Microsoft Office 365
Ensure data privacy, compliance, and cybersecurity with Office 365. Built-in features that support the General Data Protection Regulation compliance, privacy by design, and transparent operations safeguard your organization’s data.
Increasing employee productivity and safeguarding data
Office 365 provides online solutions that help increase mobile and sales productivity and improve collaboration. Our Trusted Cloud services help enterprises operate their businesses and maintain compliance with industry and regional requirements.Find out more about Office 365
Safeguarding your data is one of our foremost objectives. Office 365 uses a defense-in-depth approach to provide industry-leading security for our datacenters and customer data. We also give you enterprise-grade user and administrative controls to further secure your IT environment.Learn more about Office 365 security
Our data processing agreement details the privacy, security, and handling of customer data, which helps you comply with local regulations.See list of compliance offerings for Office 365
Proactive approach to regulatory compliance
- We have built more than 1,100 controls into the Office 365 compliance framework that enable us to stay up-to-date with frequent changes to industry standards.
- A specialist compliance team continuously tracks standards and regulations, developing common control sets for our product teams to build into our services.
Customer controls for organizational compliance
- Legal hold and eDiscovery built into Office 365 help you find, preserve, analyze, and package electronic content for a legal request or investigation. Privacy controls allow you to configure who in your organization has access to data, and what data they can access.
- Data loss prevention in Office 365 helps you identify, monitor, and protect sensitive information and user interactivity in your organization through deep content analysis.
Office 365 meets the requirements specified in the following compliance offerings:View Office 365 compliance offerings
Data ownership and what it means
You are the owner of your data; Microsoft is the custodian or processor of your data. It’s your data, so at any time during your subscription, you can take your data with you. This means you don’t have to wait for a subscription to end or a contract to expire.
We do not mine your data for advertising purposes. We only use your data to provide you with the services you have purchased, including purposes compatible with providing those services.
Our role as data processor
We use your data only for purposes that are consistent with providing you the services you pay us for. Microsoft engineers do not have standing access to any service operation. Customer Lockbox provides customers with control over access to their content in Exchange Online and SharePoint Online. Customer Lockbox makes customers part of the explicit approval path in the rare instance when a Microsoft engineer may need access to customer data to resolve a customer issue.Learn more about Customer Lockbox for Office 365
Microsoft provides many disclosures to help stakeholders evaluate how we are meeting our commitments to corporate responsibility. We regularly disclose the number of law enforcement requests we receive through our transparency reports.See a list of transparency reports
If a government approaches us for access to your data, we redirect the inquiry to you whenever possible. We have challenged invalid legal demands that prohibited disclosure of a government request for customer data.
Privacy controls enable you to configure who in your organization has access to data and what they can access.
Logical separation prevents mingling of your data with that of other organizations using Office 365.
Microsoft’s extensive internal auditing and adherence to the separation of duties principle prevents Microsoft administrators from getting unauthorized access to your data. Plus, logical and physical controls—such as Customer Lockbox— prevent unauthorized access.
Data location and access
- We maintain multiple copies of your data across datacenters for redundancy, we share with you where your data is located, and we provide one-month advance notice if we expand into a new country in the region where your data is stored.
- We tell you who has access to your data and under what circumstances.
Support with a human face
- You have phone support for critical issues 24 hours a day, 365 days a year.
- We have processes in place to provide around-the-clock escalation to the Office 365 development team to resolve issues that cannot be resolved by operations alone.
We are accountable to you
- We conduct a thorough review of all service incidents, regardless of the magnitude of the impact, and we share the analysis if your organization is affected.
- We commit to delivering at least 99.9% uptime with a financially-backed guarantee.