According to Microsoft:
“A template is a framework of controls for creating an assessment in Compliance Manager. Our comprehensive set of templates can help your organization comply with national, regional, and industry-specific requirements governing the collection and use of data.”
These are a set of offerings that aim to help organisations analyse their compliance with a wide range of industry and regulatory frameworks.
Some assessments are available free of charge. For E1 & E3 licensees, the Data Protection Baseline is included:
|Office 365 E1/A1/G1/F1||Data Protection Baseline|
|Microsoft 365 E3/A3/G3/F3|
While a wider range are included with E5 level licenses:
|Microsoft 365 E5/A5/G5||Data Protection Baseline
CMMC Level 1-5 (G5 only)
|Microsoft 365 E5/A5/G5/F5 Compliance|
|Microsoft 365 E5/A5/G5/F5 eDiscovery & Audit|
|Microsoft 365 E5/A5/G5/F5 Insider Risk Management|
|Microsoft 365 E5/A5/G5/F5 Information Protection & Governance|
However, the vast majority of assessments are chargeable.
Premium Assessments include:
And many, many more. The full list can be seen here.
For Commercial & GCC (Government Cloud Computing) Moderate organisations, Premium Assessments can be purchased in 3 ways:
While GCC High and Dept. of Defense (DoD) organisations must purchase via Volume Licensing.
Each assessment costs $2,500 (with a a 30-day trial option) and they renew annually.
Is this an ITAM thing? Perhaps not in the strictest sense of the word but we often talk how ITAM needs to become more involved in other parts of the business – and this represents a good opportunity to work with security et al.
To many within an organisation, “compliance” is not just license compliance but also industry regulations such as GDPR, HIPAA, and PCI-DSS. Informing your business which assessments are already included with your Microsoft licenses and what else is available is a great place to start getting out of your comfort zone a little.
Equally, this has the potential to alter your Microsoft relationship. If your organisation is spending a significant amount on these assessments and relying on Microsoft to ensure regulatory compliance, that can change dynamics and the balance of power. Perhaps certain terms will be easier to amend, or better discounts might be available…or maybe Microsoft will feel that it’s harder for you to walk away in the future – either way, it’s something for ITAM, and procurement, to be aware of.