A Single, Unified Trust Center for the Microsoft Cloud

Today we’re pleased to announce that we have created a single Microsoft Trust Center at www.microsoft.com/trustcenter, which unifies the trust centers of our enterprise cloud services—Microsoft Azure, Microsoft Dynamics CRM Online, Microsoft Intune, and Microsoft Office 365.

Increasingly, our customers deploy multiple Microsoft cloud services, and many expressed a desire for a single point of reference for cloud trust resources. They have come to rely on the trust centers to document the adherence of our cloud services to international and regional standards, describe privacy and data protection policies and processes, and inform them about data transfer and location policies, as well as security features and functionality.

The Microsoft Trust Center gives everyone a single view into the commitments that we put at the heart of our trusted cloud: security of operations, data protection and privacy, compliance with local requirements, and transparency in how we do business. Now, customers can view a single page documenting which of our services comply with such standards as ISO 27018 or HIPAA, or our data location policies across services.

Information in the Trust Center is organized by our four underlying principles of security, privacy and control, compliance and transparency:

Security: Get an overview of how security is built into the Microsoft Cloud from the ground up, with protection at the physical, network, host, application, and data layers so that our online services are resilient to attack. Sections describe the individual security features of Azure, CRM Online, Office 365, and Intune.

Privacy and Control: Here we outline Microsoft Cloud privacy principles:

  • You own your own data describes Microsoft Cloud policies for data ownership; we will use your customer data only to provide the services we have agreed upon.
  • You are in control of your customer data provides datacenter maps for each service, and policies for data portability, retention, and access.
  • Responding to government and law enforcement requests to access customer data outlines our processes for responding, including our commitment to transparency and limits in what we will disclose.
  • We set and adhere to stringent privacy standards describes how privacy in the Microsoft Cloud is grounded in the Microsoft Privacy Standard and the Microsoft Secure Development Lifecycle, and backed with strong contractual commitments to safeguard customer data in the Microsoft Online Services Terms.

Compliance: Our combined compliance site contains comprehensive information on Microsoft Cloud certifications and attestations such as EU Model Clauses, FedRAMP, HIPAA, ISO/IEC 27001 and 27018, PCI-DSS, and SOC 1 and SOC 2. Each compliance page provides background on the certification, a list of compliant services, and detailed information such as implementation guides and best practices.

Transparency: The Microsoft Cloud is built on the premise that for you to control your customer data in the cloud, you need to understand as much as possible about how that data is handled. You’ll find a summary of the policies and procedures here.

We are committed to providing you the most trusted cloud on the planet though our foundational principles of security, privacy & control, compliance, and transparency.

Visit http://www.microsoft.com/TrustCenter

Doug Hauger
General Manager
National Cloud Programs

About the Author