Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Microsoft continuously works to ensure that the multitenant architecture of Microsoft 365 supports enterprise-level security, confidentiality, privacy, data integrity, availability, and meets local and international standards. The scale and scope of services provided by Microsoft make it difficult and impractical to manage with significant human interaction. Microsoft 365 services are provided through globally distributed data centers, each highly automated with few operations requiring a human touch or any access to customer data. Our staff supports these services and data centers by using automated tools and highly secure remote access.
Microsoft 365 is composed of multiple services that provide important business functionality and contribute to the overall experience. Each of these services is self-contained and designed to integrate with one another. Microsoft 365 is designed with the following principles:
- Service-oriented architecture: designing and developing software in the form of interoperable services that provide well-defined business functionality.
- Operational security assurance: a framework that incorporates the knowledge gained through various capabilities that are unique to Microsoft, including the Microsoft Security Development Lifecycle, the Microsoft Security Response Center, and deep awareness of the cybersecurity threat landscape.
Microsoft 365 services interoperate with each other but are designed and implemented so you can deploy and operate them as autonomous services, independent of each other. Microsoft segregates duties and areas of responsibility for Microsoft 365 to reduce opportunities for unauthorized or unintentional modification or misuse of the organization's assets. Microsoft 365 teams have defined roles as part of a comprehensive role-based access control mechanism.
Tenant isolation
One of the primary benefits of cloud computing is the concept of a shared, common infrastructure across numerous customers simultaneously, leading to economies of scale.
The two primary goals of maintaining tenant isolation in a multitenant environment are:
- Preventing leakage of, or unauthorized access to, customer data across tenants
- Preventing the actions of one tenant from adversely affecting the service for another tenant
Microsoft online services were designed with the assumption that all tenants are potentially hostile to all other tenants. We implemented security measures to prevent the actions of one tenant from affecting the security or service of another tenant, or accessing their content.
Microsoft 365 implements multiple forms of protection to prevent compromising services or applications, or gaining unauthorized access to the information of other tenants or the systems themselves. These protections include:
- Logical isolation of customer data within each tenant for Microsoft 365 services through Microsoft Entra authorization and role-based access control
- Isolation of data at the storage level for services such as SharePoint Online
- Rigorous physical security, background screening, and a multilayered encryption strategy to protect the confidentiality and integrity of customer data. All Microsoft 365 datacenters have biometric access controls, with most requiring palm prints to gain physical access. In addition, all U.S.-based Microsoft employees are required to successfully complete a standard background check as part of the hiring process. For more information on the controls used for administrative access in Microsoft 365, see Microsoft 365 Account Management.
- Service-side technologies that encrypt customer content at rest and in transit, including BitLocker, per-file encryption, Transport Layer Security (TLS), and Internet Protocol Security (IPsec). For specific details about encryption in Microsoft 365, see Data Encryption Technologies in Microsoft 365.
Together, these protections provide robust logical isolation controls that offer threat protection and mitigation equivalent to that provided by physical isolation alone.