Difference between revisions of "Microsoft Azure"

From LIMSWiki
Jump to navigationJump to search
(Undo revision 42393 by Shawndouglas (talk))
m (Text replacement - "BtB Software, LLC" to "BtB Software, LLC")
 
(8 intermediate revisions by the same user not shown)
Line 21: Line 21:
| products        = [[Infrastructure as a service|IaaS]], [[Platform as a service|PaaS]], [[Database as a service|DBaaS]], [[Desktop virtualization#Desktop as a service|DaaS]]
| products        = [[Infrastructure as a service|IaaS]], [[Platform as a service|PaaS]], [[Database as a service|DBaaS]], [[Desktop virtualization#Desktop as a service|DaaS]]
| services        =  
| services        =  
| revenue          = $38.0 billion (2020, Q4)<ref name="MicrosoftEarnings20">{{cite web |url=https://www.microsoft.com/en-us/Investor/earnings/FY-2020-Q4/press-release-webcast |title=Microsoft Cloud Strength Drives Fourth Quarter Results |work=Microsoft Investor Relations |date=22 July 2020 |accessdate=28 April 2021}}</ref>
| revenue          = $34.0 billion (FY 2022)<ref name="ViswanathanMicro23">{{cite web |url=https://www.bigtechwire.com/2023/06/30/microsoft-azure-generated-34b-in-revenue-in-fy22-about-half-of-the-revenue-of-aws/ |title=Microsoft Azure’s Real Revenue Revealed: How Does It Compare to AWS? |author=Viswanathan, P. |work=BigTechWire |date=30 June 2023 |accessdate=04 August 2023}}</ref>
| operating_income =  
| operating_income =  
| net_income      =  
| net_income      =  
Line 37: Line 37:
}}
}}


'''Microsoft Azure''' is a a collection of public, private, hybrid, and multicloud [[cloud computing]] services offered by Microsoft, an American multinational information technology company. Microsoft Azure deploys to over 160 data centers in various locations around the world.<ref name="MicrosoftAzureGlobal">{{cite web |url=https://azure.microsoft.com/en-us/global-infrastructure/ |title=Azure Global Infrastructure |publisher=Microsoft |accessdate=28 April 2021}}</ref> More than 200 different products and services are associated with Microsoft Azure, representing elastic computing, networking, content delivery, data storage, database management, security management, enterprise management, [[data analysis]], container management, developer support, [[blockchain]] management, media management, [[internet of things]], and [[artificial intelligence]].<ref name="MicrosoftAzureProd">{{cite web |url=https://azure.microsoft.com/en-us/services/ |title=Azure Products |publisher=Microsoft |accessdate=28 April 2021}}</ref>
'''Microsoft Azure''' is a collection of public, private, hybrid, and multicloud [[cloud computing]] services offered by Microsoft, an American multinational information technology company. Microsoft Azure deploys to over 160 data centers in various locations around the world.<ref name="MicrosoftAzureGlobal">{{cite web |url=https://azure.microsoft.com/en-us/explore/global-infrastructure/ |title=Azure Global Infrastructure |publisher=Microsoft |accessdate=04 August 2023}}</ref> More than 200 different products and services are associated with Microsoft Azure, representing elastic computing, networking, content delivery, data storage, database management, security management, enterprise management, [[data analysis]], container management, developer support, [[blockchain]] management, media management, [[internet of things]], and [[artificial intelligence]].<ref name="MicrosoftAzureProd">{{cite web |url=https://azure.microsoft.com/en-us/products/ |title=Azure Products |publisher=Microsoft |accessdate=04 August 2023}}</ref>


==Provider research==
==Provider research==
This section uses public information to provide some answers to the 18 questions posed in Chapter 5 of the wiki-based guide ''[[LII:Choosing and Implementing a Cloud-based Service for your Laboratory|Choosing and Implementing a Cloud-based Service for your Laboratory]]''. In some cases, public information could not be found, and a recommendation to further discuss the question with the cloud service provider (CSP) is made.
This section uses public information to provide some answers to the 18 questions posed in Chapter 6 of the wiki-based guide ''[[LII:Choosing and Implementing a Cloud-based Service for Your Laboratory|Choosing and Implementing a Cloud-based Service for Your Laboratory]]''. In some cases, public information could not be found, and a recommendation to further discuss the question with the cloud service provider (CSP) is made.




1. '''What experience do you have working with laboratory customers in our specific industry?'''
1. '''What experience do you have working with laboratory customers in our specific industry?'''


