We are introducing together with Microsoft a new tool called the Microsoft Compliance Configuration Analyzer (MCCA).
MCCA is a PowerShell utility to automatically validate your compliance configuration across Microsoft 365.
MCCA generates a HTML based report upon execution and provides you with all the details about your tenant’s compliance configurations and actionable insights to improve your compliance posture.
MCCA (currently in preview) reports all the compliance settings and improvement actions across the following solutions :
1. Microsoft Information Protection a. Data Loss Prevention b. Information Protection 2. Microsoft Information Governance a. Information Governance b. Records Management 3. Insider Risk a. Communication Compliance b. Insider Risk Management 4. Discovery & Response a. Audit b. eDiscovery
For all the solutions mentioned above, it generates the following details at a granular level :
-
Settings that are configured appropriately (color coded as green)
-
Improvement actions that you must take (color coded as orange)
-
Additional recommendations (color coded as grey)
-
Affected workloads, users / groups, as relevant to the solution in question
These settings are matched to your tenant’s geolocation which is auto-determined unless specific location is specified as input parameter while running the utility. The geo location helps this tool to map local regulations and check your compliance posture against the local benchmark.
In the image below, you can see that MCCA highlights all the sensitive information types for the geo-location – India
The outcome is also available as reports for any of the specific solutions mentioned.
MCCA goes a step further and also provides links to the following from within the report
-
Compliance Center settings for the particular solution.
-
Compliance Manager actions filtered based on the solution.
-
Microsoft documentation about how to configure a particular solution / action.
-
In some cases, it also provides PowerShell remediation scripts that you can use to configure the recommended settings.
So, the first thought that came to my mind after I saw the report was how this tool is any different from Microsoft Compliance Manager that already reports improvement actions.
Compliance Manager improvement actions only specify the settings you need to configure at a very high level. It doesn’t specify if you have the right configuration (granular details) or any current configurations in place. MCAA is more like an add-on to the compliance manager.
This tool is currently in preview and we expect many feature updates like
-
Links within Microsoft Compliance manager to MCCA to detail out the implementation of improvement actions that compliance manager reports currently.
-
Support for additional solutions apart from the eight supported already.
-
Enhanced “Best Practices” recommendations.
Details about how to set up MCCA and get started can be found here.
Infotechtion is always at the forefront of using latest tools and technologies to assist customers in improving their compliance posture.
Do let us know what you think about the tool or any recommendations that you might have in the comments section of this post and we will make sure that your feedback is heard.
Trial Office 365 Compliance With Infotechtion
We provide a self-service approach to validation of the key information governance use cases integrated with Microsoft 365 compliance, in a test environment hosted in Microsoft 365, and pre-configured by Infotechtion experts.
Key Highlights:
1. Configured proof-of-concept tenant with the test data for 40 days
2. The required Microsoft E5 licenses for the trial period
3. Establish a business case for change based on evidence
Our approach is highly effective and is proven to be 10x faster and cost-efficient than traditional approaches to test Microsoft 365 compliance features.