Privacy: It’s all about you

We understand that when you use our cloud services, you are entrusting us with one of your most valuable assets—your data.

A woman standing at a desk in a conference room, touching a large Surface device monitor.

You trust that the privacy and confidentiality of the data you provide to us will be protected and that it will be used only in a way that is consistent with your expectations. To fulfill those expectations, we make these commitments to you and ground them in strong contractual guarantees.

Learn about Trusted data protection

You control your data

Our time-tested approach to privacy is grounded in our commitment to give you control over the data you put in the cloud. In other words: you control your data. Microsoft guarantees this with the contractual commitments we make to you.

You choose where your data is located

When you use Microsoft commercial cloud services, you choose the service and data location that is right for your business.

We secure your data at rest and in transit

With state-of-the-art encryption, Microsoft protects your data both at rest and in transit. Our encryption protocols erect barriers against unauthorized access to the data, including two or more independent encryption layers to protect against compromises of any one layer.

Data at rest

The Microsoft cloud employs a wide range of encryption capabilities up to AES-256, giving you the flexibility to choose the solution that’s best for your business.

Data in transit

Data moving between user devices and Microsoft datacenters or within and between the datacenters themselves—Microsoft uses and enables the use of industry-standard encrypted transport protocols, such as Transport Layer Security (TLS) and Internet Protocol Security (IPsec).

Encryption keys

All Microsoft-managed encryption keys are properly secured and offer the use of technologies such as Azure Key Vault to help you control access to passwords, encryption keys, and other secrets.

We defend your data

Through clearly defined and well-established response policies and processes, strong contractual commitments, and if need be, the courts, Microsoft defends your data. We believe that all government requests for your data should be directed to you. We do not give any government direct or unfettered access to customer data. Microsoft is principled and transparent about how we respond to requests for data.

Our promise to you

In our enduring commitment to the principles above, we are transparent about the specific policies, operational practices, and technologies that help ensure the privacy of your data in every Microsoft commercial cloud service.


And we don’t just state these promises—we contractually guarantee them in our standard contracts for commercial and public sector customers.