Known [[Laboratory|laboratories]] and related organizations leaning on Azure include the Association of Public Health Laboratories<ref name="APHLBringing20">{{cite web |url=https://www.aphlblog.org/bringing-covid-19-exposure-notification-to-the-public-health-community/ |title=Bringing COVID-19 exposure notification to the public health community |publisher=Association of Public Health Laboratories |date=17 July 2020 |accessdate=17 April 2021}}</ref>, Bio-Rad Laboratories<ref name="BioRadAPIPortal">{{cite web |url=https://bioradqsdapim-non-prod.portal.azure-api.net/ |title=Bio-Rad Laboratories, Inc. API |publisher=Bio-Rad Laboratories, Inc. |accessdate=17 April 2021}}</ref>, Northwest Nuclear Laboratories<ref name="NNLITTech">{{cite web |url=https://www.nwnlabs.org/computer-science |title=IT Technology & Telemetry |publisher=Northwest Nuclear Laboratories |accessdate=17 April 2021}}</ref>, and PathWest Laboratory Medicine WA.<ref name="Yates-RobertsPath20">{{cite web |url=https://www.technologyrecord.com/Article/pathwest-uses-microsoft-azure-to-improve-transplant-outcomes-112083 |title=PathWest uses Microsoft Azure to improve transplant outcomes |author=Yates-Roberts, E. |work=The Record |date=03 September 2020 |accessdate=17 April 2021}}</ref> Additionally, laboratory informatics software developers like [[BtB Software, LLC]]<ref name="BtBHome">{{cite web |url=https://www.btbsoftware.com/ |title=BtB Software: LIMS; Designed for Public Health and Private Clinical Laboratories |publisher=BtB Software, LLC |accessdate=17 April 2021}}</ref>, EarthSoft<ref name="ESEquis17">{{cite web |url=https://earthsoft.com/wp-content/uploads/2017/08/Microsoft-Azure-Partner-Datasheet-EarthSoft.pdf |format=PDF |title=EQuIS Software Offerings on Microsoft Azure Query and Export Data, Integrate with Sensors, and Serve Other Environmental Project Management Needs |publisher=Microsoft Corporation |date=2017 |accessdate=17 April 2021}}</ref>, [[Eusoft Srl]]<ref name="EusoftLIMS19">{{cite web |url=https://www.eusoft.co.uk/meeting/free-lims-webinar-advantages-and-challenges-of-the-cloud-computing/ |title=LIMS Webinar: Advantages and challenges of the Cloud Computing |publisher=Eusoft Srl |date=02 May 2019 |accessdate=17 April 2021}}</ref>, and TRIBVN Healthcare<ref name="TP_TRIBVN20">{{cite web |url=https://tissuepathology.com/2020/12/07/tribvn-healthcare-announces-full-compatibility-of-its-digital-health-solutions-with-microsoft-azure/ |title=TRIBVN Healthcare Announces Full Compatibility of its Digital Health Solutions with Microsoft Azure |author=TRIBVN Healthcare |work=TissuePathology.com |date=07 December 2020 |accessdate=17 April 2021}}</ref> also turn to Microsoft Azure to host their software solutions. A Microsoft Azure representative is likely to be able to supply more examples of laboratories and laboratory informatics developers that use or have used Microsoft Azure.
Known [[Laboratory|laboratories]] and related organizations leaning on Azure include the Association of Public Health Laboratories<ref name="APHLBringing20">{{cite web |url=https://www.aphlblog.org/bringing-covid-19-exposure-notification-to-the-public-health-community/ |title=Bringing COVID-19 exposure notification to the public health community |publisher=Association of Public Health Laboratories |date=17 July 2020 |accessdate=04 August 2023}}</ref>, Bio-Rad Laboratories<ref name="BioRadAPIPortal">{{cite web |url=https://bioradqsdapim-non-prod.portal.azure-api.net/ |title=Bio-Rad Laboratories, Inc. API |publisher=Bio-Rad Laboratories, Inc. |accessdate=04 August 2023}}</ref>, Northwest Nuclear Laboratories<ref name="NNLITTech">{{cite web |url=https://www.nwnlabs.org/computer-science |title=IT Technology & Telemetry |publisher=Northwest Nuclear Laboratories |accessdate=04 August 2023}}</ref>, and PathWest Laboratory Medicine WA.<ref name="Yates-RobertsPath20">{{cite web |url=https://www.technologyrecord.com/Article/pathwest-uses-microsoft-azure-to-improve-transplant-outcomes-112083 |archiveurl=https://web.archive.org/web/20210227162040/https://www.technologyrecord.com/Article/pathwest-uses-microsoft-azure-to-improve-transplant-outcomes-112083 |title=PathWest uses Microsoft Azure to improve transplant outcomes |author=Yates-Roberts, E. |work=The Record |date=03 September 2020 |archivedate=03 September 2020 |accessdate=04 August 2023}}</ref> Additionally, laboratory informatics software developers like [[Vendor:BtB Software, LLC|BtB Software, LLC]]<ref name="BtBHome">{{cite web |url=https://www.btbsoftware.com/ |title=BtB Software: LIMS; Designed for Public Health and Private Clinical Laboratories |publisher=BtB Software, LLC |accessdate=04 August 2023}}</ref>, EarthSoft<ref name="ESEquis17">{{cite web |url=https://earthsoft.com/wp-content/uploads/2017/08/Microsoft-Azure-Partner-Datasheet-EarthSoft.pdf |format=PDF |title=EQuIS Software Offerings on Microsoft Azure Query and Export Data, Integrate with Sensors, and Serve Other Environmental Project Management Needs |publisher=Microsoft Corporation |date=2017 |accessdate=04 August 2023}}</ref>, [[Vendor:Eusoft Srl|Eusoft Srl]]<ref name="EusoftLIMS19">{{cite web |url=https://www.eusoft.co.uk/meeting/free-lims-webinar-advantages-and-challenges-of-the-cloud-computing/ |title=LIMS Webinar: Advantages and challenges of the Cloud Computing |publisher=Eusoft Srl |date=02 May 2019 |accessdate=04 August 2023}}</ref>, and TRIBVN Healthcare<ref name="TP_TRIBVN20">{{cite web |url=https://tissuepathology.com/2020/12/07/tribvn-healthcare-announces-full-compatibility-of-its-digital-health-solutions-with-microsoft-azure/ |title=TRIBVN Healthcare Announces Full Compatibility of its Digital Health Solutions with Microsoft Azure |author=TRIBVN Healthcare |work=TissuePathology.com |date=07 December 2020 |accessdate=04 August 2023}}</ref> also turn to Microsoft Azure to host their software solutions. A Microsoft Azure representative is likely to be able to supply more examples of laboratories and laboratory informatics developers that use or have used Microsoft Azure.




2. '''Can your solution readily integrate with our other systems and business processes, making it easier for our end users to perform their tasks?'''
2. '''Can your solution readily integrate with our other systems and business processes, making it easier for our end users to perform their tasks?'''


It will ultimately be up to your organization to get an answer from Microsoft tailored to your systems and business processes. However, this much can be said about Microsoft Azure integrations. Microsoft provides a list of [https://azure.microsoft.com/en-us/product-categories/integration/ six integration tools] to better integrate applications, data, and processes seamlessly: Azure Logic Apps, Service Bus, API Management, Event Grid, Azure Functions, and Azure Data Factory. These tools assist with workflow management, hybrid cloud connections, API management, service management, and event-driven process management.<ref name="MicrosoftIntegrat">{{cite web |url=https://azure.microsoft.com/en-us/product-categories/integration/ |title=Integration Services |publisher=Microsoft Corporation |accessdate=17 April 2021}}</ref> Consult the documentation for each to learn more.
It will ultimately be up to your organization to get an answer from Microsoft tailored to your systems and business processes. However, this much can be said about Microsoft Azure integrations. Microsoft provides a list of [https://azure.microsoft.com/en-us/products/category/integration/ six integration tools] to better integrate applications, data, and processes seamlessly: Azure Logic Apps, Service Bus, API Management, Event Grid, Azure Functions, and Azure Data Factory. These tools assist with workflow management, hybrid cloud connections, API management, service management, and event-driven process management.<ref name="MicrosoftIntegrat">{{cite web |url=https://azure.microsoft.com/en-us/products/category/integration/ |title=Integration Services |publisher=Microsoft Corporation |accessdate=04 August 2023}}</ref> Consult the documentation for each to learn more.




3. '''What is the average total historical downtime for the service(s) we're interested in?'''
3. '''What is the average total historical downtime for the service(s) we're interested in?'''


Some public information is made available about historic outages and downtime. Microsoft Azure has a [https://status.azure.com/en-us/status systems status page] with status history (you have to click on the "Azure status history" link at the top right). You should be able to read through the incident details for each issue, going back through a fair amount of history. This will give you a partial picture of the issues experienced in the past, as well as any scheduled maintenance and currently impacted services. A follow-up on this question with a Microsoft Azure representative may reveal more historical downtime history for the services you are interested in.
Some public information is made available about historic outages and downtime. Microsoft Azure has a [https://azure.status.microsoft/en-us/status systems status page] with status history (you have to click on the "Azure status history" link at the top right). You should be able to read through the incident details for each issue, going back through a fair amount of history. This will give you a partial picture of the issues experienced in the past, as well as any scheduled maintenance and currently impacted services. A follow-up on this question with a Microsoft Azure representative may reveal more historical downtime history for the services you are interested in.




Line 65: Line 65:
5. '''Where are your servers located, and how is data securely transferred to and from those servers?'''
5. '''Where are your servers located, and how is data securely transferred to and from those servers?'''


