Microsoft Security Best Practices module: Governance, risk, and compliance

Governance, Risk, and Compliance (GRC) activities help reduce organizational risk by ensuring policy and best practices are followed consistently over time. This section also addresses key roles and responsibilities we have found important for successfully managing cloud security.

See the Governance, risk, and compliance and Capabilities topics for more information.

The following videos provide guidance on governance, risk, and compliance. You can also download the PowerPoint slides associated with these videos.

Part 1: Introduction + Manage Connected Tenants (08:45)

Part 2: Clear Lines of Responsibility (02:46)

Part 3: Segmentation Strategy (02:11)

Part 4: Management Groups (04:15)

Part 5: Root Management Group (03:06)

Part 6: GRC Top Risks (03:31)

Part 7: Security Incident Notification (03:35)

Part 8: Access Reviews (02:15)

Part 9: Security Posture Improvement (03:30)

Part 10: Access for Security Personnel (03:18)

Part 11: Insecure Legacy Protocols (01:53)

Part 12: Compliance (04:29)

Part 13: Benchmarks (01:37)

Part 14: Azure Policy (02:30)

Part 15: Elevated Security Capabilities (03:43)

Part 16: General Guidance (03:01)

Next steps

For additional security guidance from Microsoft, see Microsoft security documentation.