Privacy in Azure
When you use Azure services, you are entrusting us with one of your most valuable assets – your data. You trust that the privacy and confidentiality of the data that you store and process in Azure services will be protected and that it will only be used in a way that is consistent with your expectations.
You control your data
With Azure, you are the owner of the data that you provide for storing and hosting in Azure services. We do not share your data with advertiser-supported services, nor do we mine it for any purposes such as marketing research or advertising.
We only process your data with your agreement, and when we have your agreement, we use your data to only provide the services that you have chosen. These agreements apply equally to subcontractors (or subprocessors) that Microsoft authorises and hires to perform work that may require access to your data: they can only perform the functions that Microsoft has hired them to provide, and they are bound by the same contractual privacy commitments that Microsoft makes to you.
If you leave the Azure service or your subscription expires, Microsoft follows strict standards for removing data from its systems.
"Prospects also really like our strengthened data protection story, too, as Azure's adherence to standards means we are now a fully GDPR-ready option now."
You choose where your data is located
When you use Azure, you choose where your data is located. Through our large and ever-expanding network of data centres around the globe, Microsoft offers data residency and Azure allows you to choose from more than 60 regions linked by one of the largest interconnected networks on the planet, including more than 150 data centres and growing.
However, no matter where your data is stored, Microsoft does not control or limit the locations from which you or your end users may access, copy or move customer data. Most Azure services enable you to specify the region where your customer data will be stored and processed.
Azure secures your data at rest and in transit
With state-of-the-art encryption, Azure protects your data both at rest and in transit. Azure secures your data using various encryption methods, protocols and algorithms, including double encryption.
- For data at rest, all data written to the Azure storage platform is encrypted through 256-bit AES encryption and is FIPS 140-2 compliant. Proper key management is essential. By default, Microsoft-managed keys protect your data, and Azure Key Vault helps ensure that encryption keys are properly secured. Azure key management also includes server-side encryption that uses service-managed keys, customer-managed keys in Azure Key Vault or customer-managed keys on customer-controlled hardware. With client-side encryption, you can manage and store keys on-premises or in another secure location.
- For data in transit – data moving between user devices and Microsoft data centres or within and between the data centres themselves – Microsoft adheres to IEEE 802.1AE MAC Security Standards, and uses and enables your use of industry-standard encrypted transport protocols, such as Transport Layer Security (TLS) and Internet Protocol Security (IPsec).
Microsoft defends your data
Through clearly defined and well-established response policies and processes, strong contractual commitments, and if need be, the courts, Microsoft defends your data. We believe that all government requests for your data should be directed to you. We do not give any government direct or unfettered access to customer data. Microsoft is principled and transparent about how we respond to requests for data.
Because we believe that you have control over your own data, we will not disclose data to a government except as directed by you or where required by law. Microsoft scrutinises all government demands to ensure that they are legally valid and appropriate.
If Microsoft receives a demand for a customer's data, we will direct the requesting party to seek the data directly from the customer. If compelled to disclose or give access to any customer's data, Microsoft will promptly notify the customer and provide a copy of the demand unless legally prohibited from doing so.
Azure adheres to privacy standards
Get details on how Azure also complies with many external privacy standards, laws and regulations, including: the GDPR, ISO/IEC 27701, ISO/IEC 27018, EU Standard Contractual Clauses, HIPAA, HITRUST, FERPA, Japan My Number Act, Canada PIPEDA, Spain LOPD and Argentina PDPA.
Get help with fulfilling your General Data Protection Regulation (GDPR) obligations with documentation specific to Azure, including: