SteveY-3573 avatar image
0 Votes"
SteveY-3573 asked shashishailaj edited

Effective Date of BAA for Azure

We are preparing to start utilizing Azure AD in our environment. Prior to that however, I have been instructed to find the 'effective date' of the BAA with Microsoft to satisfy auditors.

If I understand my research correctly a BAA is offered as part of their terms and its not something we need to actually sign.

Can someone: A) confirm what I stated is actually correct, B) Tell me where I can access some kind of prove that it is in effect to show auditors?


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

shashishailaj avatar image
0 Votes"
shashishailaj answered shashishailaj edited

@SteveY-3573 As far as I know you are correct . Yes , You do not require to sign a document separately however for auditing purposes you can download the copy of most recent BAA available on our Trust portal . If the auditors mean effective date as a date when we achieved HIPPA compliance , it was sometime in july 2012 as per this article. I was unable to find exact date.

Generally to be HIPPA complaint customers may sometime need to sign agreements with vendors which are referred to as BAAs or business associate agreements . However Microsoft does not require customers to sign BAAs as mentioned in the Office 365 HIPPA compliance doc and makes a HIPAA BAA available automatically to all customers with an online service contract in the Online Services Terms. You can download the copy of the latest BAA template from Service Trust Portal . As compliance guidelines keep changing , we also keep our services updated and publish the updated BAAs . In order to download the documents , you may require to sign in with your Office 365 ID .

The Service Trust Portal provides independently audited compliance reports for all Microsoft Online services. Azure customers can also retrieve Azure certificates and audit reports in the Azure portal through the audit reports blade in Microsoft Defender for Cloud . You can share more details with your auditors from the website as needed. The FAQ section in the compliance document should clarify most of the questions that auditors generally ask and I would suggest you to go through them.

Hope this helps. If the information provided is helpful , please do accept the post as answer to improve the relevancy of the thread. I have included many links and I would suggest you to go through them which will help you in your engagement with your auditors. In case you still have any further query , please feel free to let us know and we will be happy tp help further.

Thank you.

  • Please don't forget to click on 130616-image.png whenever the information provided helps you. Original posters help the community find answers faster by identifying the correct answer. Here is how

  • Want a reminder to come back and check responses? Here is how to subscribe to a notification

  • If you are interested in joining the VM program and help shape the future of Q&A: Here is how you can be part of Q&A Volunteer Moderators

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.