Azure compliance offerings
Azure is a multi-tenant hyperscale cloud platform that is available or announced to customers in more than 60 regions worldwide. Most Azure services enable customers to specify the region where their customer data will be located. Microsoft may replicate customer data to other regions within the same geography for data resiliency but Microsoft will not replicate customer data outside the chosen geography (for example, United States).
Microsoft makes the following Azure cloud environments available to customers:
- Azure is available globally. It is sometimes referred to as Azure commercial or Azure public.
- Azure China is available through a unique partnership between Microsoft and 21Vianet, one of the country’s largest Internet providers.
- Azure Government is available from five regions in the United States to US government agencies and their partners. Two regions (US DoD Central and US DoD East) are reserved for exclusive use by the US Department of Defense.
- Azure Government Secret is available from three regions exclusively for the needs of US Government and designed to accommodate classified Secret workloads and native connectivity to classified networks.
To help customers meet their own compliance obligations across regulated industries and markets worldwide, Azure maintains the largest compliance portfolio in the industry both in terms of breadth (total number of offerings), as well as depth (number of customer-facing services in assessment scope). For service availability, see Products available by region.
Azure compliance offerings are grouped into four segments: globally applicable, US government, industry specific, and region/country specific. Compliance offerings are based on various types of assurances, including formal certifications, attestations, validations, authorizations, and assessments produced by independent third-party auditing firms, as well as contractual amendments, self-assessments, and customer guidance documents produced by Microsoft. Each offering description provides links to downloadable resources to assist customers with their own compliance obligations. For select third-party assessments, services in audit scope are tracked in Microsoft Azure Compliance Offerings.
Customers can access audit reports and certificates in the Azure or Azure Government portal by navigating to Home > Security Center > Regulatory compliance > Audit reports or using direct links based on their subscription (login required):
Additional compliance documentation is available from the Service Trust Portal (STP). For more information, see STP Data Protection Resources, which is further divided into Compliance Guides, FAQ and White Papers, and Pen Test and Security Assessments sections.
For access to Azure Government Secret documentation, contact your Microsoft account team.
Customers are wholly responsible for ensuring their own compliance with all applicable laws and regulations. Information provided in this document does not constitute legal advice, and customers should consult their legal advisors for any questions regarding regulatory compliance.