Microsoft Azure organizes its data centers into "geographies," which contain one or more regions. Some regions have availability zones, some don't. Those regions that don't have availability zones may use "availability sets," a logical grouping of virtual machines, to provide redundancy and availability.<ref name="MicrosoftEnabling21">{{cite web |url=https://azure.microsoft.com/mediahandler/files/resourcefiles/achieving-compliant-data-residency-and-security-with-azure/Enabling_Data_Residency_and_Data_Protection_in_Azure_Regions-2021.pdf |format=PDF |title=Enabling Data Residency and Data Protection in Microsoft Azure Regions |publisher=Microsoft Corporation |date=April 2021 |accessdate=17 April 2021}}</ref> Azure uses its Content Delivery Network "for rapidly delivering high-bandwidth content to users by caching their content at strategically placed physical nodes across the world."<ref name="UaWhat18">{{cite web |url=https://docs.microsoft.com/en-us/azure/cdn/cdn-overview |title=What is a content delivery network on Azure? |author=Ua, D.; Sudbring, A.; Coulter, D. et al. |work=Microsoft Documentation |publisher=Microsoft Corporation |date=09 May 2018 |accessdate=17 April 2021}}</ref> When moving data to and from on-premises and Microsoft Azure systems, multiple [https://docs.microsoft.com/en-us/azure/architecture/data-guide/scenarios/data-transfer transfer options] exist, including physical transport (via Azure Import/Export or Azure Data Box), programmatic data transfer (via Azure CLI, AzCopy, PowerShell, etc.), or managed service transfer (via Azure Data Factory).<ref name="TejadaTrans19">{{cite web |url=https://docs.microsoft.com/en-us/azure/architecture/data-guide/scenarios/data-transfer |title=Transferring data to and from Azure |author=Tejada, Z.; Kshirsagar, D.; Coulter, D. et al. |work=Microsoft Documentation |publisher=Microsoft Corporation |date=20 November 2019 |accessdate=17 April 2021}}</ref> As for the [https://docs.microsoft.com/en-us/azure/security/fundamentals/encryption-overview security of data in transit], Microsoft addresses this with various encryption mechanisms, including data-link layer encryption, TLS encryption, HTTPS, SMB encryption, SSH, etc.<ref name="BaldwinAzure20">{{cite web |url=https://docs.microsoft.com/en-us/azure/security/fundamentals/encryption-overview |title=Azure encryption overview |author=Baldwin, M.; Coulter, D.; Campise, K. et al. |work=Microsoft Documentation |publisher=Microsoft Corporation |date=20 July 2020 |accessdate=17 April 2021}}</ref> Consult the documentation or a representative for more information.  
Microsoft Azure organizes its data centers into "geographies," which contain one or more regions. Some regions have availability zones, some don't. Those regions that don't have availability zones may use "availability sets," a logical grouping of virtual machines, to provide redundancy and availability.<ref name="MicrosoftEnabling21">{{cite web |url=https://azure.microsoft.com/mediahandler/files/resourcefiles/achieving-compliant-data-residency-and-security-with-azure/Enabling_Data_Residency_and_Data_Protection_in_Azure_Regions-2021.pdf |format=PDF |title=Enabling Data Residency and Data Protection in Microsoft Azure Regions |publisher=Microsoft Corporation |date=April 2021 |accessdate=04 August 2023}}</ref> Azure uses its Content Delivery Network "for rapidly delivering high-bandwidth content to users by caching their content at strategically placed physical nodes across the world."<ref name="UaWhat18">{{cite web |url=https://learn.microsoft.com/en-us/azure/cdn/cdn-overview |title=What is a content delivery network on Azure? |author=Ua, D.; Sudbring, A.; Coulter, D. et al. |work=Microsoft Documentation |publisher=Microsoft Corporation |date=27 March 2023 |accessdate=04 August 2023}}</ref> When moving data to and from on-premises and Microsoft Azure systems, multiple [https://docs.microsoft.com/en-us/azure/architecture/data-guide/scenarios/data-transfer transfer options] exist, including physical transport (via Azure Import/Export or Azure Data Box), programmatic data transfer (via Azure CLI, AzCopy, PowerShell, etc.), or managed service transfer (via Azure Data Factory).<ref name="TejadaTrans19">{{cite web |url=https://docs.microsoft.com/en-us/azure/architecture/data-guide/scenarios/data-transfer |title=Transfer data to and from Azure |author=Tejada, Z.; Kshirsagar, D.; Coulter, D. et al. |work=Microsoft Documentation |publisher=Microsoft Corporation |date=16 December 2022 |accessdate=04 August 2023}}</ref> As for the [https://docs.microsoft.com/en-us/azure/security/fundamentals/encryption-overview security of data in transit], Microsoft addresses this with various encryption mechanisms, including data-link layer encryption, TLS encryption, HTTPS, SMB encryption, SSH, etc.<ref name="BaldwinAzure20">{{cite web |url=https://docs.microsoft.com/en-us/azure/security/fundamentals/encryption-overview |title=Azure encryption overview |author=Baldwin, M.; Coulter, D.; Campise, K. et al. |work=Microsoft Documentation |publisher=Microsoft Corporation |date=23 February 2023 |accessdate=04 August 2023}}</ref> Consult the documentation or a representative for more information.  




6. '''Who will have access to our data (including subcontractors), and what credentials, certifications, and compliance training do they have?'''
6. '''Who will have access to our data (including subcontractors), and what credentials, certifications, and compliance training do they have?'''


Microsoft Azure says this about physical security in relation to its personnel<ref name="LanfearAzure20">{{cite web |url=https://docs.microsoft.com/en-us/azure/security/fundamentals/physical-security |title=Azure facilities, premises, and physical security |author=Lanfear, T.; Lehr, B.; Wassenaar, B. et al. |work=Microsoft Documentation |publisher=Microsoft Corporation |date=10 July 2020 |accessdate=17 April 2021}}</ref>:
Microsoft Azure says this about physical security in relation to its personnel<ref name="LanfearAzure20">{{cite web |url=https://learn.microsoft.com/en-us/azure/security/fundamentals/physical-security |title=Azure facilities, premises, and physical security |author=Lanfear, T.; Lehr, B.; Wassenaar, B. et al. |work=Microsoft Documentation |publisher=Microsoft Corporation |date=13 February 2023 |accessdate=04 August 2023}}</ref>:


<blockquote>A need-to-access basis helps keep the number of individuals needed to complete a task in the datacenters to the bare minimum. After Microsoft grants permission, an individual only has access to the discrete area of the datacenter required, based on the approved business justification. Permissions are limited to a certain period of time, and then expire.</blockquote>
<blockquote>A need-to-access basis helps keep the number of individuals needed to complete a task in the datacenters to the bare minimum. After Microsoft grants permission, an individual only has access to the discrete area of the datacenter required, based on the approved business justification. Permissions are limited to a certain period of time, and then expire.</blockquote>
Line 79: Line 79:
7. '''Will our sensitive and regulated data be stored on a machine dedicated to complying with the necessary regulations?'''
7. '''Will our sensitive and regulated data be stored on a machine dedicated to complying with the necessary regulations?'''


