Better protect your data by using Microsoft cloud services
Are you an IT security officer or architect exploring how the deployment of Microsoft cloud services could affect the overall security of your infrastructure, network, and data? Or an administrator for a cloud tenant looking for specific information about which controls in Microsoft cloud services apply to your organization and which features you can use to protect your data and comply with regulatory requirements?
If so, you’ll find answers to your questions here—from in-depth information about how Microsoft builds security into our cloud services to specifics of the features we offer to help you protect your data and cloud tenant.
We build security into our cloud services
Microsoft has decades-long experience developing enterprise software and running some of the largest online services in the world. We build on this experience to implement security-aware software development, operational management, and threat mitigation practices that are essential to the strong protection of services and data.
Find out how Microsoft cloud services encrypt your data, achieve logical and physical isolation within a multitenant cloud environment, protect cloud services against DDoS attacks, and implement other security controls.
- How Microsoft protects your data
- Auditing and logging
- Design and operational security
- Identity and access management
- Network security
- Threat management
- Office 365 security overview
- Tenant Isolation in Office 365
- Microsoft Cloud Encryption
- Office 365 data resiliency
- Microsoft Cloud Defending Denial-Of-Service Attacks
To demonstrate that our technology and controls deliver security you can rely on, third-party auditors provide an independent validation of the effectiveness of Microsoft's implementation.
Security assessment reports
SOC 2 AT 101 Type II audit reports
- Azure and Azure Government SOC 2 Type 2 Report
- Dynamics 365 SOC 2 AT 101 Type II Audit Report
- Office 365 SOC 2 AT 101 Type II Audit Report
ISO/IEC 27001 and ISO/IEC 27018 audit reports
- Azure, Intune, Power BI, Cloud App Security, Microsoft PowerApps, Microsoft Flow, Microsoft Graph, Microsoft Genomics, and Microsoft Datacenter - ISO 27001 and 27018 Audit Assessment Report
- Dynamics 365 (formerly Dynamics CRM) ISO 27001 Audit Assessment Report 2017
- Dynamics 365 ISO 27018 Audit Assessment Report
- Office 365 - ISO 27001, ISO 27018, and ISO 27017 Audit Assessment Report
How you can protect your data in the cloud
Microsoft employs a risk-management model of shared responsibility with the customer:
- Microsoft is responsible for the platform including services offered, and seeks to provide a cloud service that can meet the security, privacy, and compliance needs of your organization.
- As customers, you must identify which controls you are responsible for maintaining, and understand how to configure them so that you can manage security as well as compliance with applicable regulatory requirements.
Microsoft offers implementation guidance through various features, apps. tools, and technical whitepapers to help you accomplish these tasks and better manage the risk.
- Azure security overview
- Azure Cloud Security Diagnostic Tool
- Azure data classification for cloud readiness
- Security management in Azure
- Office 365 security overview
- Office 365 Secure Score
- Customer Security Considerations Workbook
- Administrative Access Controls
- Controlling Access to and Protecting Content on Devices
- Self-service handling of data Spills
- Auditing and reporting features
- Dynamics 365 security overview
- Role-based security in Dynamics 365 for Operations
- The security model of Dynamics 365
- HIPAA/HITECH Act implementation guidance for Azure and Dynamics 365 and Office 365
- Addressing HIPAA security and privacy requirements in the Microsoft Cloud
- A practical guide to designing secure health solutions using Azure
- 13 effective Azure security controls for ISO 27001 compliance