Compliance for Claude inside Microsoft 365 — the full walkthrough
Most regulated lenders run on Microsoft 365 — Teams chat,
SharePoint document libraries, Word, OneDrive. Claude Cowork
is Anthropic’s integration into that envelope. Every Compliance for Claude
download is built to drop into your existing M365 compliance workflow:
a P&P .docx opens in Word; a regs bundle
.zip lives in SharePoint; the Compliance Log
.md attaches to any Cowork chat.
This page is the full walkthrough for a compliance officer at an M365 shop: which pattern to use, when, and what the folder structure should look like so the audit trail survives.
Three patterns, ranked by use case
Pick the pattern that matches the work in front of you. They share files; they differ in where the Claude conversation happens and how long the artifact set persists.
Quick spot-check in Teams chat
Use when: a quick regulatory question. One-shot. No artifact set to preserve.
- Open Cowork in Teams.
- Open any register or P&P page on this site; copy its URL or the verbatim text.
- Paste into Cowork → ask the question.
- Done.
Audit trail: Teams chat history + Anthropic Compliance API capture both record the session. No structured artifact set produced.
Quarterly P&P review via SharePoint library
Use when: a real P&P refresh. Multi-session work. The artifact set needs to live somewhere durable for the next examiner ask.
- Set up a SharePoint library: “Compliance for Claude Compliance Reviews”.
- One folder per P&P, per cycle.
- Drop the .docx + regs .zip + Compliance Log into the folder.
- Open Cowork pinned to that folder. Run the playbook prompt.
- Type
give me the logat the end. Paste output into Appendix A.
Audit trail: the folder IS the audit trail. Every quarter’s reviews persist as named artifacts in SharePoint. Folder + Compliance Log output + Compliance API export = complete coverage.
Heavy line-by-line review in Word
Use when: a major P&P rewrite. Track Changes on. Counsel will review the redline.
- Open the P&P .docx in Word with Track Changes on.
- Side-panel Cowork (Word + Cowork integration).
- Attach regs .zip and Compliance Log to the Cowork side-panel.
- Walk section by section. Apply edits to the .docx as you go.
- End with
give me the log. Paste into Appendix A.
Audit trail: Word’s Track Changes history + Compliance Log output + Cowork transcript. Strongest single-document record.
Recommended SharePoint folder structure (Pattern B)
The structure below is built so that (a) each P&P’s artifact set is self-contained, (b) the audit trail lives in the same folder as the work, and (c) an examiner walks through the library and finds the answer to every common question without your help.
SharePoint > Compliance Site > Document libraries > "Compliance for Claude Compliance Reviews" │ ├── _evidence-feed/ ← Compliance API monthly export drops here │ ├── 2026-01_claude-sessions.ndjson │ ├── 2026-02_claude-sessions.ndjson │ └── ... │ ├── _agents/ ← shared resources, downloaded once │ ├── mc4c-session-logger.md ← the Compliance Log (reusable) │ └── README-which-prompts.md ← your team's playbook prompts │ ├── 2026-Q1/ │ ├── loss-mit-program/ │ │ ├── servicing-loss-mitigation-program.docx ← original from /pp/ │ │ ├── loss-mit-update-check.zip ← regs bundle download │ │ ├── session-log-2026-02-14.md ← Compliance Log output │ │ ├── DRAFT-v2.docx ← in-progress edit │ │ └── FINAL-v2.0.pdf ← signed-off PDF for DMS │ │ │ ├── avm-governance/ │ │ ├── avm-governance-program.docx │ │ ├── avm-rule-update-check.zip │ │ ├── session-log-2026-02-22.md │ │ ├── DRAFT-v3.docx │ │ └── FINAL-v3.0.pdf │ │ │ └── 2026-Q1-REVIEW-SUMMARY.md ← rollup memo for your CCO/SVP │ ├── 2026-Q2/ │ └── ... │ └── _readme.md ← library purpose + filing rules
The two leading-underscore folders (_evidence-feed,
_agents) sort to the top in SharePoint’s default
alphabetical view. Quarter folders fall below them in date order.
The 2026-Q1-REVIEW-SUMMARY.md file is the rollup
artifact you produce after each quarter’s reviews —
that’s what an SVP/CCO reads.
Pattern B, step by step
The recommended pattern in detail. Walk through this once and your library becomes self-running.
