How can we do business with Microsoft?

Procurement processes at Microsoft have become increasingly streamlined. This means that we can focus on what is most important: developing relationships with compliant, capable, competitive suppliers that enable us to address our priorities and goals successfully. The policies, guidelines, and program information on this page are central to contracting with Microsoft.

Master Supplier Services Agreement (MSSA)

This overarching contract specifies standard payment terms and diverse spend reporting.

Learn more about MSSA

Supplier Code of Conduct (SCoC)

These standards of conduct and behavior are expected of Microsoft employees and anyone doing business with Microsoft.

Review the SCoC

Supplier Guidelines

In conjunction with the MSSA, these guidelines outline the requirements that all suppliers are expected to follow.

Read the guidelines

Supplier Security and Privacy Assurance (SSPA)

This program drives supplier compliance in data processing and protection requirements.

Review the requirements

Global purchasing terms and conditions

Microsoft purchase order (PO) terms and conditions differ based on which Microsoft subsidiaries a supplier does business with. In some cases, regulations require that certain invoice terms and conditions be tailored to a particular Microsoft subsidiary.

Find the terms and conditions specific to your locale

Suppliers that are currently undergoing the onboarding process can direct questions to the Accounts Payable Support Desk.

Find the terms and conditions specific to your locale

Supplier Security and Privacy Assurance (SSPA)

Strong privacy and security practices are critical to our mission, essential to customer trust, and required by law in several jurisdictions. The standards captured in Microsoft's privacy and security policies reflect our values as a company, and extend to suppliers who handle Microsoft data on our behalf.

Supplier Security and Privacy Assurance (SSPA) is Microsoft's corporate program to deliver Microsoft's data processing instructions to our suppliers in the form of the Microsoft Supplier Data Protection Requirements (DPR), SSPA drives compliance to these requirements through an annual compliance cycle; for new suppliers, work cannot start until this is complete, Suppliers may also be selected to provide independent assurance by completing an assessment against the DPR.

The DPR includes a requirement to provide privacy and security awareness training, Companies may download this training storyboard outline to customize for their own purposes, Microsoft provides privacy awareness materials for informational purposes only. Nothing in this material is intended to reflect Microsoft's internal policies or privacy programs, or to provide legal advice to the recipient. If the recipient uses these materials for its own internal purposes, such use should be in consultation with the recipient's privacy compliance experts and legal counsel.

Download Privacy Fundamentals 101 training

Any questions regarding the Microsoft SSPA Program can be directed to

Microsoft Supplier Data Protection Requirements

Requirements for the protection of personally identifiable information and Microsoft product information.

The Master Supplier Services Agreement (MSSA)

If a contract is required by Microsoft, this must be executed by Microsoft and the supplier prior to doing work. This is an overarching agreement. After the supplier has signed this agreement, only business-specific statements of work (SOW) or purchase orders (PO) are needed. Having a uniform agreement in place helps ensure that Microsoft and the supplier can consistently rely on certain aspects of their relationship without discussion or concern.

Download the Master Supplier Services Agreement