Office 365 - Privacy FAQ Microsoft

Overview

Many users have questions about how Microsoft handles the information stored in Microsoft 365 services such as Outlook, OneDrive, SharePoint, and Teams.

The following questions and answers summarize Microsoft's current approach to privacy, security, and data protection.

1. Who owns the data stored in Microsoft 365?

You retain ownership and control of the data your organization stores in Microsoft 365.

Microsoft acts as the service provider and processes data to deliver the services your organization subscribes to. Microsoft states that customer data belongs to the customer and remains under the customer's control.

2. Does Microsoft use my email or documents for advertising?

No.

Microsoft states that customer data stored in Microsoft 365 is not used for advertising purposes and is not mined for marketing research or targeted advertising.

3. Does Microsoft use my Microsoft 365 data to train AI models?

Microsoft has stated that customer data from Microsoft 365 commercial and consumer applications is not used to train its foundational large language models.

4. Can I control how my data is used?

Microsoft provides privacy controls and administrative settings that allow organizations to manage how certain features collect, process, and share information.

Many of these settings are configured centrally by your organization's administrators.

5. Where is my data stored?

Microsoft provides information about data residency and the geographic regions where customer data is stored and processed.

The specific location depends on the Microsoft 365 services being used and your organization's configuration.

6. How does Microsoft protect my data?

Microsoft uses multiple layers of security, including:

  • Physical security in data centres
  • Encryption for data at rest and in transit
  • Access controls and monitoring
  • Security auditing and compliance programs

Microsoft also undergoes independent audits and maintains numerous security and privacy certifications.

7. Who at Microsoft can access customer data?

Access to customer data is tightly controlled and logged.

Microsoft personnel do not have default access to customer content. Access is granted only when necessary for operational or support purposes and is subject to oversight and auditing.

8. What happens if there is a security incident?

Microsoft has processes for detecting, investigating, and responding to security incidents.

When required, affected customers are notified of incidents involving unauthorized access to customer data.

9. Can I retrieve my data from Microsoft 365?

Yes.

Customers can access and export their data from Microsoft 365 services. Data retention and retrieval options may vary depending on the service and subscription type.

10. How reliable is Microsoft 365?

Microsoft provides a financially backed service level agreement (SLA) for many Microsoft 365 services and targets high service availability.

Service health and availability information are provided through Microsoft service dashboards and status reporting tools.

Learn More

Additional information about Microsoft's privacy, security, compliance, and data protection practices can be found through the Microsoft Trust Center.

Microsoft regularly updates its policies and documentation as services evolve.

Print Article