In addition to safeguards against environmental threats, Microsoft physically secures datacenter facilities to ensure the confidentiality, integrity, and availability of our cloud platform. Perimeter security, controlled entry, and constant surveillance ensure only authorized personnel have access to our cloud infrastructure. Microsoft datacenters are subject to regular internal and external assessments to ensure ongoing effectiveness, and to identify potential areas for improvement.
Microsoft datacenters are nondescript buildings with perimeter fencing and 24-hour exterior lighting. Camera-monitored entrance gates and security guard patrols ensure entry and exit are restricted to designated areas. Bollards and other measures protect the datacenter exterior from potential threats, including unauthorized access.
Microsoft datacenters are subject to a "least privileged" access policy, meaning datacenter access is restricted to personnel with an approved business need to gain access to approved locations, with no more access than necessary. Access requests are time-limited and are only renewed if the requestor's business need remains valid. Within the datacenter, areas designated as highly sensitive require two-factor authentication using an approved combination of what you have and who you are. Access requests and entrance/exit events are logged and retained as part of an electronic audit trail, allowing after the fact data interrogation and reconciliation. Access control system reports and data analysis allow further anomaly detection to identify and prevent unnecessary and unauthorized access.
Datacenter visitors must sign a non-disclosure agreement, undergo datacenter management review, and obtain approval by datacenter management before their scheduled visit. Upon initial arrival, datacenter visitors are processed with temporary, least privileged access credentials. Additionally, a Microsoft full-time employee (FTE) or authorized designee approved by datacenter management is assigned to escort visitors during the visit.
Surveillance monitoring and intrusion detection
Our Security Operations Centers use video surveillance along with integrated electronic access control systems to monitor datacenter sites and facilities. Cameras are strategically positioned for effective coverage of the facility perimeter, entrances, shipping bays, server cages, interior aisles, and other sensitive security points of interest. As part of our multi-layered security posture, any unauthorized entry attempts detected by the integrated security systems generate alerts to security personnel for immediate response and remediation.