Azure Core Tenents

Microsoft Privacy Statement

🔹 Defines how Microsoft collects, processes, and uses data across Azure services and hardware. 🔹 Ensures transparency in handling personal and enterprise data. 🔹 Covers data collection, purpose of use, and data retention policies.

Online Services Terms (OST)

🔹 Defines the terms of use for Microsoft’s cloud-based services (e.g., Azure, Microsoft 365). 🔹 Essential for legal teams to review compliance obligations before adoption. 🔹 Ensures businesses understand Microsoft’s responsibilities and liabilities.

Data Protection Amendment (DPA)

🔹 Provides details on how Microsoft protects customer data in Azure. 🔹 Covers encryption, access controls, and security measures for safeguarding data. 🔹 Ensures compliance with GDPR, HIPAA, ISO 27001, and other standards.

Microsoft Trust Center

🔹 Centralized dashboard for all security, privacy, and compliance policies related to Azure. 🔹 Offers guidance, certifications, and best practices for secure cloud adoption. 🔹 Provides insights into threat protection, incident response, and governance.

Azure Compliance Documentation

🔹 Contains Azure-specific compliance information. 🔹 Covers industry and regional regulations applicable to Azure services. 🔹 Ensures organizations can meet security frameworks like ISO 27001, PCI-DSS, and FedRAMP.

📌 Note: Other compliance frameworks apply across multiple cloud providers, but Azure Compliance Documents focus only on Azure-specific regulations.

Azure Sovereign Regions

🔹 Designed for specific government and regional compliance needs. 🔹 Operated separately from public Azure regions to meet data sovereignty requirements.

Examples of Azure Sovereign Cloud Offerings:

✅ Azure US Government – Designed for US federal, state, and local agencies. ✅ Azure China – Operated by 21Vianet to comply with Chinese regulations.