Platform

One intelligent pipeline, controls to cloud.

ComplianceIQ reads your regulatory controls, maps them to Azure Policy and Microsoft Defender for Cloud guidance with AI, and hands you a deployable initiative, all running on an Azure-native, Entra-secured stack.

Targets

Three Microsoft compliance platforms

Map a control once, then generate configuration for the Microsoft platform that enforces it.

Microsoft Defender for Cloud

Deploy compliance controls as Azure Policy initiatives with Sovereign Landing Zone support for data-residency requirements.

  • Azure Policy initiatives
  • Defender for Cloud recommendations
  • Sovereign Landing Zone policies (L1–L3)
  • MCSB control mapping

Microsoft 365 Compliance

Map controls to Microsoft 365 protection policies, managed through the Microsoft Graph API.

  • Data Loss Prevention (DLP)
  • Conditional Access
  • Device compliance (Intune)
  • Information Protection

Microsoft Purview

Map controls to unified data governance: sensitivity labels, retention, DLP, eDiscovery, and records management.

  • Sensitivity labels
  • Purview DLP policies
  • Retention labels & policies
  • eDiscovery & records management

Architecture

How it fits together

A Streamlit front end talks to a FastAPI service that orchestrates Azure OpenAI and persists mappings to Cosmos DB.

Infrastructure

Deployed on Azure, via Bicep

One azd up provisions the full stack behind a private network with Entra ID at the front door.

  • Azure Container AppsFrontend + backend, scaled independently
  • Azure OpenAIStructured-output completions
  • Azure Cosmos DBNoSQL session & mapping storage
  • Azure Container RegistryPrivate image registry
  • VNet + private endpointsNo public data-plane exposure
  • Entra ID authenticationSign-in gated at the app front door

Run ComplianceIQ in your own tenant

The full toolkit (catalogs, AI agent, and deployable initiatives) is open source.