Security

This section describes how Microsoft protects customers’ business data and delivers Microsoft Office 365 services securely and reliably. It also describes how Microsoft enhances security for each of the Office 365 services. For more detailed information, visit the Office 365 Trust Center.

Protection is provided at multiple levels, including:

• Physical layers at data centers   This includes physical controls, video surveillance, and access control.
• Logical layers   This includes data isolation, hosted applications security, infrastructure services, network level, identity and access management, federated identity, and single sign-on.

Physical security

Microsoft ensures that the environment in which the Office 365 customer’s data is stored is physically secured by controlling environment access through multiple security checks. These physical security checks are applied at multiple levels in the Microsoft data centers, and Office 365 services are delivered through carrier-class data centers that ensure consistent delivery according to the services’ service-level agreements (SLAs). These data centers include the following industry-standard features:

• Secure physical access for authorized personnel only   Access is restricted by job function so that only essential personnel receive authorization to manage customers’ applications and services. Physical access authorization utilizes multiple authentication and security processes: badge and smartcard, biometric scanners, on-premises security officers, continuous video surveillance, and two-factor authentication for physical access to the data center environment.
• Redundant power supplies   Each data center has two separate power feeds, battery backup, and diesel generators (with alternative fuel delivery contracts in place).
• Climate control   This ensures that equipment runs at optimal temperature and humidity.
• Natural disaster control   This includes seismically braced racks where required and fire prevention and extinguishing systems.
• Physical monitoring   This includes motion sensors, 24-hour secured access, video camera surveillance, and security breach alarms.
• Worldwide Microsoft data center locations   Office 365 services are deployed in Microsoft data centers that are located around the world, and offer geographically local hosting with global availability.
• Secure network design and operations   The networks within the Office 365 data centers are designed to create multiple separate network segments within each data center. This segmentation helps to provide physical separation of critical, back-end servers and storage devices from the public-facing interfaces.
• Exceptional hardware   The underlying hardware used in Microsoft data centers is specifically designed to operate as efficiently, effectively, and securely as possible. The hardware helps Microsoft eliminate unnecessary costs, save power and space consumption, and pass on these savings to Office 365 customers.

Logical security

Data is secured in five different layers:

• Data
• Application
• Host
• Network
• Physical

For more information, see the Security in Office 365 White Paper.

Service security

For more information about security for specific services, see the following topics:

• Exchange Online
• Lync Online
• SharePoint Online
• Office 365 ProPlus
• Project Online

Features

Tell us what you think

If you have comments or questions about this topic, we'd love to hear from you. Just send your feedback to Office 365 Service Description Feedback. Your comments will help us provide the most accurate and concise content.