{"id":958,"date":"2017-09-05T09:00:31","date_gmt":"2017-09-05T16:00:31","guid":{"rendered":"https:\/\/www.microsoft.com\/en-my\/2017\/09\/05\/how-we-secure-your-data-in-azure-ad\/"},"modified":"2022-06-28T10:49:21","modified_gmt":"2022-06-28T17:49:21","slug":"how-we-secure-your-data-in-azure-ad","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-my\/microsoft-365\/blog\/2017\/09\/05\/how-we-secure-your-data-in-azure-ad\/","title":{"rendered":"How we secure your data in Azure AD"},"content":{"rendered":"
Howdy folks,<\/span> \n<\/span><\/p>\n
With all the breaches of cloud identity services over the last few years, we get a lot of questions about how we secure customer data. So today’s blog is a dive into the details of how we protect customer data in Azure AD. \n<\/span><\/p>\n
Datacenter and Service Security \n<\/span><\/h3>\n
Let’s start with our datacenters. First, all of Microsoft’s datacenter personnel must pass a background check. All access to our datacenters is strictly regulated and every entry and exit are monitored. Within these datacenters, the critical Azure AD services that store customer data are located in special locked racks\u2014their physical access is highly restricted and camera-monitored 24 hours a day. Furthermore, if one of these servers is decommissioned, all disks are logically and physically destroyed to avoid data leakage. \n<\/span><\/p>\n
Next, we limit the number of people who can access the Azure AD services, and even those who do have access permissions operate without these privileges day-to-day when they sign in. When they do need privileges to access the service, they need to pass a multi-factor authentication challenge using a smartcard to confirm their identity and submit a request. Once the request is approved, the users privileges are provisioned “just-in-time”. These privileges are also automatically removed after a fixed period of time and anyone needing more time must go through the request and approval process again. \n<\/span><\/p>\n