Not all [https://azure.microsoft.com/en-us/global-infrastructure/geographies/ Microsoft Azure machines] have the same controls on them; it will depend on the region, product, and compliance requirements of your lab. That said, verify with a representative that the machine your data will land on meets all the necessary regulations affecting your data.
Not all [https://azure.microsoft.com/en-us/explore/global-infrastructure/geographies/ Microsoft Azure machines] have the same controls on them; it will depend on the region, product, and compliance requirements of your lab. That said, verify with a representative that the machine your data will land on meets all the necessary regulations affecting your data.




8. '''How segregated is our cloud data from another customer's, i.e., will lapses of security of another customer's cloud affect our cloud? (It typically won't, but asking the question will hopefully prompt the provider to better explain how your data is segregated.)'''
8. '''How segregated is our cloud data from another customer's, i.e., will lapses of security of another customer's cloud affect our cloud? (It typically won't, but asking the question will hopefully prompt the provider to better explain how your data is segregated.)'''


Microsoft Azure has moved past a paradigm of physical separation of data pools. In a Microsoft Policy Paper, the company argues that "multitenant environments meet the same standards as physically separated ones," while providing context to seven common security concerns raised by those wary of logical separation in the cloud. They add that "[s]uch concerns should, however, be considered in a larger context of balancing benefits and risks, e.g., comparing the competitiveness impact of not moving to the cloud with the risk of downtime should a cloud provider suffer an outage."<ref name="MicrosoftSecurityImp">{{cite web |url=https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/REXpGk |format=PDF |title=Security implications of logical separation in the cloud |publisher=Microsoft Corporation |accessdate=18 April 2021}}</ref>
Microsoft Azure has moved past a paradigm of physical separation of data pools. In a Microsoft Policy Paper, the company argues that "multitenant environments meet the same standards as physically separated ones," while providing context to seven common security concerns raised by those wary of logical separation in the cloud. They add that "[s]uch concerns should, however, be considered in a larger context of balancing benefits and risks, e.g., comparing the competitiveness impact of not moving to the cloud with the risk of downtime should a cloud provider suffer an outage."<ref name="MicrosoftSecurityImp">{{cite web |url=https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/REXpGk |format=PDF |title=Security implications of logical separation in the cloud |publisher=Microsoft Corporation |accessdate=04 August 2023}}</ref>


The concept of tenant isolation is addressed by Microsoft Azure in multiple documents. The [https://docs.microsoft.com/en-us/azure/security/fundamentals/isolation-choices primary documentation] addresses the concepts and architecture behind Microsoft Azure's tenant isolation practices, while another [https://docs.microsoft.com/en-us/azure/azure-government/azure-secure-isolation-guidance lengthy document] addresses the security aspects of tenancy isolation behind Microsoft Azure. Further technical details on how your data is segregated, if required, may be garnered in discussion with Microsoft Azure.
The concept of tenant isolation is addressed by Microsoft Azure in multiple documents. The [https://docs.microsoft.com/en-us/azure/security/fundamentals/isolation-choices primary documentation] addresses the concepts and architecture behind Microsoft Azure's tenant isolation practices, while another [https://docs.microsoft.com/en-us/azure/azure-government/azure-secure-isolation-guidance lengthy document] addresses the security aspects of tenancy isolation behind Microsoft Azure. Further technical details on how your data is segregated, if required, may be garnered in discussion with Microsoft Azure.
Line 93: Line 93:
Microsoft Azure documents its security practices in several places:
Microsoft Azure documents its security practices in several places:


* [https://azure.microsoft.com/en-us/services/security-center/ Azure security center]
* [https://learn.microsoft.com/en-us/azure/security/fundamentals/ Azure security documentation]
* [https://docs.microsoft.com/en-us/azure/security/ Azure security documentation]
* [https://azure.microsoft.com/en-us/explore/security/ Azure security overview]
* [https://azure.microsoft.com/en-us/overview/security/ Azure security overview]
* [https://docs.microsoft.com/en-us/azure/security/fundamentals/overview Introduction to Azure security]
* [https://docs.microsoft.com/en-us/azure/security/fundamentals/overview Introduction to Azure security]


Line 103: Line 102:
10. '''How do you test your platform's security?'''
10. '''How do you test your platform's security?'''


Customers can perform penetration testing of their own Azure-hosted applications without pre-approval, though they must still comply with Microsoft Cloud Unified Penetration Testing Rules of Engagement.<ref name="LanfearPen21">{{cite web |url=https://docs.microsoft.com/en-us/azure/security/fundamentals/pen-testing |title=Penetration testing |author=Lanfear, T.; Toh, A.; Coulter, D. et al. |work=Microsoft Documentation |publisher=Microsoft Corporation |date=03 February 2021 |accessdate=18 April 2021}}</ref> As for internal security testing, a 2014 blog post (along with a [https://download.microsoft.com/download/C/1/9/C1990DBA-502F-4C2A-848D-392B93D9B9C3/Microsoft_Enterprise_Cloud_Red_Teaming.pdf detailed whitepaper]) indicates that Microsoft Azure security gets tested by its Red Team.<ref name="FieldRed14">{{cite web |url=https://azure.microsoft.com/en-us/blog/red-teaming-using-cutting-edge-threat-simulation-to-harden-the-microsoft-enterprise-cloud/ |title=Red Teaming: Using Cutting-Edge Threat Simulation to Harden the Microsoft Enterprise Cloud |author=Field, S. |work=Microsoft Azure Blog |date=11 November 2014 |accessdate=18 April 2021}}</ref> That practice is still presumably active today, but confirm this with a Microsoft Azure representative.
Customers can perform penetration testing of their own Azure-hosted applications without pre-approval, though they must still comply with Microsoft Cloud Unified Penetration Testing Rules of Engagement.<ref name="LanfearPen21">{{cite web |url=https://docs.microsoft.com/en-us/azure/security/fundamentals/pen-testing |title=Penetration testing |author=Lanfear, T.; Toh, A.; Coulter, D. et al. |work=Microsoft Documentation |publisher=Microsoft Corporation |date=01 April 2023 |accessdate=04 August 2023}}</ref> As for internal security testing, a 2014 blog post (along with a [https://download.microsoft.com/download/C/1/9/C1990DBA-502F-4C2A-848D-392B93D9B9C3/Microsoft_Enterprise_Cloud_Red_Teaming.pdf detailed whitepaper]) indicates that Microsoft Azure security gets tested by its Red Team.<ref name="FieldRed14">{{cite web |url=https://azure.microsoft.com/en-us/blog/red-teaming-using-cutting-edge-threat-simulation-to-harden-the-microsoft-enterprise-cloud/ |title=Red Teaming: Using Cutting-Edge Threat Simulation to Harden the Microsoft Enterprise Cloud |author=Field, S. |work=Microsoft Azure Blog |date=11 November 2014 |accessdate=04 August 2023}}</ref> That practice is still presumably active today, but confirm this with a Microsoft Azure representative.




11. '''What are your policies for security audits, intrusion detection, and intrusion reporting?'''
11. '''What are your policies for security audits, intrusion detection, and intrusion reporting?'''


