Explore the security principles of Microsoft 365 architecture
To maintain the security of Microsoft 365, we embed security into our service architecture to mitigate security risks associated with cloud environments. We design our services using a robust set of core security principles and make sure those principles are embedded deeply into service design and operations.
The key principles that influence Microsoft's approach to security for Microsoft 365 include:
- Data privacy: Our customers own their data, and Microsoft 365 gives customers the tools to govern, manage, and control access to their data in Microsoft 365 services. Our services are architected to enable our engineers to operate without touching customer data unless and until requested by the customer. We implement Zero Standing Access (ZSA) and automate our services as much as possible to limit human interaction with customer data.
- Security by design: Security priorities and requirements are embedded into the design of new features and capabilities, ensuring that our strong security posture scales with the service. Security is embedded since the early stages of the design and through the entire lifecycle of the service using Microsoft's Security Development Lifecycle (SDL).
- Assume breach: We treat every entity in our services as a possible threat, including personnel administering the service, tenants using the service, and the service infrastructure itself. Assume breach mitigates the impact of security incidents by limiting the damage an adversary can cause if part of the system experiences a breach. It also drives us to continuously improve security monitoring capabilities to detect and respond to security threats quickly and effectively.
- Defense-In-Depth: Our services implement a Defense-In-Depth approach to security, with multiple layers of security controls reinforcing one another to provide increased protection. For example, our services use multifactor authentication to provide protection against stolen credentials. If an account is compromised, our security monitoring is designed to detect and alert on anomalous behavior. Meanwhile, encryption of all data at rest and in transit complements Zero Standing Access to provide protection against an account being used to gain unauthorized access to customer data.
- Breach Boundaries: Our services implement breach boundaries using network, service, and tenant-level isolation. These boundaries ensure that identities and infrastructure in one boundary are isolated from resources in other boundaries. Compromise of one boundary should not lead to compromise of others. For example, tenant isolation protects tenants from impacting one another through Microsoft 365's shared infrastructure.
- Resiliency: Our services are designed to be resilient against faults and failures to maintain service availability and provide continuous protection of customer data. Resiliency is a design principle that informs the architecture of Microsoft 365.