- Article
The Microsoft Service Trust Portal provides a variety of content, tools, and other resources about how Microsoft cloud services protect your data, and how you can manage cloud data security and compliance for your organization.
Tip
If you're not an E5 customer, use the 90-day Microsoft Purview solutions trial to explore how additional Purview capabilities can help your organization manage data security and compliance needs. Start now at the Microsoft Purview compliance portal trials hub. Learn details about signing up and trial terms.
Accessing the Service Trust Portal
The Service Trust Portal is Microsoft's public site for publishing audit reports and other compliance-related information associated with Microsoft’s cloud services. STP users can download audit reports produced by external auditors and gain insight from Microsoft-authored whitepapers that provide details on how Microsoft cloud services protect your data, and how you can manage cloud data security and compliance for your organization. To access some of the resources on the Service Trust Portal, you must log in as an authenticated user with your Microsoft cloud services account (Azure Active Directory organization account) and review and accept the Microsoft Non-Disclosure Agreement for Compliance Materials.
Existing customers
Existing customers can access the Service Trust Portal at https://aka.ms/STP with one of the following online subscriptions (trial or paid):
- Microsoft 365
- Dynamics 365
- Azure
Note
Azure Active Directory accounts associated with organizations have access to the full range of documents and resources like Compliance Manager.
New customers and customers evaluating Microsoft online services
To create a new account or to create a trial account, use one of the following sign-up forms (also used for trial accounts) to get access to the STP.
Sign up for a new Microsoft 365 Apps for business trial account or a new Office 365 Enterprise trial account
Sign up for a new Dynamics 365 trial account
Sign up for a new Azure trial account.
When you sign up for either a free trial, or a subscription, you must enable Azure Active Directory to support your access to the STP.
Using the Service Trust Portal
The Service Trust Portal features and content are accessible from the main menu. The following sections describe each item in the main menu.
Service Trust Portal
The Service Trust Portal link displays the home page. It provides a quick way to get back to the home page.
Certifications, Regulations and Standards
Provides a wealth of security implementation and design information with the goal of making it easier for you to meet regulatory compliance objectives by understanding how Microsoft Cloud services keep your data secure. To review content, select one of the following tiles.
- ISO/IEC - International Organization for Standardization (ISO) / International Electrotechnical Commission (IEC)
- SOC - System and Organization Controls (SOC) 1, 2, and 3 Reports
- GDPR - General Data Protection Regulation
- FedRAMP - Federal Risk and Authorization Management Program
- PCI - Payment Card Industry (PCI) Data Security Standards (DSS)
- CSA Star - Cloud Security Alliance (CSA) Security, Trust and Assurance Registry (STAR)
- Australia IRAP - Australia Information Security Registered Assessors Program (IRAP)
- Singapore MTCS - Multi-Tier Cloud Security (MTCS) Singapore Standard
- Spain ENS - Spain Esquema Nacional de Seguridad (ENS)
Reports, Whitepapers, and Artifacts
General documents relating to the following categories:
- BCP and DR - Business Continuity and Disaster Recovery
- Pen Test and Security Assessments - Attestation of Penetration tests and security assessments conducted by third parties
- Privacy and Data Protection - Privacy and Data Protection Resources
- FAQ and Whitepapers - Whitepapers and answers to frequently asked questions
Industry and Regional Resources
Documents the apply to the following industries and regions:
- Financial Services - Resources elaborating regulatory compliance guidance for FSI (by country)
- Healthcare and Life Sciences - Capabilities offered by Microsoft for Healthcare Industry
- Media and Entertainment - Media and Entertainment Industry Resources
- United States Government - Resources exclusively for US Government customers
- Regional Resources - Documents describing compliance of Microsoft's online services with various regional policies and regulations
Resources for your Organization
Documents applying to your organization (restricted by tenant).
- Resources for your Organization - Documents based on your organization’s subscription and permissions
Resources with the series check mark indicate that the document has multiple versions, which can be viewed once you click on the document and click “view all versions” on the download page.