''Audits'': For customer security auditing, Microsoft states that "Azure provides a wide array of configurable [https://docs.microsoft.com/en-us/azure/security/fundamentals/log-audit security auditing and logging options] to help you identify gaps in your security policies and mechanisms."<ref name="LanfearAzure19">{{cite web |url=https://docs.microsoft.com/en-us/azure/security/fundamentals/log-audit |title=Azure security logging and auditing |author=Lanfear, T.; Wren, B.; Coulter, D. et al. |work=Microsoft Documentation |publisher=Microsoft Corporation |date=31 October 2019 |accessdate=18 April 2021}}</ref> Internally, Microsoft Azure conducts auditing tasks of its own systems, for example with access control. "All access to customer data is strictly logged, and both Microsoft and third parties perform regular audits (as well as sample audits) to attest that any access is appropriate."<ref name="MicrosoftEnabling21" /> It also references its SOC audits "twice a year to verify the effectiveness of its security controls in audit scope."<ref name="MicrosoftEnabling21" />
''Audits'': For customer security auditing, Microsoft states that "Azure provides a wide array of configurable [https://docs.microsoft.com/en-us/azure/security/fundamentals/log-audit security auditing and logging options] to help you identify gaps in your security policies and mechanisms."<ref name="LanfearAzure19">{{cite web |url=https://docs.microsoft.com/en-us/azure/security/fundamentals/log-audit |title=Azure security logging and auditing |author=Lanfear, T.; Wren, B.; Coulter, D. et al. |work=Microsoft Documentation |publisher=Microsoft Corporation |date=19 January 2023 |accessdate=04 August 2023}}</ref> Internally, Microsoft Azure conducts auditing tasks of its own systems, for example with access control. "All access to customer data is strictly logged, and both Microsoft and third parties perform regular audits (as well as sample audits) to attest that any access is appropriate."<ref name="MicrosoftEnabling21" /> It also references its SOC audits "twice a year to verify the effectiveness of its security controls in audit scope."<ref name="MicrosoftEnabling21" />


''Intrusion detection and reporting'': Microsoft Azure [https://docs.microsoft.com/en-us/azure/security/fundamentals/threat-detection provides documentation] to customers on its various threat protection services, including Azure Active Directory, Azure Monitor, and Azure Security Center. These options provide "a wide array of options to configure and customize security to meet the requirements of your app deployments."<ref name="LanfearAzure21">{{cite web |url=https://docs.microsoft.com/en-us/azure/security/fundamentals/threat-detection |title=Azure threat protection |author=Lanfear, T.; Mel; Wren, B. et al. |work=Microsoft Documentation |publisher=Microsoft Corporation |date=03 February 2021 |accessdate=18 April 2021}}</ref> As for its own intrusion detection, Microsoft Azure leans on its Detection and Response Team (DART) to support its own intrusion detection and reporting needs. For more details on internal threat detection and reporting, discuss this with a representative.
''Intrusion detection and reporting'': Microsoft Azure [https://docs.microsoft.com/en-us/azure/security/fundamentals/threat-detection provides documentation] to customers on its various threat protection services, including Azure Active Directory, Azure Monitor, and Azure Security Center. These options provide "a wide array of options to configure and customize security to meet the requirements of your app deployments."<ref name="LanfearAzure21">{{cite web |url=https://docs.microsoft.com/en-us/azure/security/fundamentals/threat-detection |title=Azure threat protection |author=Lanfear, T.; Mel; Wren, B. et al. |work=Microsoft Documentation |publisher=Microsoft Corporation |date=09 March 2023 |accessdate=04 August 2023}}</ref> As for its own intrusion detection, Microsoft Azure leans on its Detection and Response Team (DART) to support its own intrusion detection and reporting needs. For more details on internal threat detection and reporting, discuss this with a representative.




12. '''What data logging information is kept and acted upon in relation to our data?'''
12. '''What data logging information is kept and acted upon in relation to our data?'''


Microsoft Azure details its [https://www.microsoft.com/en-us/trust-center/privacy/customer-data-definitions data definitions] and gives examples of those categories of data, including a little information about what happens to that data. It appears to classify logs as part of service-generated data<ref name="MicrosoftHowMicroCat">{{cite web |url=https://www.microsoft.com/en-us/trust-center/privacy/customer-data-definitions |title=How Microsoft categorizes data for online services |publisher=Microsoft Corporation |accessdate=18 April 2021}}</ref>:
Microsoft Azure details its [https://www.microsoft.com/en-us/trust-center/privacy/customer-data-definitions data definitions] and gives examples of those categories of data, including a little information about what happens to that data. It appears to classify logs as part of service-generated data<ref name="MicrosoftHowMicroCat">{{cite web |url=https://www.microsoft.com/en-us/trust-center/privacy/customer-data-definitions |archiveurl=https://web.archive.org/web/20210519053953/https://www.microsoft.com/en-us/trust-center/privacy/customer-data-definitions |title=How Microsoft categorizes data for online services |publisher=Microsoft Corporation |archivedate=19 May 2021 |accessdate=04 August 2023}}</ref>:


<blockquote>Microsoft aggregates this data from our online services and uses it to make sure performance, security, scaling, and other services that impact the customer experience are operating at the levels our customers require. For example, to understand how to ramp up data center capacity as a customer's use of Microsoft Teams increases, we process log data of their Teams usage. We then review the logs for peak times and decide which data centers to add to meet this capacity.</blockquote>
<blockquote>Microsoft aggregates this data from our online services and uses it to make sure performance, security, scaling, and other services that impact the customer experience are operating at the levels our customers require. For example, to understand how to ramp up data center capacity as a customer's use of Microsoft Teams increases, we process log data of their Teams usage. We then review the logs for peak times and decide which data centers to add to meet this capacity.</blockquote>


Be sure a Microsoft Azure representative provides additional details about what logging information they collect and use as it relates to your data.
However, sometime in 2022, Microsoft removed "service-generated data" from its page, for unknown reasons. Be sure a Microsoft Azure representative provides additional details about what logging information they collect and use as it relates to your data.




Line 129: Line 128:
14. '''For HIPAA-eligible data (e-PHI) we may have, will you sign a business associate agreement?'''
14. '''For HIPAA-eligible data (e-PHI) we may have, will you sign a business associate agreement?'''


Yes, Microsoft Azure will sign a business associate agreement.<ref name="MazzoliHealth21">{{cite web |url=https://docs.microsoft.com/en-us/compliance/regulatory/offering-hipaa-hitech |title=Health Insurance Portability and Accountability (HIPAA) & HITECH Act |author=Mazzoli, R. |work=Microsoft Documentation |publisher=Microsoft Documentation |date=26 March 2021 |accessdate=18 April 2021}}</ref> Consult their [https://docs.microsoft.com/en-us/compliance/regulatory/offering-hipaa-hitech documentation] for more details on their approach to HIPAA compliance.
Yes, Microsoft Azure will sign a business associate agreement.<ref name="MazzoliHealth21">{{cite web |url=https://docs.microsoft.com/en-us/compliance/regulatory/offering-hipaa-hitech |title=Health Insurance Portability and Accountability Act (HIPAA) & Health Information Technology for Economic and Clinical Health (HITECH) Act |author=Mazzoli, R.; Cross, K.C.; Vukos-Walker, C. et al. |work=Microsoft Documentation |publisher=Microsoft Documentation |date=25 April 2023 |accessdate=04 August 2023}}</ref> Consult their [https://docs.microsoft.com/en-us/compliance/regulatory/offering-hipaa-hitech documentation] for more details on their approach to HIPAA compliance.




