and others are completed automatically by Microsoft to meet the requirements of a regulation, standard, or certification.
Improvement actions set for manual testing are actions that you manually test and implement. You set the necessary implementation and test status states, and upload any evidence files on the Evidence tab. For some actions, this is the only available method for testing improvement actions.
Here’s an example of an improvement action which is automatically tested, but you still add evidence and assign owners:
Example improvement action with fields for status, owner and more
This is a great way to build accountability when managing the compliance roadmap.
Get Alerts
You can create policies to alert you when changes or events related to improvement actions happen. For example, you can get an alert when:
Scores change: an increase or decrease in points for an improvement action due to configuration changes made by someone in your organization. For example, if your organization creates an insider risk managing policy, that could increase your points for a certain action by a certain amount.
Implementation status change: a user has changed an improvement action's implementation status.
Test status change: a user has changed the testing status of an improvement action.
Evidence change: a user has uploaded or deleted an evidence document in the Documents tab of the improvement action.
Scoring & Measuring Improvements
If you like tracking progress and seeing results, Compliance Manager offers a bit of gamification. Your organization’s score updates as you complete tasks, giving you a tangible way to measure improvement. It’s a simple but effective motivator.
Each action—like enabling encryption or reviewing access controls—adds points to your score. The more actions you complete, the higher your score, and the stronger your compliance posture.
Microsoft-managed actions (like built-in encryption) are scored automatically, while your team’s actions are tracked as you complete them. This helps you prioritize what to fix first and gives you a tangible way to measure improvement.
Automatic testing is turned on by default in Compliance Manager for all actions that can be automatically tested. It takes approximately seven days to fully collect data and factor that data into your compliance score.
Points are awarded for improvement actions when you complete the requirements for implementation. Your action status is updated on your dashboard within 24 hours of a change being made. Different points are given based on actions such as if they’re mandatory or discretionary, and whether they’re preventative, detective, or corrective.
Learn more about scoring: Compliance Manager scoring | Microsoft Learn
Getting Started: Your First 5 Steps
Go to https://purview.microsoft.com and open the Compliance Manager.
Check your compliance score: You’ll already have points based on Microsoft 365 signals.
Pick a regulation that matters to your business (e.g., PIPEDA, GDPR, or the Data Protection Baseline).
Assign actions to team members and upload any evidence you already have.
Schedule a monthly review to track progress and adjust priorities.
💡Pro tip: Use filters to focus on high-impact or overdue items.
Compliance can feel overwhelming. But as the saying goes, “How do you eat an elephant? One bite at a time.” Start small, pick one regulation or feature, and build from there.
Ready to Take the First Step?
If your team is still managing compliance with spreadsheets and scattered notes, it’s time to simplify. Microsoft Purview Compliance Manager helps you automate compliance tracking, improve audit readiness, and collaborate across departments—all from one place.
👉 Need help setting up your first assessment or choosing the right regulation to start with? Reach out! We’re happy to guide you.
