Privacy is one of the foundations of Microsoft’s Trustworthy Computing. Microsoft has a longstanding commitment to privacy, which is an integral part of our product and service lifecycle. We work to be transparent in our privacy practices, offer customers meaningful privacy choices, and manage responsibly the data we store. The Microsoft Privacy Principles, our specific privacy statements, and our internal privacy standards guide how we collect, use, and protect Customer Data. General information about cloud privacy is available from the Microsoft Privacy Web site. We also published a white paper Privacy in the Cloud to explain how Microsoft is addressing privacy in the realm of cloud computing.
Location of Customer Data
Microsoft currently operates Windows Intune in data centers around the world. In this section, we address common customer inquiries about access and location of Customer Data.
- During the initial sign-up for services, the customer’s administrator creates a tenant account and inputs the customer’s country or region. The customer’s selected geographic area ("geo" and "region") determines the storage for the Customer Data. For example, if the administrator inputs United Kingdom, the Customer Data processed as part of the Windows Intune subscription will be stored in a datacenter located in Europe. Available geos and regions are shown below. Please see the Windows Intune Status Page for service availability by region.
|Asia Pacific||Asia Pacific East (Hong Kong)|
Asia Pacific Southeast (Singapore)
|Europe||Europe North (Ireland)|
Europe West (Netherlands)
|United States||US North Central (Illinois)|
US South Central (Texas)
Microsoft will not transfer Customer Data outside the selected geo(s) except where necessary for Microsoft to provide customer support, troubleshoot the service, or comply with legal requirements; or where customer configures an account to enable such transfer of Customer Data, including through the use of:
- Features that do not enable geo selection, such as Content Delivery Network (CDN) that provides a global caching service;
- Preview, beta, or other pre-release features that may store or transfer Customer Data to the United States regardless of deployment geo; or
- Microsoft Azure Active Directory (except for Access Control), which may transfer Active Directory Customer Data to the United States for European customers, or to the United States or Europe for Asian customers.
Microsoft does not control or limit the geos from which customers or their end users may access Customer Data.
Safe Harbor Programs
Your Services’ data may be transferred to, stored and processed in the United States or any other country where Microsoft or its affiliates, subsidiaries or service providers maintain facilities. Microsoft abides by the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of data from the European Economic Area, and Switzerland. To learn more about the Safe Harbor program and to view our certification, please visit http://www.export.gov/safeharbor/.
See also the E.U. Data Protection Directive section below for information on the regulatory framework under which Microsoft transfers data.
E.U. Data Protection Directive
The E.U. Data Protection Directive (95/46/EC) sets a baseline for handling personal data in the European Union. The E.U. has stricter privacy rules than the U.S. and most other countries. To allow for the continuous flow of information required by international business (including cross border transfer of personal data), the European Commission reached an agreement with the U.S. Department of Commerce whereby U.S. organizations can self-certify as complying with the Safe Harbor Framework. Microsoft (including, for this purpose, all of our U.S. subsidiaries) is Safe Harbor certified under the U.S. Department of Commerce. In addition to the E.U. Member States, members of the European Economic Area (Iceland, Liechtenstein, and Norway) also recognize organizations certified under the Safe Harbor program as providing adequate privacy protection to justify trans-border transfers from their countries to the U.S. Switzerland has a nearly identical agreement (“Swiss-U.S. Safe Harbor”) with the U.S. Department of Commerce to legitimize transfers from Switzerland to the U.S., to which Microsoft has also certified.
The Safe Harbor certification allows for the legal transfer of E.U. personal data outside E.U. to Microsoft for processing. Under the E.U. Data Protection Directive and our contractual agreement, Microsoft acts as the data processor, whereas the customer is the data controller with the final ownership of the data and responsibility under the law for making sure that data can be legally transferred to Microsoft. It is important to note that Microsoft will transfer E.U. Customer Data outside the E.U. only under very limited circumstances. See the Location of Data section for details.
Microsoft also offers additional contractual commitments to its customers:
- A Data Processing Agreement that details our compliance with the E.U. Data Protection Directive and related security requirements for Windows Intune online service
- E.U. Model Contractual Clauses that provide additional contractual guarantees around transfers of personal data for Windows Intune online service
Please contact your Microsoft account manager or Microsoft Volume Licensing for details.
Customer Data and Other Data Types
- Customer Data is all the data, including all text, sound, software or image files that you provide, or are provided on your behalf, to us through your use of the Services. For example, Customer Data includes data that you upload for storage or processing in the Service and applications that you or your end users upload for distribution in the Service.
- Administrator Data is the information about administrators (including account contact and subscription administrators) provided during sign-up, purchase, or administration of the Services, such as name, address, phone number, and e-mail address.
- Metadata includes service side configuration and technical settings and information.
- Access Control Data is used to manage access to other types of data or functions within Windows Intune. It includes passwords, security certificates, and other authentication-related data.