Privacy, security, and compliance in Microsoft 365 Backup

Microsoft is transparent about the specific policies, operational practices, and technologies that help you ensure the privacy, security, and compliance of your data across Microsoft 365 Backup.

• Microsoft respects the privacy and ownership of data you use.

• None of your organization's data is used or transferred by Microsoft to train AI models, large-language models, or any other models.

• Your data remains securely within your organization’s tenant.

Privacy

Privacy is built into all Microsoft 365 Backup experiences. Microsoft 365 Backup services adhere to the Microsoft Privacy Statement and follow Microsoft's compliance with General Data Protection Regulation and the Microsoft EU Data Boundary.

Microsoft 365 Backup inherits privacy features and settings from Microsoft 365 and SharePoint, where applicable.

GDPR compliance

Microsoft 365 Backup supports compliance with General Data Protection Regulation (GDPR) requirements.

Data residency

Data residency refers to the geographic location where data is stored at rest. The way that data is transferred and stored in Microsoft 365 Backup is defined in the Microsoft Products and Services Data Protection Addendum (DPA).

All data within Microsoft 365 Backup is stored within the customer tenant for any given service and follows the standard Microsoft 365 data storage guidelines by available geography.

Security

Microsoft 365 Backup works with and integrates into Microsoft 365. This means that the Microsoft 365 security capabilities—such role-based access, identity and app management, and others—apply to Microsoft 365 Backup.

Compliance

Microsoft offers a comprehensive set of compliance offerings to help your organization comply with national, regional, and industry-specific requirements governing the collection and use and data.

Microsoft 365 Backup is also covered under the Microsoft Product Terms and Data Protection Agreement (DPA). Learn more on the Microsoft Trust Center.

For more detailed information, see the following resources:

• Microsoft 365 – Quick tasks for getting started with compliance in Microsoft Purview

• Microsoft SharePoint – Plan compliance requirements for SharePoint and OneDrive

• Microsoft Graph – Use the Microsoft Graph compliance and privacy APIs

• Microsoft Entra ID – Microsoft Entra security baseline for Microsoft Entra ID

• Azure – Azure, Dynamics 365, Microsoft 365, and Power Platform compliance offerings