A compliance officer needs to evaluate their organization's security and compliance posture against multiple regulatory frameworks such as HIPAA, GDPR, and ISO 27001. The solution must provide a continuous assessment score, actionable improvement actions, and the ability to track implementation progress. Which Microsoft Purview solution should they use?
Compliance Manager offers a compliance score, pre-built assessments for standards like GDPR and HIPAA, and tracks improvement actions to remediate gaps.
Why this answer
Microsoft Purview Compliance Manager is the correct solution because it provides a continuous compliance assessment score against multiple regulatory frameworks (including HIPAA, GDPR, and ISO 27001), offers actionable improvement actions, and enables tracking of implementation progress through a centralized dashboard. It maps controls to specific regulations and generates a compliance score based on implemented controls, making it the only option that meets all stated requirements.
Exam trap
The trap here is that candidates often confuse Compliance Manager with Information Protection or DLP because all three are Purview solutions, but only Compliance Manager provides multi-framework compliance scoring and improvement tracking, while the others focus on data classification or leakage prevention.
How to eliminate wrong answers
Option A is wrong because Microsoft Purview Information Protection focuses on classifying, labeling, and protecting sensitive data (e.g., via sensitivity labels and encryption), not on evaluating compliance posture against regulatory frameworks or providing a continuous assessment score. Option B is wrong because Microsoft Purview Data Loss Prevention (DLP) is designed to detect and prevent unauthorized sharing of sensitive data through policies and rules, not to assess compliance against multiple frameworks or track improvement actions. Option D is wrong because Microsoft Purview eDiscovery is used for identifying, preserving, and exporting electronic content for legal or investigative purposes, not for continuous compliance scoring or regulatory framework mapping.