Optional service capabilities that transfer Customer Data or pseudonymized personal data out of the EU Data Boundary

Some services include capabilities that are optional (in some cases requiring a customer subscription), and where customer administrators can choose to enable or disable these capabilities for their service tenancies. If made available to and used by a customer's users, these capabilities will result in data transfers out of the EU Data Boundary as described in the following sections in this documentation.

Azure services

Azure OpenAI Service

Global deployment types

Customers create Azure OpenAI resources in a specified Azure region and configure policies, networking, and permissions for the resource. To use an Azure OpenAI model, customers create a model deployment within an Azure OpenAI resource, choosing the model to be used and the deployment type. When the customer selects any "Global" deployment type (for example, Global Standard), prompts and completions sent to and output by that deployment may be processed, for inferencing or fine-tuning, in any Azure OpenAI region globally, including outside the EU for an Azure OpenAI resource created in a region within the EU. Learn about data zone deployment options for processing data within the EU. Any Customer Data stored at rest will still be stored in the selected Geo, except that when a “Global” deployment type is selected for a fine-tuned model, custom model weights may be stored temporarily outside the Geo where the resource is located. Azure administrators can use Azure policy to prohibit use of "Global" deployment types for the Azure OpenAI resource(s) to which the policy applies, as described in how to disable access to global deployments.

Microsoft 365 services

Microsoft 365 Applications

Research

Research is a legacy text selection feature in Microsoft Word, Excel, and PowerPoint that was replaced by the Modern Translation Experience in 2017. The feature allows a user to select text to look up meanings, translations, or thesaurus entries for the selected text. The Modern features have replaced the legacy feature by default and the Modern feature stores and processes Customer Data within the EU Data Boundary. Administrators can re-enable the legacy feature if they don't want the Modern experience. Customer Data transferred: any user text that is entered into the feature. Use of the legacy feature sends Customer Data to the United States or Southeast Asia for processing.

Microsoft Teams

Shared Channel Invitations

Shared Channel Invitations: For tenants that have enabled Azure Active Directory B2B Direct Connect and configured a cross-tenant relationship with a tenant that has users outside of the EU Data Boundary, when a user within the EU Data Boundary is invited as a guest for Teams in another tenancy, the EU guest user's email address and hosting company name are temporarily stored in the United States. Once the EU tenant accepts the invitation, the email address is replaced with the user's pseudonymous user identifier. If the EU user declines the invitation, the email address and company name pair are deleted. Customer Data leaves the EU Data Boundary to support this cross-tenant scenario for shared channels. Examples of Customer Data that is transferred: guest user's email address and hosting company's name. Customer Data is temporarily stored in the United States. If an EU tenant invites a user from another tenancy (guest tenant), some data is stored in the location of the guest tenant.

Azure Bot Services by Teams App

The use of Azure Bot Services has a technical limitation that each bot can only have a single global endpoint. For Teams first-party bots, requests are sent to the global endpoint and then rerouted to a regional endpoint near the user. Customer administrators can disable applications individually or by disabling first-party applications. Examples of Customer Data that is transferred: All Customer Data collected by the bot. Customer Data is processed at the endpoint that is set by the bot creator. Regional endpoints include Japan, Southeast Asia, Europe, and the United States.

Telephone Number Management

Telephone Number Management: Customer administrators can give a custom name to their orders for new Public Switched Telephone Network (PSTN) numbers or number porting, meant to help them to quickly identify those orders; for example, "10 new numbers for Vienna office". Customer Data transferred to and processed in North America: Custom names given by customers.

Security services

Microsoft Entra ID

Tenant takeover

Tenant takeover: When a self-service user signs up for a cloud service that uses Microsoft Entra ID, they're added to an unmanaged Microsoft Entra directory based on their email domain. The geo-location of that tenant might vary. Each user created in that tenant is an administrator for their own account. To manage the tenant more effectively, it can be converted to a regular Microsoft Entra ID tenant with a global administrator. During the process to take over the tenant, transactions may cross a geo-boundary. After conversion, the tenant meets all geo residency requirements based on the Country or region of the tenant.

Multi-tenant administration

Multi-tenant administration: An organization may choose to create a multi-tenant organization within Microsoft Entra ID. For example, a customer can invite users to their tenant in a B2B context. A customer can create a multi-tenant SaaS application that allows other third-party tenants to provision the application in the third-party tenant. A customer can make two or more tenants affiliated with one another and act as a single tenant in certain scenarios, such as multi-tenant organization (MTO) formation, tenant to tenant sync, and shared e-mail domain sharing. Administrator configuration and use of multi-tenant collaboration may occur with tenants outside of the EU Data Boundary resulting in some Customer Data, such as user and device account data, usage data, and service configuration (application, policy, and group) being stored and processed in the location of the collaborating tenant. Similarly, if a user member of an EU Data Boundary tenant collaborates with a non-EU Data Boundary tenant, their usage data will egress outside the EU Data Boundary.

Application Proxy

Application Proxy allows customers to access both cloud and on-premises applications through an external URL or an internal application portal. Customers may choose advanced routing configurations that would cause Customer Data to egress outside of the EU Data Boundary. This data includes user account data, usage data, and application configuration data.

Public Switched Telephone Network (PSTN) with Multifactor Authentication

Public Switched Telephone Network (PSTN) with Multifactor Authentication: Multifactor authentication is a process in which users are prompted during the sign-in process for another form of identification, such as a code on their cellphone or a fingerprint scan. During the authentication process, phone calls or text messaging platforms like SMS, RCS, or WhatsApp rely on a network that global providers operate. Device vendor-specific services, such as push notifications from Apple or Google, may be outside of Europe. As a result, Public Switched Telephone Network (PSTN) phone numbers and authentications using the Authenticator App including Passwordless may be processed outside of the EU Data Boundary. Administrators can configure their Microsoft Entra tenant with OATH tokens to ensure Customer Data remains within the EU Data Boundary.

Microsoft Copilot for Security

Prompt Evaluation Location

Prompts are the primary input needed by Copilot for Security to generate answers that help customers in security-related tasks. Prompts are evaluated using GPU resources in Azure datacenters protected with Azure security and privacy controls. Customer administrators can configure their prompt evaluation locations to either a predefined mapping, based on their tenant location, or anywhere where GPU capacity is available. When customers choose their prompts to be evaluated anywhere with GPU availability, customer prompts and responses can be processed outside of the EU Data Boundary. Customer Data and pseudonymized personal data remain stored in the EU Data Boundary if the customer provisions their tenant and Security GPU in the EU. Customer administrators can configure their prompt evaluation location to the EU to ensure that their prompts are processed in the EU Data Boundary.

Data Sharing

Data sharing in Copilot for Security is used to validate product performance and conduct human review on data to build and validate Microsoft's security AI model. When data sharing is opted in, Customer Data such as prompts and responses are shared with Microsoft to enhance product performance, improve accuracy, and address response latency. When this occurs, Customer Data such as prompts can be stored outside of the EU Data Boundary. Data sharing is turned on by default. Customer administrators can disable data sharing for Customer Data during the first run experience, or at any time thereafter.