Microsoft datacenters are composed of various physical and virtual components. We refer to distinct individual components as assets. The Microsoft Cloud Operations and Innovation (CO+I) engineering group follows standardized, secure processes for the acquisition, configuration, deployment, tracking, and decommissioning of our physical and virtual assets.
Supply chain integrity
Securing our assets begins with securing our supply chain. Microsoft is committed to supply chain integrity and end-to-end supply chain security. Suppliers follow strict chain-of-custody when transporting our cloud components to reduce the risk of alteration or tampering. All inbound and outbound inventory is carefully inspected and monitored to ensure firmware and component integrity.
Microsoft requires all datacenter assets to be accounted for and to have a designated owner. Owners are responsible for maintaining up-to-date asset information for their physical and virtual assets. When new physical assets are added to a datacenter, they are signed for, scanned, uniquely tagged, and checked-in to the inventory control systems. Automated monitoring tools help track both physical and virtual assets.
Microsoft assets - including data - are classified in accordance with our Enterprise Data Taxonomy guidelines. These guidelines promote standardization across the enterprise. Asset classification and asset protection standards outline the security procedures employees must follow when interacting with each asset based on the asset's classification. Customers are considered the owner of their data stored in the Microsoft cloud environment. Data assets classified as customer content or customer data are protected by applicable security procedures.