9.6 Scenario Selection for Trust, Privacy, and Compliance Manager
Key Takeaways
- Choose Service Trust Portal for Microsoft trust, privacy, and compliance information.
- Choose Microsoft Priva when the scenario is explicitly privacy-focused.
- Choose Compliance Manager for assessments, improvement actions, and compliance score.
- Choose the Microsoft Purview portal or a specific Purview feature based on whether the question is broad or specific.
Product Selection Pattern
The first Microsoft compliance chapter is mostly about choosing the right tool for the stated goal. The answer choices may all sound reasonable because they are all Microsoft products. SC-900 is asking whether you can tell the difference between trust resources, privacy capabilities, the Purview portal, and Compliance Manager work.
Start by underlining the business role and the action. A compliance stakeholder reviewing Microsoft cloud trust information is different from a privacy team managing privacy concerns. A compliance manager tracking assessments is different from a records manager applying retention. A security operations analyst investigating threats is different from all of those. The role is helpful, but the action verb is usually decisive.
| Scenario action | Best answer | Why |
|---|---|---|
| Review Microsoft cloud trust and compliance information | Service Trust Portal | The organization wants assurance information |
| Address privacy-focused compliance needs | Microsoft Priva | The scenario is explicitly about privacy |
| Work through assessments and improvement actions | Compliance Manager | The work is structured compliance posture tracking |
| Use a broad Microsoft compliance workspace | Microsoft Purview portal | The prompt is about the portal family |
| Label, retain, discover, or audit data | Specific Microsoft Purview data capability | The prompt gives a concrete data governance task |
One useful trap detector is to ask whether the product would actually perform the requested action. Service Trust Portal can be the right place for trust information, but it does not classify tenant data. Microsoft Priva is privacy-focused, but it is not the SIEM and SOAR platform. Compliance Manager tracks assessment work, but it is not the data loss prevention engine. Microsoft Purview portal is broad, but a named Purview feature can be more precise.
The second trap is score confusion. Compliance score belongs with Compliance Manager. It is not the same as the SC-900 scaled passing score, and it is not the same idea as cloud security posture scoring in Defender for Cloud. If a question says improvement actions and compliance score, stay in this chapter. If it says security recommendations for cloud workloads, move to Defender for Cloud.
Use this quick elimination list:
- Remove Sentinel when the scenario is not about SIEM, SOAR, analytics, incidents, hunting, workbooks, or playbooks.
- Remove Defender products when the scenario is not about threat protection, posture, endpoint, app, identity, vulnerability, or threat intelligence work.
- Remove Entra answers when the scenario is not about identity, access, authentication, authorization, roles, governance, or risk.
- Remove Azure network controls when the scenario is about compliance management rather than network traffic.
By the end of this chapter, you should be able to answer the broad Microsoft compliance questions without memorizing screens. Chapter 10 adds the data side of Microsoft Purview: classification, labels, data loss prevention, retention, eDiscovery, insider risk, and audit.
A scenario mentions assessments, improvement actions, and a compliance score. Which answer should you choose?
A scenario asks where to review Microsoft cloud trust and compliance information. Which answer should you choose?
A scenario asks for a Microsoft compliance capability focused on privacy. Which product name is the best match?