Where your data is located

As a customer of Microsoft business services, you know where your data is stored.

Microsoft 365 Data Residency

Data residency refers to the geographic location where data is stored at rest. Many customers, particularly in the public sector and regulated industries, have distinct requirements around protecting personal or sensitive information. In addition, in certain countries, customers are expected to comply with laws and regulations that explicitly govern data storage location. 

 

In many regions, Microsoft 365 offers a spectrum of choices for storing your data at rest including in local data center regions (through Product Terms and Advanced Data Residency add-on) or expanded to multiple geographic regions (Multi-Geo capabilities).

Learn more about Microsoft 365 Advanced Data Residency
Find out more about Multi-Geo capabilities
Understand Microsoft 365 data residency commitments (Product Terms)
A man walking in a microsoft data center
Photograph of an IT person standing at a small table in a data center working on a laptop.

Stringent security for our data centers

Microsoft maintains an ever-expanding network of data centers around the globe and verifies each data center meets stringent security requirements.

Learn more
|

Customer data may be replicated within a selected geographic area for enhanced data durability in case of a major data center disaster, and in some cases, will not be replicated outside it.

 

Microsoft also complies with international data protection laws regarding transfers of customer data across borders. For example:

  • To allow for the continuous flow of information required by international business (including the cross-border transfer of personal data), many Microsoft business cloud services offer customers EU Standard Contractual Clauses that provide additional contractual guarantees around transfers of personal data for in-scope cloud services. Our implementation of the EU Model Clauses has been validated by EU data protection authorities as being in line with the rigorous privacy standards that regulate international data transfers by companies operating in its member states.
  • In addition to our commitments under the Standard Contractual Clauses and other model contracts, Microsoft is certified to the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce however, Microsoft no longer relies on the EU-U.S. Privacy Shield Framework as a legal basis for transfers of personal data out of the EU in light of the judgment of the Court of Justice of the EU in Case C-311/18.
  • Microsoft will not transfer to any third party (not even for storage purposes) data that you provide to Microsoft through the use of our business cloud services that are covered under the Microsoft Product Terms.

Note that no matter where customer data is stored, Microsoft does not control or limit the locations from which customers or their end users may access their data.

Additional data location resources

Protecting email from warrants

Privacy considerations in the cloud

Microsoft Azure security, privacy, and compliance

Microsoft 365 and Dynamics 365 regulatory compliance

Data access in Dynamics 365 and Microsoft 365