Inside the Cloud

If you have been following the From Inside the Cloud series, you know we regularly bring you an insider’s view from the people behind the services on how we operate and manage Office 365 for security, privacy and compliance. We thought we’d focus our first edition of the New Year on outlining the commitments Microsoft makes when you subscribe to Office 365 services.

Watch this brief video for more details and examples around the overall process:



Moving to the Cloud can be a paradigm shift, requiring additional assurances to help you make the decision for your organization. We know that you need to have trust and comfort knowing that things you used to operate locally may now be run by Microsoft on your behalf.

We’ve established our service commitments to align to what matters to you and your organization. We invest in the design and operations of our services worldwide, which means contracting for core principles versus technical specifics that can change.

You can see the full list of our commitments in our new online services agreement. It’s a long list including things like physical security, access control and security incident management.

There are a number of inputs and drivers influencing these commitments.

First, we look for patterns in the requests and requirements of our customers across industries and geographies.

We’ve also built an evolving control framework to help support customer compliance with industry regulations. Notably, Microsoft was the first cloud services provider whose contracts have been approved by the Article 29 Working Party, a collective body of all data protection agencies in the European Union. The means that the contractual commitments we offer to customers are considered compliant with Europe’s most stringent data protection requirements.

And we have a dedicated legal and community affairs team working with government bodies globally to monitor ongoing changes to legislation and regulation. As part of that dialogue, we sometimes receive direct requests from regulators on operational requirements. (See the From Inside the Cloud episode, “How does Office 365 continuously meet your compliance needs?” for an in-depth look at customer compliance.)

Whether originating from the request of a single customer, or in response to a new regulatory standard, enhancements to our service commitments ultimately benefit all Office 365 customers. In fact, we encourage industry leaders who are interested in moving to Office 365 to engage with us on their specific needs so that together we can solve for the right things contractually at a sector level. For example, we recently organized a consortium of leading financial institutions, which greatly influenced the basis for all contracts with financial institutions globally.

If you fear the complexity of contractual discussions, you’ll be happy to know that we recently published a new online services agreement that covers all of Microsoft’s enterprise services. We have eliminated links to contract terms that can change at will—a common practice among cloud service providers. You have peace of mind that you are signing up for the terms written in your contract, pure and simple.

Please let us know if you have further questions or ideas for future topics we can cover in this series—and of course you can access additional resources at the Office 365 Trust Center.

Robert Dring is the principal solutions architect director in Office 365 Engineering and Vijay Kumar is a senior product manager for Office 365.


Published: 1/22/2015 21:58