NIS2 compliance? Check out regulation assessment in Microsoft Purview

Good evening everyone!

NIS2 have been a hot topic for some months now in EU and EEA countries. Many customers have users, data and other stuff in different cloud solutions like GWC, AWS and Microsoft cloud, but someone gets frustrated on how to start on their compliance journey. Are you Microsoft customer? Good for you. Then you need to check out Microsoft Purview's regulation assessment in Microsoft Purview. BUT, there is always BUT. This regulation assessments is only available for E5/G5/A5 customers. E5/G5/A5 customers can choose 3 premium templates for free. Customer with other licenses need to purchase them.

Source: Microsoft Purview Compliance Manager FAQ | Microsoft Learn

Ok, so to set up your regulation assessment go to compliance.microsoft.com or purview.microsoft.com. I suggest to use the new purview.microsoft.com portal, because the old one will be retired in 2024.

Go to Compliance Manager in the left menu and press Assessments

As you can see, I have already added a NIS2 assessment

Now, press Add assessment button

Press on Select regulation

Search for NIS2 and choose NIS2 Directive (EU) 2022/2555... and press Save

Create or choose existing group and press Next. You don't need to edit the assessment name

Press on Select services button that this assessment will apply to and choose your service, in this case we only have an active Microsoft 365 environment, so we will select this. It's also possible to add another services by pressing Add new services, but I haven't tested this out.

Now press Next

and Create assessment

Fine, we have now added our assessment to Compliance Manager

As you can see, you have different tabs here.

One of them is Your improvement actions, actions that your organization needs to do. And Microsoft's actions, which Microsoft need to fix. This assessment is not 100% ready to use right now, but I'm not sure when they will finish this one, but hopefully asap. Let's take a closer look.

Press on you NIS2 template

There is some stuff remaining from Microsoft's side with status Incomplete. You can check more details by pressing Microsoft actions button , but we will skip this now.

By pressing on Controls we can take a closer look on all controls which NIS2 requires

and all Articles in NIS2 directive under Control ID

Now, let's check Your improvement actions button

This is similar to Secure score actually

Let's check out Assign trainings and send reminders by pressing once on the line

Nice? Yeah. Here you have a guide , same which we can find in Secure Score in Defender portal.

This is actually a good start on your NIS2 journey, but remember one thing. By completing all your improvement actions will not make your organization NIS2 compliant. This is only to help you out with your Microsoft 365 environment.