Filter by date and cloud service - When viewing the available documents, you can filter the results by date range by selecting Dates and then selecting the range you want to use.
Document download view - When viewing the available documents, you can filter the results by the applicable Cloud Service.
Note
Many of the files on the STP require acceptance of a license agreement. Some browser-based PDF viewers do not allow Javascript to run, which prevents the license agreement from being displayed and the file from opening.
All Documents
This section displays all available documents. Select the documents to save into your My Library section. Documents are sorted under the same categories shown under Certifications, Standards, Regulations, and Industry Resources. To view all resources for a particular cloud service use the Cloud Service filter.
Restricted Documents
The Service Trust Portal has documents that, given the nature of their content, are available for users with specific permissions. You need to be assigned one of following roles to view restricted documents:
- Tenant Admin
- Compliance Administrator
- Security Administrator
- Security Reader
Search
Click the magnifying glass in the upper right-hand corner of the Service Trust Portal page to expand the box, enter your search terms, and press Enter. The Search page is displayed, with the search term displayed in the search box and the search results listed below.
By default, the search returns document results. You can filter the results by using the dropdown lists to refine the list of documents displayed. You can use multiple filters to narrow the list of documents. Filters include the specific cloud services, and regions. Click the document name link to download the document.
Note
Service Trust Portal reports and documents are available to download for at least 12 months after publishing or until a new version of document becomes available.
My Library
Use the My Library feature to add documents and resources on the Service Trust Portal to your My Library page. This lets you access documents that are relevant to you in a single place. To add a document to your My Library, click the ellipsis (...) menu to the right of a document and then select Save to library. You can add multiple documents to your My Library by clicking the checkbox next to one or more documents, and then clicking Save to library at the top of the page.
Additionally, the notifications feature lets you configure your My Library so that an email message is sent to you whenever Microsoft updates a document that you've added to your My Library. To set up notifications, go to your My Library and click Notification Settings. You can choose the frequency of notifications and specify an email address in your organization to send notifications to. Email notifications include links to the documents that have been updated and a brief description of the update.
If a document is part of a series, you will be subscribed to the series and will receive notifications when there is an update to that series. You can view the individual documents and Series documents that you have subscribed to, in 2 sections as shown below:
My Download History
On the My Download History tab, you can view and export a download history of documents downloaded from the Service Trust Portal within the last 18 months. The history includes the document title and download date, and the document status, such as whether it is live, has a newer version, or has been deleted. The full download history can be exported to a CSV file.
Localization support
The Service Trust Portal enables you to view the page content in different languages. To change the page language, simply click on the globe icon in the lower left corner of the page and select the language of your choice.
Give feedback
We can help with questions about the Service Trust Portal, or errors you experience when you use the portal. You can also contact us with questions and feedback about Service Trust Portal compliance reports and trust resources by using the Feedback link on the bottom of the STP pages.
Your feedback is important to us. Click on the Feedback button at the bottom of the page to send us comments about what you did or did not like, or suggestions you may have for improving our products or product features.
FAQs
How do I open Microsoft purview compliance portal? ›
How do I access the compliance portal? To access the compliance portal, go to https://compliance.microsoft.com and sign in as a global administrator, compliance administrator, or compliance data administrator.
What is the difference between the service trust portal and the Microsoft purview compliance manager? ›The Service Trust Portal provides an overview of Microsoft's security and compliance capabilities, while Compliance Manager is a tool for organizations to assess and manage their compliance with Microsoft's security and compliance requirements.
How do I get to Microsoft compliance Manager? ›- Go to the Microsoft Purview compliance portal and sign in with your Microsoft 365 global administrator account.
- Select Compliance Manager on the left navigation pane. You'll arrive at your Compliance Manager dashboard.
Sign in to the Azure portal. Navigate to Defender for Cloud > Regulatory compliance. The dashboard provides you with an overview of your compliance status and the set of supported compliance regulations.
How do I access the service trust portal? ›Existing customers can access the Service Trust Portal at https://aka.ms/STP with one of the following online subscriptions (trial or paid): Microsoft 365. Dynamics 365. Azure.
