Get started with the Microsoft Service Trust Portal

The Microsoft Service Trust Portal (STP) provides a variety of content, tools, and other resources about Microsoft security, privacy and compliance practices. It also includes independent third-party audit reports of Microsoft's online services, and information about how our online services can help your organization maintain and track compliance with standards, laws, and regulations, such as:

  • International Organization for Standardization (ISO)

  • Service Organization Controls (SOC)

  • National Institute of Standards and Technology (NIST)

  • Federal Risk and Authorization Management Program (FedRAMP)

  • General Data Protection Regulation (GDPR)

Accessing the Service Trust Portal

The STP contains details about Microsoft's implementation of controls and processes that protect our cloud services and the customer data therein. To access some STP materials, you must log in as an authenticated user with your Microsoft cloud services account (either an Azure Active Directory organization account or a Microsoft Account) and review and accept the Microsoft Non-Disclosure Agreement for Compliance Materials.

Existing customers can access the STP at https://aka.ms/STP with one of the following online subscriptions (trial or paid):

  • Office 365

  • Dynamics 365

  • Azure

Note

Azure Active Directory accounts associated with organizations have access to the full range of documents and features like Compliance Manager. Microsoft accounts created for personal use have limited access to Service Trust Portal content.

New customers and customers evaluating Microsoft online services

To create a new account or to create a trial account, use one of the following sign-up forms (also used for trial accounts) to get access to the STP.

When you sign up for either a free trial, or a subscription, you must enable Azure Active Directory to support your access to the STP.

STP features and content are accessible from the main menu, shown below:

STP menu with Regional Compliance addition

Service Trust Portal

The Service Trust Portal link takes you to the STP home page, which includes a What's New section for the STP and Compliance Manager that provides details on the latest updates.

Compliance Manager

Use Use Compliance Manager to help meet data protection and regulatory requirements when using Microsoft cloud services to help meet data protection and regulatory requirements when using Microsoft Cloud Services.

Trust Documents

The Service Trust Portal gives you access to wealth of security implementation and design information with the goal of making it easier for you to meet regulatory compliance objectives by understanding how Microsoft cloud services keep your data secure. To review content, select an option from the menu.

  • Audit Reports provides independent audit and assessment reports on Microsoft cloud services compliance with data protection standards and regulatory requirements, including:

  • Data Protection provides Trust Documents for download, information about how Microsoft operates Azure, Dynamics 365, and Office 365.

  • Azure Security and Compliance Blueprints offers turn-key security and compliance solutions and support, tailored to the needs of industry verticals, that accelerate cloud adoption and utilization for customers with regulated or restricted data.

Regional Compliance

This section provides regionally specific compliance information, often in the form of Legal Opinions that render Microsoft Cloud Services.

  • Czech Republic provides legal opinions on Microsoft online service compliance with Czech Republic law.

  • Poland provides legal opinions on Microsoft online service compliance with the laws of Poland.

  • Romania provides legal opinions on Microsoft online service compliance with the laws of Romania.

  • Spain provides legal opinions on Microsoft online service compliance with the laws of Spain.

Privacy

This site provides information about the capabilities in Microsoft services that you can use to address specific requirements of the GDPR, documentation helpful to your GDPR accountability and to your understanding of the technical and organizational measures Microsoft has taken to support the GDPR.

  • GDPR: Get Started - The homepage for Service Trust Portal GDPR-related content, with links to relevant content and tools available.

  • Data Subject Requests - How Microsoft enables you to respond to Data Subject Requests, with links to relevant documentation and tools.

  • Data Breach - Information on how Microsoft detects and responds to a breach of personal data and notifies the controllers under GDPR, with links to relevant documentation and tools.

  • DPIA - Information about how Microsoft helps organizations meet their own Data Protection Impact Assessment obligations.

Resources

  • Frequently Asked Questions provides answers to common and important questions about the STP and Compliance Manager.

  • Office 365 Security and Compliance Center offers comprehensive resources for learning about security and compliance in Office 365, including documentation, articles, and recommended best practices.

Admin

Administrative functions that are only available to the tenant administrator account, and will only be visible when you are signed in as a global administrator.

Settings enables you to assign role-based access to Compliance Manager. For more information, see the "Permissions and role-based access control" section in Use Compliance Manager to help meet data protection and regulatory requirements when using Microsoft cloud services.

Service Trust Portal - Search Input field

Click the magnifying glass in the upper right-hand corner of the page by to expand the Search input field, enter your search terms and press Enter. The Search control will appear, with the search term in the search pane input field, and search results will appear beneath.

By default, Search returns Document results, and you can use the Filter By dropdown lists to refine the list of documents displayed, to add or remove search results from view. You can use multiple filter attributes at the same time to narrow the returned documents to specific cloud services, categories of compliance or security practices, regions of the world, or industries. Click the document name link to download the document.

Service Trust Portal - Search on Documents with filter applied

Click the Compliance Manager link to display search results for Compliance Manager assessment controls. The listed search results show the date the assessment was created, the name of the assessment grouping, the applicable cloud service, and whether the controls are Microsoft or Customer Managed.

Service Trust Portal - Search on Compliance Manager Controls

Note

Service Trust Portal reports and documents are available to download for at least twelve months after publishing or until a new version of document becomes available.

Localization support

Service Trust Portal enables you to view the page content in different languages. To change the page language, simply click on the globe icon in the lower left corner of the page and select the language of your choice.

Service Trust Portal - Localized content options

Feedback

We can help with questions about the Service Trust Portal, or errors you experience when you use the portal. You can also contact us with questions and feedback about Service Trust Portal compliance reports and trust resources by using the Feedback link on the bottom of the STP pages.

Your feedback is very important to us. Click on the Feedback button at the bottom of the page to send us comments about what you did or did not like, or suggestions you may have for improving our products or product features.