Step 1 — One-time setup
Done once per team, then never again.
- Create the SharePoint library on your compliance site: “Compliance for Claude Compliance Reviews.” Permissions: compliance team + audit + designated SVP/General Counsel reviewers.
- Create
_agents/. Download the Compliance Log once. Drop it in_agents/mc4c-session-logger.md. Every P&P review references this single file going forward. - Create
_evidence-feed/. This is where your IT admin drops the monthly Anthropic Compliance API export. See the request template you hand IT. - Write
_readme.mdas a one-page library doc: who owns it, what goes in each folder, retention policy (7 years matches most firms’ compliance-record-retention policy).
Step 2 — Start a P&P review
- Identify the P&P. Pick from your firm’s existing P&P library.
- Create the quarter folder + P&P subfolder.
E.g.
2026-Q1 > loss-mit-program/. - Drop in the source files:
- Your current P&P
.docx(or the Compliance for Claude template). - The matching regs
.zipfrom a playbook page on this site.
_agents/— don’t copy it per folder. - Your current P&P
- Start a Cowork session in Teams in your compliance channel. Attach all three files (drag from SharePoint, or use Cowork’s SharePoint file picker).
Step 3 — Run the playbook prompt
Paste the matching prompt from the regulatory update kit or use one of the worked examples on the homepage. The Compliance Log automatically maintains three running tables during the session (obligations reviewed, edits proposed, fact-finds opened).
Iterate. Push back on flagged rows. Ask for the
regulator quote supporting each finding. Apply edits to the
.docx as you go.
Step 4 — Close the session
- Type
give me the log. Claude outputs the full review record + the formal P&P Change Log Entry. - Save the log as
session-log-2026-02-14.mdin the P&P folder. - Open the .docx in Word (the version with your edits). Scroll to Appendix A — Change Log (already scaffolded). Paste your Change Log Entry as a new row. Add the section-by-section description below.
- Save As → PDF. Name it
FINAL-v[X.Y].pdf. Drop into the P&P folder alongside the source files.
Step 5 — End of quarter
-
Write
2026-Q1-REVIEW-SUMMARY.mdat the top of the quarter folder. Cowork can draft this for you — attach every session log from the quarter, prompt: “Summarize the quarter’s P&P reviews. Coverage: which P&Ps were touched, which obligation IDs got flagged, what edits landed, what remains open.” - Hand the summary to your SVP/CCO. It’s one page; they can act on it.
- Compliance API check. Drop the latest export
into
_evidence-feed/. If you’ve already built the reconciliation tooling (see the Compliance API page), run it — any Compliance API session that touched a/pp/file but has no matching Compliance Log output = a coverage gap to investigate.
Microsoft 365 gotchas worth knowing
SharePoint vs. OneDrive — pick SharePoint for audit-trail folders
Files in your personal OneDrive sit under your name; they leave when you leave. SharePoint document libraries are team-owned and survive personnel changes — the right location for compliance evidence with a 7-year retention.
Cowork file-size limits
Large regs bundles can exceed Cowork’s per-attachment cap. All Compliance for Claude playbook bundles ship pre-trimmed to fit; if you assemble your own bundles, keep individual zips under ~5 MB to be safe. Use multiple smaller attachments if needed.
Track Changes interaction in Word + Cowork
When you edit a P&P in Word with Track Changes on, Cowork sees the active rendered version — it doesn’t see your tracked changes as before/after pairs. If you want Claude to review your edits, save a snapshot copy (without Track Changes) and attach both old + new to a fresh Cowork session. Use the “Compare two versions” prompt pattern from the homepage.
Search across the library
SharePoint’s built-in search will index your Compliance Log
.md files and the .docx files. Search across the
library for “§1024.41(b)(2)” and find every
review that touched that obligation — useful when an examiner
asks about a specific cite.
M365 + your AI inventory
Good AI governance — and Fannie Mae’s AI Lender Letter (LL-2026-04) — calls for maintaining an inventory of the AI you use. “Claude” is one entry in that inventory. The combination of Cowork sessions (Compliance API metric) + Compliance for Claude Compliance Log outputs (regulatory scope) gives you an inventory entry that updates itself quarterly — you don’t hand-collect metrics every audit cycle.
See the Compliance API page for the five-move integration sequence.