Understand Microsoft Defender for Identity privacy
You've learned that you can use Microsoft Defender for Identity to protect your users' identities through different capabilities. But as the security analyst of your organization's security team, you also understand that privacy is important. You want to know that your organization's data is protected and only accessible to your organization.
Here, you'll get an overview of the different ways in which your data is kept private.
How is your data kept private?
Your organization's data in Microsoft Defender for Identity is kept private through the following means:
- Your organization's data is segregated from all other customers. You can only see your data and any generic data provided by Microsoft.
- Microsoft developers and administrators have elevated privileges, but only the required privileges to carry out their role.
- Sensitive data has tight access control and there are multiple levels of monitoring and logging and independent detection of malicious activity.
- Access to systems is dependent on the level of background verification of the personnel concerned and formal processes are followed when customer accounts are accessed.
- When your Microsoft Defender for Identity instance is created, Defender for Identity data is stored in the country/region data center closest to the geographical location of your Microsoft Entra tenant.
- Microsoft Defender for Identity data cannot be moved if your instance is created in a different data center.