Skip to main content


imageResponding to customers’ need for speed, Microsoft Azure has published six new Service Organization Control (SOC) reports, just three months after the previously issued reports. Azure is the first and only enterprise cloud provider to support quarterly SOC reports.

A quarterly publishing cadence allows customers to more frequently receive current reports which address their compliance obligations for new services as they become available. In addition, a customer’s need to rely upon CSP-issued bridge letters is reduced dramatically.

Azure provides the deepest and most comprehensive compliance coverage in the industry and the latest SOC reports have the largest scope for a cloud provider in terms of services covered, and regions and locations included. Our SOC reports assess three unique cloud environments: Azure, Azure Government, and Azure Germany.

Microsoft has issued a SOC 1 Type 2 report according to the latest AICPA SSAE 18 standard, as well as a SOC 2 Type 2 report relevant to the security, availability, confidentiality and processing integrity trust principles. In addition, the SOC 2 Type 2 report includes an additional attestation based on the Cloud Security Alliance (CSA) Cloud Control Matrix (CCM). The Azure Germany SOC 2 Type 2 report also includes the Cloud Computing Compliance Controls Catalog (C5) attestation designed for cloud providers to demonstrate sound security practices.


Highlights of the SOC reports:

Learn more about Azure compliance offerings, and download the latest SOC reports at the Microsoft Azure Trust Center.

See for more on Azure regions, including those coming soon.

  • Explore


    Let us know what you think of Azure and what you would like to see in the future.


    Provide feedback

  • Build your cloud computing and Azure skills with free courses by Microsoft Learn.


    Explore Azure learning