A company needs to demonstrate compliance with the Payment Card Industry Data Security Standard (PCI DSS) for their Azure workloads. They use Microsoft Defender for Cloud for security management. Which feature should they use to view their current compliance status against PCI DSS controls and track progress over time?
Correct. The Regulatory compliance dashboard provides a detailed view of compliance with regulations like PCI DSS, showing which controls pass and fail, and offers ongoing assessments.
Why this answer
The Regulatory compliance dashboard in Microsoft Defender for Cloud provides a pre-built view of compliance posture against standards like PCI DSS. It maps Azure resource configurations to specific PCI DSS controls, shows pass/fail status per control, and tracks compliance score over time, enabling continuous monitoring and evidence collection for auditors.
Exam trap
The trap here is that candidates may confuse the Recommendations blade (which shows individual security findings) with the Regulatory compliance dashboard (which aggregates those findings into a compliance framework view), leading them to select Recommendations instead of the correct dashboard.
How to eliminate wrong answers
Option A is wrong because Security policy defines rules and initiatives for resource compliance but does not provide a dashboard to view current compliance status or track progress against PCI DSS controls. Option B is wrong because Recommendations are individual security findings that suggest actions to improve security posture, but they do not aggregate or map to PCI DSS controls in a compliance dashboard format. Option D is wrong because Security incidents are alerts about detected threats or attacks, not a compliance tracking tool for standards like PCI DSS.