Microsoft office in Washington, D.C.

Data compliance is—or at the very least should be—top of mind for any organization, including law firms. As data privacy laws sprout in various countries and U.S. states, so too are automated compliance tools that look to address clients' need for regulatory guidance.

Microsoft has also become part of that growing market with the recent updates of its tool Compliance Manager, which like its counterparts, advises customers if their security controls meet the requirements of various laws. However, Microsoft touts the compliance tool's central location, unlike standalone tools, for ongoing risk assessment as a key differentiator.

The Compliance Manager's new features include enabling users to create their own assessments—including for on-premises and non-Microsoft applications—against any regulation or standard. An additional new feature is the add-on's ability to automatically update the status of a newly implemented security control.

When testing an application's compliance with a number of regulations, users are given an application's compliance score, test date, what organization tested it and further details regarding the implementation and test details.

Users can track their application's compliance to a plethora of regulations and standards, according to Microsoft. These include the General Data Protection Regulation (GDPR); Health Insurance Portability and Accountability Act (HIPPA); NIST 800-53; ISO 27001-2013; Dynamics NIST 800-53; and Azure ISO 27001:2013.

Microsoft 365 product marketing director Hye Jun also said Microsoft plans to add security controls to its Compliance Manager to help with the California Consumer Privacy Act, which goes into effect in 2020, and is still being finalized.

To be sure, Microsoft programs are widely used by most law firms and corporate legal departments. In 2018, nearly 98% of lawyers said they used Microsoft Word for word processing and Microsoft Excel for spreadsheets, according to the American Bar Association's 2018 TechReport. That dominance in the workforce aside, Microsoft said the update to its Compliance Manager was in part a response to a growing regulatory landscape, a proliferation of unstructured data and an increase in compliance costs.

While Jun acknowledged more law firms are offering information governance services for clients' regulatory pressures, she billed the Compliance Manager as a “one-stop tool for customers to assess their compliance posture” unlike tools that aren't integrated into users' workflow.

The updates to Compliance Manager come just weeks after Microsoft also announced updates to its Office 365 e-discovery capabilities.