Both have Privacy, compliance and security menus on their site and redirect to compliance offerings. So how do we differentiate for what purpose do we you one of each or both is the question. My team is working on documentation for pricing and compliance and we need to segregate the requirements. Appreciate any information. Thanks
Sure, great question. Let me attempt to answer it below:
Service Trust Portal is the repository Azure uses to expose/provide customers with Azure's compliance documentation, whitepapers, and reports (this includes documents like SSP that shows how Azure satisfies compliance requirements, etc.). Service Trust Portal is where you would go to understand how Azure satisfies any of the compliance offerings listed here: https://azure.microsoft.com/en-us/overview/trusted-cloud/compliance/
On the other hand, compliance manager is a Microsoft 365 (formerly Office 365) tool that allows Microsoft 365 customers like yourself to satisfy their compliance requirements. It supports control statement authoring, Assessor's assessment result (compliance status) tagging, and export to Excel. A use case example for Compliance Manager is if you are a Healthcare provider using M365 that needs to satisfy HIPAA, you will use it for documentation and assessment. This will be in addition to M365's existing HIPAA authorization.