15. '''What happens to our data should the contract expire or be terminated?'''
15. '''What happens to our data should the contract expire or be terminated?'''


Per the Online Services Data Protection Addendum<ref name="MicrosoftOnline20">{{cite web |url=https://www.microsoftvolumelicensing.com/Downloader.aspx?DocumentId=18600 |format=PDF |title=Microsoft Online Services Data Protection Addendum |publisher=Microsoft Corporation |date=09 December 2020 |accessdate=18 April 2021}}</ref>:
Per the Online Services Data Protection Addendum<ref name="MicrosoftOnline20">{{cite web |url=https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA |title=Microsoft Products and Services Data Protection Addendum (DPA) |publisher=Microsoft Corporation |date=January 2023 |accessdate=04 August 2023}}</ref>:


<blockquote>Except for free trials and LinkedIn services, Microsoft will retain Customer Data that remains stored in Online Services in a limited function account for 90 days after expiration or termination of Customer’s subscription so that Customer may extract the data. After the 90-day retention period ends, Microsoft will disable Customer’s account and delete the Customer Data and Personal Data within an additional 90 days, unless Microsoft is permitted or required by applicable law, or authorized under this DPA, to retain such data.</blockquote>
<blockquote>Except for free trials and LinkedIn services, Microsoft will retain Customer Data that remains stored in Online Services in a limited function account for 90 days after expiration or termination of Customer’s subscription so that Customer may extract the data. After the 90-day retention period ends, Microsoft will disable Customer’s account and delete the Customer Data and Personal Data stored in Online Services within an additional 90 days, unless authorized under this DPA to retain such data.</blockquote>




Line 151: Line 150:
18. '''Are your support services native or outsourced/offshored?'''
18. '''Are your support services native or outsourced/offshored?'''


Stories<ref name="MicrosoftContinues96">{{cite web |url=https://news.microsoft.com/1996/01/02/microsoft-continues-to-outsource-internal-support-and-services/ |title=Microsoft Continues to Outsource Internal Support and Services |publisher=Microsoft Corporation |date=02 January 1996 |accessdate=18 April 2021}}</ref> and anecdotes<ref name="BowieWhy16">{{cite web |url=https://answers.microsoft.com/en-us/msoffice/forum/msoffice_install-mso_win10-mso_365hp/why-does-ms-outsource-technical-support-to-people/fb2e0b2a-7bbb-478e-9b43-22aaebd783ca |title=Why does MS outsource technical support to people who don't speak english? |author=Bowie, W. |work=Microsoft Community |publisher=Microsoft Corporation |date=06 February 2016 |accessdate=18 April 2021}}</ref> of outsourced support services occasionally crop up. Discuss this with a Microsoft Azure representative if you're concerned about localized support services.
Stories<ref name="MicrosoftContinues96">{{cite web |url=https://news.microsoft.com/1996/01/02/microsoft-continues-to-outsource-internal-support-and-services/ |title=Microsoft Continues to Outsource Internal Support and Services |publisher=Microsoft Corporation |date=02 January 1996 |accessdate=04 August 2023}}</ref> and anecdotes<ref name="BowieWhy16">{{cite web |url=https://answers.microsoft.com/en-us/msoffice/forum/all/why-does-ms-outsource-technical-support-to-people/fb2e0b2a-7bbb-478e-9b43-22aaebd783ca |title=Why does MS outsource technical support to people who don't speak english? |author=Bowie, W. |work=Microsoft Community |publisher=Microsoft Corporation |date=06 February 2016 |accessdate=04 August 2023}}</ref> of outsourced support services occasionally crop up. Discuss this with a Microsoft Azure representative if you're concerned about localized support services.
 
==Managed security services==
Microsoft Azure does not provide managed security services. However, Azure customers can utilize partnered "Azure Expert Managed Service Providers."<ref name="AzureMSSP">{{cite web |url=https://www.microsoft.com/azure/partners/azureexpertmsp |title=Azure Expert Managed Service Providers (MSPs) |publisher=Microsoft |accessdate=04 August 2023}}</ref>




Line 157: Line 159:


===Documentation and other media===
===Documentation and other media===
* [https://servicetrust.microsoft.com/ViewPage/MSComplianceGuideV3 Audit reports] (requires log in)
* [https://servicetrust.microsoft.com/ViewPage/HomePageVNext Audit reports] (requires log in)
* [https://azure.microsoft.com/en-us/resources/microsoft-azure-compliance-offerings/ Azure compliance offerings whitepaper]
* [https://azure.microsoft.com/en-us/resources/microsoft-azure-compliance-offerings/ Azure compliance offerings whitepaper]
* [https://azure.microsoft.com/mediahandler/files/resourcefiles/achieving-compliant-data-residency-and-security-with-azure/Enabling_Data_Residency_and_Data_Protection_in_Azure_Regions-2021.pdf Azure data residency and protection whitepaper]
* [https://azure.microsoft.com/mediahandler/files/resourcefiles/achieving-compliant-data-residency-and-security-with-azure/Enabling_Data_Residency_and_Data_Protection_in_Azure_Regions-2021.pdf Azure data residency and protection whitepaper]
Line 166: Line 168:


===External links===
===External links===
* [https://docs.microsoft.com/en-us/azure/architecture/framework/ Microsoft Azure architecture framework or description]
* [https://docs.microsoft.com/en-us/azure/architecture/framework/ Microsoft Azure well-architected framework]
* [https://www.microsoft.com/azure/partners/azureexpertmsp Microsoft Azure Expert Managed Service Providers]
* [https://docs.microsoft.com/en-us/azure/security/fundamentals/shared-responsibility Microsoft Azure shared responsibility model]
* [https://docs.microsoft.com/en-us/azure/security/fundamentals/shared-responsibility Microsoft Azure shared responsibility model]
* [https://azure.microsoft.com/en-us/overview/trusted-cloud/ Microsoft Azure trust center]
* [https://azure.microsoft.com/en-us/explore/trusted-cloud/ Microsoft Azure trust center]


==References==
==References==
{{Reflist|colwidth=30em}}
{{Reflist|colwidth=30em}}
<!---Place all category tags here-->
[[Category:Cloud computing services]]

Latest revision as of 19:33, 11 April 2024

Microsoft Azure
Industry Cloud computing, Web services
Founder(s) Deepak Patil
Headquarters Redmond, Washington, United States
Area served Worldwide
Key people Satya Nadella (CEO)
Products IaaS, PaaS, DBaaS, DaaS
Revenue $34.0 billion (FY 2022)[1]
Website azure.microsoft.com


Microsoft Azure is a collection of public, private, hybrid, and multicloud cloud computing services offered by Microsoft, an American multinational information technology company. Microsoft Azure deploys to over 160 data centers in various locations around the world.[2] More than 200 different products and services are associated with Microsoft Azure, representing elastic computing, networking, content delivery, data storage, database management, security management, enterprise management, data analysis, container management, developer support, blockchain management, media management, internet of things, and artificial intelligence.[3]

Provider research

This section uses public information to provide some answers to the 18 questions posed in Chapter 6 of the wiki-based guide Choosing and Implementing a Cloud-based Service for Your Laboratory. In some cases, public information could not be found, and a recommendation to further discuss the question with the cloud service provider (CSP) is made.


