How Would Microsoft Respond to a Data Breach of the Azure services?

Todays blog post is brought to you by Ben Ridgway. Ben is a Senior Security Program Manager in the Microsoft Security Response Center’s (MSRC) team supporting Microsoft Azure services. He has been working with the Azure service since it grew out of an internal research project into the giant service it is today.


The Azure Security Response Team is very commonly asked the question, if my data in Azure suffers a security breach, will Microsoft tell me? The simple answer is yes. The question of how that occurs requires a deeper journey into the inner workings of Azure Security Response, here I’ll give you a quick overview of the more detailed work we did in a new white paper called Microsoft Azure Security Response in the Cloud .

The Shared Responsibility Model

Before I describe how Azure would respond to a data breach, it is important to set background on scope. Microsoft Azure services use a shared responsibility model. Certain aspects of the security are the responsibility of the customer, while other aspects are Microsoft’s as the operator. The specifics of where the responsibilities divide is based on the Azure offering and could be the subject of dozens of blogs. In short, I’d recommend you read the new paper on shared responsibility and get a better understanding on the divisions.

The Security Incident Lifecycle

For those areas that are within our sphere of the shared responsibility, the Azure MSRC team follows a defined Security Incident Lifecycle and structured Standard Operating Procedure (SOP) to detect, mitigate, and close security incidents.

Core Operating Principles

We are subject to a number of obligations and commitments when it comes to protecting customer data. The Azure Security Response Team’s work can be distilled down to these 4 core operating principles:

  1. Microsoft will let its customers know if your data has been lost, altered or disclosed because of unlawful or unauthorized activities.
  2. Microsoft will inform you of a security incident with actionable, timely data.
  3. Microsoft values transparency with regard to our lessons learned or other repair items learned from a breach
  4. Microsoft is committed to customer privacy and operates security incident response accordingly.

If you’re interested in learning more about our process, I’d recommend you grab a copy of our paper to learn more about how we manage security incident.

Ben Ridgeway
Senior Security PM, MSRC




Tom Shinder
Program Manager, Azure Security
@tshinder | Facebook | LinkedIn | Email | Web | Bing me! | GOOG me!