What replaced Microsoft security compliance Manager? ›"The Security Configuration [sic] Toolkit is replacing Microsoft Security Compliance Manager (SCM), which will no longer be supported," Microsoft explained, in a FAQ section of the download page for the Security Compliance Toolkit.
Is compliance manager part of service trust portal? ›Compliance tools that you will find on the Service Trust Portal include Compliance Manager, Trust Documents, Regional Compliance, and Privacy.
What is the purpose of the service trust portal? ›Defining the Service Trust Portal
The Service Trust Portal, also referred to simply as STP, is a service feature available within Microsoft Office 365 that provides current and prospective users of the platform with a wealth of insight into how the tech giant manages privacy, compliance, and security.
Key elements: controls, assessments, templates, improvement actions.
How do I get into compliance? ›- Earn a degree. Overwhelmingly, compliance officers in every industry have a bachelor's degree at a minimum. ...
- Consider your industry. ...
- Look for internships. ...
- Get an advanced degree. ...
- Obtain certification. ...
- Gain experience.
What is the new name for Microsoft compliance? ›
Effective April 19, 2022, Microsoft Purview replaces product names of formerly Microsoft 365 Compliance and Azure Purview. This change was made to consolidate data governance, compliance, and risk management capabilities under a single product name.
What is Microsoft compliance used for? ›Microsoft offers comprehensive compliance and data governance solutions to help your organization manage risks, protect and govern sensitive data, and respond to regulatory requirements. Safeguard sensitive data across clouds, apps, and endpoints. Identify and remediate critical risks within your organization.
How do I check system compliance? ›Compliance checking should be based on the agreed controls from the risk analysis results for the scope or context as well as security-operating procedures which the Top Management has approved. The objectives are to ascertain whether controls are implemented and used correctly and are fit for purpose.
Where do I go to verify my Microsoft account? ›- Sign in to Manage how you sign in to Microsoft.
- A Verify button will be next to any unverified aliases.
- Click Verify next to your email address, and then click Send email.
To open Trust Center in an Office program
Click File, and then click Options. Click Trust Center, and then click Trust Center Settings.
The Service Trust Portal is Microsoft's public site for publishing audit reports and other compliance-related information associated with Microsoft's cloud services.
What is my account portal? ›The My Account portal helps you to manage your work or school account by setting up and managing your security info, managing your connected organizations and devices, viewing how your organization uses your data.
Is Microsoft purview included in Office 365? ›Microsoft Purview includes risk and compliance solutions that support services included in Microsoft 365. These services include Microsoft Teams, SharePoint, OneDrive, Exchange, and others. These compliance and risk solutions help your organization to: Protect sensitive data across clouds, apps, and devices.
What is the Microsoft 365 compliance admin center? ›Microsoft 365 compliance solutions help you discover, protect, and govern your data, address regulations and standards, and mitigate insider risks. The Microsoft 365 compliance connector allows you to automate actions for many of these compliance solutions.
How do I connect to security and compliance center? ›Connect to Security & Compliance PowerShell with an interactive login prompt. In the sign-in window that opens, enter your password, and then click Sign in. In PowerShell 7, browser-based single sign-on (SSO) is used by default, so the sign in prompt opens in your default web browser instead of a standalone dialog.
Is Microsoft NIST compliance? ›
Yes. Microsoft customers may use the audited controls described in the reports from independent third-party assessment organizations (3PAO) on FedRAMP standards as part of their own FedRAMP and NIST risk analysis and qualification efforts.
What is the difference between Microsoft compliance Center E3 and E5? ›E3 provides the full suite of enterprise functionality with Office applications (Word, Excel, PowerPoint, etc.) and additional security functionality. E5 is the most advanced package, with all the features of E3, alongside advanced email security functionality, analytics, and phone systems.
What is Microsoft security compliance Toolkit? ›The Security Compliance Toolkit (SCT) is a set of tools that allows enterprise security administrators to download, analyze, test, edit, and store Microsoft-recommended security configuration baselines for Windows and other Microsoft products.
