Microsoft Purview · Global & Security Roles
Service Assurance User
Members can access the Service Assurance section in the Microsoft Purview portal. Service Assurance provides reports and documents that describe Microsoft's security practices for customer data stored in Microsoft 365, including SOC reports, ISO certifications, and penetration test results.
Scope: Read-only access to Microsoft's service assurance documentation and compliance reports
Permissions
- Service Assurance View - Access Service Trust Portal documents
- Download SOC 1/2/3 audit reports
- Access ISO 27001, 27017, 27018 certifications
- View FedRAMP, HIPAA, GDPR compliance documentation
- Access penetration testing summaries
- View Microsoft data protection practices
Common use cases
- Customer due diligence and vendor risk assessments
- Regulatory audit evidence gathering (SOC 2, ISO, HIPAA)
- Responding to customer security questionnaires
- Internal compliance program documentation
- Privacy impact assessments referencing Microsoft's practices
Best practices
- Assign to compliance, audit, and legal teams who handle customer due diligence
- Refresh documents annually as Microsoft publishes new reports
- Combine with Compliance Manager access for end-to-end compliance reporting
- Document chain of custody when sharing reports with auditors
Security considerations
- Service Assurance documents may be confidential under NDA
- Reports describe Microsoft's security posture — handle per Microsoft NDA terms
- No access to customer data — purely Microsoft compliance documentation