9.1 Service Trust Portal and Assurance Resources
Key Takeaways
- The Service Trust Portal belongs in scenarios about Microsoft cloud trust, privacy, and compliance information.
- SC-900 expects you to separate trust documentation from operational tools that classify data, investigate alerts, or enforce policies.
- Use the Service Trust Portal answer when the need is assurance evidence or Microsoft compliance information, not tenant configuration.
- The Service Trust Portal is part of the Microsoft compliance solutions area in the SC-900 skills outline.
Service Trust Portal in SC-900
The Service Trust Portal is tested as part of the Microsoft compliance solutions domain. The exam is not asking you to perform a deep audit procedure. It is usually asking whether you can identify the Microsoft resource used when a business stakeholder, auditor, risk owner, or compliance lead needs Microsoft cloud trust, privacy, and compliance information.
A useful exam habit is to separate assurance resources from operational compliance tools. Assurance resources help an organization understand Microsoft cloud commitments and compliance information. Operational tools help a tenant classify data, apply policies, investigate activity, retain information, or manage compliance work. The Service Trust Portal sits on the assurance side of that divide.
| Scenario clue | Best SC-900 match | Why it fits |
|---|---|---|
| Need Microsoft cloud trust and compliance information | Service Trust Portal | The need is assurance information, not policy enforcement |
| Need to manage assessments and improvement actions | Compliance Manager | The need is structured compliance work |
| Need a privacy-focused Microsoft compliance capability | Microsoft Priva | The clue points to privacy management |
| Need to classify tenant data | Microsoft Purview data classification | The clue points to discovering or organizing sensitive data |
For a Fundamentals exam, do not overcomplicate the Service Trust Portal. If the scenario says the organization wants to review Microsoft trust information before adopting a cloud service, you should not choose data loss prevention, eDiscovery, or audit. Those are important Purview capabilities, but they act on tenant content, tenant activity, or compliance processes after the environment is in use.
The Service Trust Portal also helps explain why compliance is not a single button in Microsoft cloud services. Microsoft provides trust resources, privacy information, and compliance tooling, while the organization still owns its internal policies, decisions, users, data, and risk acceptance. That distinction mirrors the broader shared-responsibility theme from the first SC-900 domain.
Use this decision path when reading questions:
- If the scenario asks where to find Microsoft cloud trust or compliance information, think Service Trust Portal.
- If the scenario asks how to track compliance tasks, think Compliance Manager.
- If the scenario asks how to improve a compliance score, look for improvement actions.
- If the scenario asks how to protect or govern data, move to the Purview data controls in the next chapter.
The exam may include similar-sounding compliance options. Your job is to identify the action verb. Find, review, and understand Microsoft assurance information points to the Service Trust Portal. Configure, label, retain, audit, investigate, or prevent sharing points elsewhere in Microsoft Purview.
For study purposes, treat the Service Trust Portal as the answer before tenant configuration begins. The clue is usually a stakeholder validating Microsoft trust and compliance information, not an administrator applying a Purview policy to organizational data.
A compliance stakeholder wants Microsoft cloud trust and compliance information before a cloud adoption decision. Which Microsoft resource best fits the scenario?
Which clue most strongly indicates Service Trust Portal rather than an operational Microsoft Purview control?
Why should Service Trust Portal not be selected for a question about classifying files in a tenant?