1. What experience do you have working with laboratory customers in our specific industry?

Known laboratories and related organizations leaning on Azure include the Association of Public Health Laboratories[4], Bio-Rad Laboratories[5], Northwest Nuclear Laboratories[6], and PathWest Laboratory Medicine WA.[7] Additionally, laboratory informatics software developers like BtB Software, LLC[8], EarthSoft[9], Eusoft Srl[10], and TRIBVN Healthcare[11] also turn to Microsoft Azure to host their software solutions. A Microsoft Azure representative is likely to be able to supply more examples of laboratories and laboratory informatics developers that use or have used Microsoft Azure.


2. Can your solution readily integrate with our other systems and business processes, making it easier for our end users to perform their tasks?

It will ultimately be up to your organization to get an answer from Microsoft tailored to your systems and business processes. However, this much can be said about Microsoft Azure integrations. Microsoft provides a list of six integration tools to better integrate applications, data, and processes seamlessly: Azure Logic Apps, Service Bus, API Management, Event Grid, Azure Functions, and Azure Data Factory. These tools assist with workflow management, hybrid cloud connections, API management, service management, and event-driven process management.[12] Consult the documentation for each to learn more.


3. What is the average total historical downtime for the service(s) we're interested in?

Some public information is made available about historic outages and downtime. Microsoft Azure has a systems status page with status history (you have to click on the "Azure status history" link at the top right). You should be able to read through the incident details for each issue, going back through a fair amount of history. This will give you a partial picture of the issues experienced in the past, as well as any scheduled maintenance and currently impacted services. A follow-up on this question with a Microsoft Azure representative may reveal more historical downtime history for the services you are interested in.


4. Do we receive comprehensive downtime support in the case of downtime?

Microsoft Azure does not make this answer clear. However, the answer is likely tied to what after-sales support plan you choose. Confirm with Microsoft Azure what downtime support they provide based on the services your organization are interested in.


5. Where are your servers located, and how is data securely transferred to and from those servers?

Microsoft Azure organizes its data centers into "geographies," which contain one or more regions. Some regions have availability zones, some don't. Those regions that don't have availability zones may use "availability sets," a logical grouping of virtual machines, to provide redundancy and availability.[13] Azure uses its Content Delivery Network "for rapidly delivering high-bandwidth content to users by caching their content at strategically placed physical nodes across the world."[14] When moving data to and from on-premises and Microsoft Azure systems, multiple transfer options exist, including physical transport (via Azure Import/Export or Azure Data Box), programmatic data transfer (via Azure CLI, AzCopy, PowerShell, etc.), or managed service transfer (via Azure Data Factory).[15] As for the security of data in transit, Microsoft addresses this with various encryption mechanisms, including data-link layer encryption, TLS encryption, HTTPS, SMB encryption, SSH, etc.[16] Consult the documentation or a representative for more information.


6. Who will have access to our data (including subcontractors), and what credentials, certifications, and compliance training do they have?

Microsoft Azure says this about physical security in relation to its personnel[17]:

A need-to-access basis helps keep the number of individuals needed to complete a task in the datacenters to the bare minimum. After Microsoft grants permission, an individual only has access to the discrete area of the datacenter required, based on the approved business justification. Permissions are limited to a certain period of time, and then expire.

However, Microsoft doesn't publicly mention anything about the certifications and compliance training any of those personnel have. This is a conversation to have with a Microsoft Azure representative.


7. Will our sensitive and regulated data be stored on a machine dedicated to complying with the necessary regulations?

Not all Microsoft Azure machines have the same controls on them; it will depend on the region, product, and compliance requirements of your lab. That said, verify with a representative that the machine your data will land on meets all the necessary regulations affecting your data.


8. How segregated is our cloud data from another customer's, i.e., will lapses of security of another customer's cloud affect our cloud? (It typically won't, but asking the question will hopefully prompt the provider to better explain how your data is segregated.)

Microsoft Azure has moved past a paradigm of physical separation of data pools. In a Microsoft Policy Paper, the company argues that "multitenant environments meet the same standards as physically separated ones," while providing context to seven common security concerns raised by those wary of logical separation in the cloud. They add that "[s]uch concerns should, however, be considered in a larger context of balancing benefits and risks, e.g., comparing the competitiveness impact of not moving to the cloud with the risk of downtime should a cloud provider suffer an outage."[18]

The concept of tenant isolation is addressed by Microsoft Azure in multiple documents. The primary documentation addresses the concepts and architecture behind Microsoft Azure's tenant isolation practices, while another lengthy document addresses the security aspects of tenancy isolation behind Microsoft Azure. Further technical details on how your data is segregated, if required, may be garnered in discussion with Microsoft Azure.


9. Do you have documented data security policies?

Microsoft Azure documents its security practices in several places:

Some security-related documents, like the SOC 2 report, may not be publicly available, requiring direct discussion with a Microsoft Azure representative to obtain them.


10. How do you test your platform's security?

Customers can perform penetration testing of their own Azure-hosted applications without pre-approval, though they must still comply with Microsoft Cloud Unified Penetration Testing Rules of Engagement.[19] As for internal security testing, a 2014 blog post (along with a detailed whitepaper) indicates that Microsoft Azure security gets tested by its Red Team.[20] That practice is still presumably active today, but confirm this with a Microsoft Azure representative.


11. What are your policies for security audits, intrusion detection, and intrusion reporting?

Audits: For customer security auditing, Microsoft states that "Azure provides a wide array of configurable security auditing and logging options to help you identify gaps in your security policies and mechanisms."[21] Internally, Microsoft Azure conducts auditing tasks of its own systems, for example with access control. "All access to customer data is strictly logged, and both Microsoft and third parties perform regular audits (as well as sample audits) to attest that any access is appropriate."[13] It also references its SOC audits "twice a year to verify the effectiveness of its security controls in audit scope."[13]

Intrusion detection and reporting: Microsoft Azure provides documentation to customers on its various threat protection services, including Azure Active Directory, Azure Monitor, and Azure Security Center. These options provide "a wide array of options to configure and customize security to meet the requirements of your app deployments."[22] As for its own intrusion detection, Microsoft Azure leans on its Detection and Response Team (DART) to support its own intrusion detection and reporting needs. For more details on internal threat detection and reporting, discuss this with a representative.


