Data protection - Discover our trust principles
Data protection
Discover our trust principles.

Microsoft Dynamics CRM Trust centre

As a Microsoft Dynamics CRM Online customer, you have entrusted Microsoft to help protect your data. Microsoft values this trust and cares deeply about the privacy and security of your data. We strive to take a leadership role in industry privacy, security, and compliance practices through the following trust principles.

The Cloud Security Alliance suggests that every customer ask their cloud service provider a broad range of security and privacy questions. Because your trust is important to us, we have proactively answered these questions. We also have additional information about the products that are covered by the Trust centre content.

Get started
0845 700 1000

Your privacy matters

We respect the privacy of your data.

No advertising

Microsoft Dynamics CRM Online does not build advertising products out of customer data. We don’t scan your documents or files for building analytics, data mining, or advertising.

No mingling

Microsoft Dynamics CRM Online always allows you to keep your customer data separate from other customers' data. We provision you with your own database to maximise the security and integrity of your data.

Data portability

Microsoft Dynamics CRM Online customer data belongs to the customer. You can remove your data whenever you choose.

Leadership in transparency

As a Microsoft Dynamics CRM Online customer, you know where your data resides, who can access it, and what we do with it.


You know where the Microsoft major data centres and personnel are located and the logic used to determine where your data is stored.

Who and what

We offer clear information on who can access your Microsoft Dynamics CRM Online customer data and under what circumstances they access it.


Microsoft notifies you, if requested, about changes in our service operations.

Independently verified

Compliance with world-class industry standards is verified by third parties.

Certified for ISO 27001

ISO 27001 is one of the best security benchmarks available across the world.

EU Model Clauses

In addition to EU Safe Harbour, Microsoft Dynamics CRM Online will sign the standard contractual clauses created by the European Union (called the "EU Model Clauses") which address international transfer of data. Request a signed copy of the EU Model Clauses from Microsoft.

HIPAA-Business Associate Agreement*

Microsoft Dynamics CRM Online will sign requirements for the Health Insurance Portability and Accountability Act-Business Associate Agreement (HIPAA-BAA) with customers upon request. HIPAA is a U.S. law that applies to healthcare entities, such as doctors' offices, which the law calls covered entities. HIPAA governs the use, disclosure, and safeguarding of protected health information (PHI) and imposes requirements on covered entities to sign business associate agreements with their vendors that use and disclose PHI. Customers need IT Admin privileges to view and sign the HIPAA-BAA.


CRM Online is committed to annual SSAE 16 / ISAE 3402 attestation. The CRM Online service and supporting infrastructure has a SSAE 16 - SOC 1 Type 2 report available by request through Microsoft employees on behalf of current and prospective customers through SOC distribution. External and third parties must be under NDA to receive a copy due to contractual commitments with the third party auditor.

FedRAMP Roadmap*

Dynamics CRM submitted application for FedRAMP as of 10/14/2013. We do not yet have a forecast date on when FedRAMP authorisation might be granted. To learn more about the FedRAMP process, please visit the U.S. General Services Administration.

Data processing agreement*

Microsoft offers customers a comprehensive standard data processing agreement that addresses privacy, security, and handling of customer data. Our standard data processing agreement enables customers to comply with their local regulations.

Learn more about how Microsoft Dynamics CRM Online meets world-class industry standards.

* Applicable to Microsoft Dynamics CRM Online customers who manage their online services through the Microsoft Online Services Portal.

Relentless on security

We offer excellence in cutting-edge security practices.

Deep experience

We have developed our practices and policies as a result of more than 15 years of experience in providing security for online data.

Security Development Lifecycle

The Microsoft Security Development Lifecycle helps ensure that security and privacy is incorporated by design from software development through service operations.

Five layers of security

Data is secured in five different layers: data, application, host, network, and physical.

Proactive monitoring

We proactively monitor to help identify potential unknown threats by predicting malicious behaviour and monitoring for irregular events that may indicate threats.

Access restriction

Access to production servers is restricted to a small list of operations personnel.

Take the next steps

More details

Find a partner to expedite your progress using Microsoft Dynamics CRM.

Eyeful Presentations

Consultancy opens new office in days rather than weeks with cloud-based CRM

Try CRM now

See Microsoft Dynamics CRM in action with this guided demo, and then try it free for 30 days, with no obligation.

Social intelligence guide for sales