When you use Microsoft Managed Desktop IT-as-a-service, Microsoft provides you with a comprehensive set of compliance offerings. This effort helps your organization comply with the various compliance requirements.
Microsoft Managed Desktop has achieved the following certifications:
- ISO 27001 Information Security Management Standards (ISMS)
- ISO 27701 Privacy Information Management System (PIMS)
- ISO 27017 Code of Practice for Information Security Controls
- ISO 27018 Code of Practice for Protecting Personal Data in the Cloud
- ISO 9001 Quality Management Systems Standards
- ISO 20000-1 Information Technology Service Management
- ISO 22301 Business Continuity Management Standard
- Cloud Security Alliance (CSA) STAR attestation
- Cloud Security Alliance (CSA) STAR certification
- Service Organization Controls (SOC) 1, 2, 3
- Payment Card Industry (PCI) Data Security Standard (DSS)
Auditor reports and compliance certificates
You can find relevant information, including control and technical requirements, in the Service Trust Portal (STP), the central repository for such information about Microsoft Cloud Service offerings. You can download auditor reports, compliance certificates, and more from the Audit Reports section of the STP.
Because Microsoft Managed Desktop runs on Azure, relevant documents usually have file names such as “Microsoft Azure, Dynamics 365, and other Online Services”. In those documents, you can usually find Microsoft Managed Desktop under the category “Microsoft Online Services” or “Monitoring + Management”.
Compliance for cloud services is a shared responsibility between cloud service providers and their customers. For more, see Shared Responsibilities for Cloud Computing in the TechNet Gallery.