Learn how Microsoft safeguards customer data

Beginner
Auditor
Privacy Manager
Risk Practitioner
Microsoft 365

Learn how Microsoft safeguards customer data is designed for people in audit, compliance, risk, and legal roles who seek an overall understanding of Microsoft 365’s fundamental security and privacy practices to safeguard their customer data.

Prerequisites

None

Modules in this learning path

Learn how Microsoft implements organization-wide security and privacy governance to support the secure operation of Microsoft 365 services and maintain compliance with regulatory requirements and customer commitments.

Learn how Microsoft 365 identifies, assesses, responds to, and manages risks to protect customers and the Microsoft 365 environment.

Learn how the architecture of Microsoft 365 implements security and privacy features to protect customers who use Microsoft 365 multi-tenant services.

Learn how Microsoft 365 investigates, manages, and responds to security concerns to protect customers and the Microsoft 365 cloud environment.

Learn how Microsoft 365 implements the principle of Zero Standing Access (ZSA) to protect production environments and customer data using Just-In-Time (JIT) and Just-Enough-Access (JEA).

Learn about how Microsoft 365 uses comprehensive audit logging and monitoring to support security monitoring, maintain service availability, and meet compliance requirements.

Learn how Microsoft 365 proactively monitors information system assets for vulnerabilities, assesses the risks associated with discovered vulnerabilities, and remediates them in a timely manner.

Learn how Microsoft 365 builds resilient services to meet customer expectations in the face of faults and challenges to normal operations, maintains optimal service availability, and fulfills business continuity requirements.

Learn how Microsoft 365 follows Microsoft’s Security Development Lifecycle (SDL) to build security and privacy into our products and services.

Learn how Microsoft 365 encrypts data-at-rest and in-transit, securely manages encryption keys, and provides key management options to customers to meet their business needs and compliance obligations.

Learn about Microsoft 365 privacy standards, the reasons we have them in place, and how they differentiate Microsoft in protecting and respecting customer data.

Learn how Microsoft 365 procures, monitors, and manages subprocessors to help protect data from unauthorized access and inappropriate use.

Learn how Microsoft uses Defense-In-Depth to secure our datacenters against unauthorized access, environmental hazards, and other physical threats, as well as how Microsoft implements resilient architecture, business continuity, and disaster recovery to maintain the availability of our services.