Is compliance officer the same as compliance manager? ›It is the job of a compliance officer, also referred to as a compliance manager, to monitor the activities of an organization to ensure they are within the standards, guidelines and laws of all governing bodies pertaining to the organization.
What is the difference between a compliance officer and a compliance manager? ›Your compliance manager (also commonly called a compliance officer) works to assure that your organization remains within the strict boundaries of regulatory requirements and meets all official standards that govern your business.
What is the job outlook for a compliance manager? ›The Bureau of Labor Statistics projects 4.3% employment growth for compliance officers between 2021 and 2031. In that period, an estimated 15,100 jobs should open up.
How do I turn off Microsoft Trust Center? ›You may try to Open Excel, open Settings and locate the Trust Center section. Click “Trust Center Settings” and locate the “Protected View” area and uncheck all options.
Is trust center part of Microsoft Defender for cloud? ›The Trust Center is an important part of the Microsoft Trusted Cloud Initiative and provides support and resources for the legal and compliance community.
Which Microsoft 365 compliance feature can you use to encrypt content automatically? ›Use mail flow rules in Exchange Online to automatically encrypt a message based on certain conditions. For example, you can create policies that are based on recipient ID, recipient domain, or on the content in the body or subject of the message. See Define mail flow rules to encrypt email messages in Office 365.
What five 5 factors must a compliance plan include? ›- Leadership.
- Risk Assessment.
- Standards and Controls.
- Training and Communications.
- Oversight.
What are the 5 functions of compliance? ›
A compliance department typically has five areas of responsibility—identification, prevention, monitoring and detection, resolution, and advisory. A compliance department identifies risks that an organization faces and advises on how to avoid or address them.
What is the compliance score in purview? ›The Compliance Manager dashboard displays your overall compliance score. This score measures your progress in completing recommended improvement actions within controls. Your score can help you understand your current compliance posture. It can also help you prioritize actions based on their potential to reduce risk.
How do I pass a compliance interview? ›- Do your legwork up front. Always do the research ahead of time so you know exactly who will be interviewing you. ...
- Dress the part. ...
- Talk like a compliance pro. ...
- Have answers for these common compliance interview questions.
- Be Proactive in Managing Compliance and Ethics. ...
- Adopt and Communicate an Ethical Profile. ...
- Train Employees on Compliance Policies. ...
- Integrate Hotlines with the Compliance Program. ...
- Adopt a Risk-Based Approach to Compliance Management.
Compliance skills are ensuring that the business or organization adheres to all national (and international) regulatory frameworks and policies. Some of the measures that could be implemented to guarantee this are: risk assessments and management. compliance investigations.
What is Microsoft security compliance Manager? ›SCM enables organizations to centrally plan, view, update, and export thousands of Group Policy settings for Microsoft client and server operating systems and applications. It makes it easier for organizations to plan, implement, and monitor security compliance baselines in their Active Directory infrastructure.
What is advanced compliance in Microsoft? ›Office 365 Advanced Compliance offers additional security measures through Customer Lockbox, which requires two levels of approval for your data to even be accessed by Microsoft.
What is Microsoft 365 called now? ›Office.com changed to Microsoft365.com. The Office app for Windows 10 and 11 is now the Microsoft 365 app. The Office app for mobile is the Microsoft 365 mobile app.
What is compliance and do I need it? ›The purpose of compliance is to adhere to both internal policies and procedures, along with governmental laws. By implementing compliance procedures protects your company's reputational risk and improves your company's vision and value as well prevent and detect violations of rules.
What are the three phases of Microsoft 365 compliance? ›Microsoft 365's internal compliance program is designed to ensure security and privacy are considered at all phases of the development process. Each service begins the assurance lifecycle with the execution of three related efforts: security, privacy, and compliance.
Who uses compliance software? ›
Manufacturers use compliance software to ensure that all product materials and manufacturing processes conform to applicable regulatory and industrial quality standards.
What is a compliance checklist? ›What Is A Compliance Checklist? A compliance audit checklist is a compliance tool utilized by external or internal auditors to assess and verify an organization's adherence to government regulations, industry standards, or the company's own policies.
What is an example of a compliance test? ›Some of the examples of compliance testing are: User Access Rights and security regulations. Program change and control procedures. The procedure and guidelines for documentations.
What are compliance settings? ›Compliance settings let you manage the configuration and compliance of clients in your organization.
How do I skip Microsoft account verification? ›Go to Security settings and sign in with your Microsoft account. Under the Two-step verification section, choose Set up two-step verification to turn it on, or choose Turn off two-step verification to turn it off.
Why is Microsoft asking me to verify my account? ›If you're prompted to verify your account when you try to send an email message from Outlook.com, it is because we are trying to protect your account. Outlook.com will occasionally prompt you to verify your account, just to make sure you're still you and your account hasn't been compromised by spammers.
Will Microsoft email me to verify my account? ›"Verify Microsoft Account" refers to an email spam campaign. These emails are disguised as notifications from Microsoft Corporation, concerning a necessary Microsoft account verification. It must be emphasized that these scam letters are in no way associated with the actual Microsoft Corporation.
How do you open the security & compliance Center? ›To go there, in the Microsoft 365 compliance center, in the navigation pane on the left side of the screen, choose More resources, and then, under Office 365 security & compliance center, choose Open.”
How do I log into compliance portal PowerShell? ›Connect to Security & Compliance PowerShell with an interactive login prompt. In the sign-in window that opens, enter your password, and then click Sign in. In PowerShell 7, browser-based single sign-on (SSO) is used by default, so the sign in prompt opens in your default web browser instead of a standalone dialog.
How do I access Microsoft portal? ›Access the My Apps portal on mobile Edge
Open the mobile Edge browser and Sign in to the My Apps portal with your work or school account on your computer. Your organization might direct you to a customized page such as https://myapps.microsoft.com/contoso.com. From the Apps page, select the app you want to start using.
What is the compliance admin center? ›
Description. Compliance Administrator. Members can manage settings for device management, data loss prevention, reports, and preservation. Data Investigator. Members can perform searches on mailboxes, SharePoint sites, and OneDrive accounts.
What is the Microsoft 365 compliance Admin Center? ›Microsoft 365 compliance solutions help you discover, protect, and govern your data, address regulations and standards, and mitigate insider risks. The Microsoft 365 compliance connector allows you to automate actions for many of these compliance solutions.
What is Microsoft purview portal? ›Microsoft Purview is a family of data governance, risk, and compliance solutions that can help your organization govern, protect, and manage your entire data estate.
How do I reply to compliance portal? ›- Login to Income Tax Portal. Login to incometax.gov.in using your PAN/Aadhaar and OTP/password. ...
- Select the relevant e-campaign. ...
- Select the Information Category. ...
- Select the Transactions. ...
- Select the Response and Submit.
To search for locked out accounts, you can run the Search-AdAccount command using the LockedOut parameter. This will return all users currently locked out granted you have the right to see that.
How do I enable PowerShell logging in PowerShell? ›To enable module logging: In the Windows PowerShell GPO settings, select Computer Configuration > Administrative Templates > Windows Components > Windows PowerShell, and set Turn on Module Logging to enabled.
How do I open portal Manager? ›- Go to Power Apps.
- Select Apps from the left pane.
- Select Portal Management app to open.
- Portal Management app opens in a new browser tab.
Use Power Apps portals to create external-facing websites that allow users outside their organizations to sign in with a wide variety of identities, create and view data in Dataverse, or even browse content anonymously.
What is Microsoft compliance lock? ›Compliance locking is when ur account is put on a temporarily hold and most cases this happens when a person trys to complete a file transfer to verify ownership of the account and then what happens is Microsoft can not verify ownership so then it is locked then the original owner has to go to aka.ms/compliancelock and ...
What does Microsoft compliance do? ›Microsoft offers comprehensive compliance and data governance solutions to help your organization manage risks, protect and govern sensitive data, and respond to regulatory requirements. Safeguard sensitive data across clouds, apps, and endpoints. Identify and remediate critical risks within your organization.