12. What data logging information is kept and acted upon in relation to our data?

Microsoft Azure details its data definitions and gives examples of those categories of data, including a little information about what happens to that data. It appears to classify logs as part of service-generated data[23]:

Microsoft aggregates this data from our online services and uses it to make sure performance, security, scaling, and other services that impact the customer experience are operating at the levels our customers require. For example, to understand how to ramp up data center capacity as a customer's use of Microsoft Teams increases, we process log data of their Teams usage. We then review the logs for peak times and decide which data centers to add to meet this capacity.

However, sometime in 2022, Microsoft removed "service-generated data" from its page, for unknown reasons. Be sure a Microsoft Azure representative provides additional details about what logging information they collect and use as it relates to your data.


13. How thorough are those logs and can we audit them on-demand?

Microsoft Azure users can view their own logs. However, it's unclear if you are able to audit internal Azure operation logs on-demand. This is a conversation to have with a representative.


14. For HIPAA-eligible data (e-PHI) we may have, will you sign a business associate agreement?

Yes, Microsoft Azure will sign a business associate agreement.[24] Consult their documentation for more details on their approach to HIPAA compliance.


15. What happens to our data should the contract expire or be terminated?

Per the Online Services Data Protection Addendum[25]:

Except for free trials and LinkedIn services, Microsoft will retain Customer Data that remains stored in Online Services in a limited function account for 90 days after expiration or termination of Customer’s subscription so that Customer may extract the data. After the 90-day retention period ends, Microsoft will disable Customer’s account and delete the Customer Data and Personal Data stored in Online Services within an additional 90 days, unless authorized under this DPA to retain such data.


16. What happens to our data should you go out of business or suffer a catastrophic event?

It's not publicly clear how Microsoft Azure would handle your data should they go out of business; consult with a representative about this topic. As for catastrophic events, Microsoft Azure uses either availability zones or availability sets for ensuring data availability and redundancy. Those regions with availability zones typically have three. Those regions instead using sets use an undetermined number of them.[13] In regions with availability zones, "[i]f one zone should fail, the [virtual machines] in the other zones will continue to run and Azure will load balance without impacting the customer’s applications."[13] As for availability sets, "[i]f a hardware or software failure occurs, only a subset of your [virtual machines] are impacted and your overall solution stays operational."[13] It's highly unlikely that all availability zones or sets would be affected in an catastrophic event. However, if this is a concern, discuss further data redundancy with a Microsoft Azure representative.


17. Can we use your interface to extract our data when we want, and in what format will it be?

Per the Online Services Data Protection Addendum, "[a]t all times during the term of Customer’s subscription, Customer will have the ability to access, extract, and delete Customer Data stored in each Online Service."[25] However, the format of that data is not addressed. Discuss this topic with a Microsoft Azure representative.


18. Are your support services native or outsourced/offshored?

Stories[26] and anecdotes[27] of outsourced support services occasionally crop up. Discuss this with a Microsoft Azure representative if you're concerned about localized support services.

Managed security services

Microsoft Azure does not provide managed security services. However, Azure customers can utilize partnered "Azure Expert Managed Service Providers."[28]


Additional information

Documentation and other media

External links

References

  1. Viswanathan, P. (30 June 2023). "Microsoft Azure’s Real Revenue Revealed: How Does It Compare to AWS?". BigTechWire. https://www.bigtechwire.com/2023/06/30/microsoft-azure-generated-34b-in-revenue-in-fy22-about-half-of-the-revenue-of-aws/. Retrieved 04 August 2023. 
  2. "Azure Global Infrastructure". Microsoft. https://azure.microsoft.com/en-us/explore/global-infrastructure/. Retrieved 04 August 2023. 
  3. "Azure Products". Microsoft. https://azure.microsoft.com/en-us/products/. Retrieved 04 August 2023. 
  4. "Bringing COVID-19 exposure notification to the public health community". Association of Public Health Laboratories. 17 July 2020. https://www.aphlblog.org/bringing-covid-19-exposure-notification-to-the-public-health-community/. Retrieved 04 August 2023. 
  5. "Bio-Rad Laboratories, Inc. API". Bio-Rad Laboratories, Inc.. https://bioradqsdapim-non-prod.portal.azure-api.net/. Retrieved 04 August 2023. 
  6. "IT Technology & Telemetry". Northwest Nuclear Laboratories. https://www.nwnlabs.org/computer-science. Retrieved 04 August 2023. 
  7. Yates-Roberts, E. (3 September 2020). "PathWest uses Microsoft Azure to improve transplant outcomes". The Record. Archived from the original on 03 September 2020. https://web.archive.org/web/20210227162040/https://www.technologyrecord.com/Article/pathwest-uses-microsoft-azure-to-improve-transplant-outcomes-112083. Retrieved 04 August 2023. 
  8. "BtB Software: LIMS; Designed for Public Health and Private Clinical Laboratories". BtB Software, LLC. https://www.btbsoftware.com/. Retrieved 04 August 2023. 
  9. "EQuIS Software Offerings on Microsoft Azure Query and Export Data, Integrate with Sensors, and Serve Other Environmental Project Management Needs" (PDF). Microsoft Corporation. 2017. https://earthsoft.com/wp-content/uploads/2017/08/Microsoft-Azure-Partner-Datasheet-EarthSoft.pdf. Retrieved 04 August 2023. 
  10. "LIMS Webinar: Advantages and challenges of the Cloud Computing". Eusoft Srl. 2 May 2019. https://www.eusoft.co.uk/meeting/free-lims-webinar-advantages-and-challenges-of-the-cloud-computing/. Retrieved 04 August 2023. 
  11. TRIBVN Healthcare (7 December 2020). "TRIBVN Healthcare Announces Full Compatibility of its Digital Health Solutions with Microsoft Azure". TissuePathology.com. https://tissuepathology.com/2020/12/07/tribvn-healthcare-announces-full-compatibility-of-its-digital-health-solutions-with-microsoft-azure/. Retrieved 04 August 2023. 
  12. "Integration Services". Microsoft Corporation. https://azure.microsoft.com/en-us/products/category/integration/. Retrieved 04 August 2023. 
  13. 13.0 13.1 13.2 13.3 13.4 13.5 "Enabling Data Residency and Data Protection in Microsoft Azure Regions" (PDF). Microsoft Corporation. April 2021. https://azure.microsoft.com/mediahandler/files/resourcefiles/achieving-compliant-data-residency-and-security-with-azure/Enabling_Data_Residency_and_Data_Protection_in_Azure_Regions-2021.pdf. Retrieved 04 August 2023. 
  14. Ua, D.; Sudbring, A.; Coulter, D. et al. (27 March 2023). "What is a content delivery network on Azure?". Microsoft Documentation. Microsoft Corporation. https://learn.microsoft.com/en-us/azure/cdn/cdn-overview. Retrieved 04 August 2023. 
  15. Tejada, Z.; Kshirsagar, D.; Coulter, D. et al. (16 December 2022). "Transfer data to and from Azure". Microsoft Documentation. Microsoft Corporation. https://docs.microsoft.com/en-us/azure/architecture/data-guide/scenarios/data-transfer. Retrieved 04 August 2023. 
  16. Baldwin, M.; Coulter, D.; Campise, K. et al. (23 February 2023). "Azure encryption overview". Microsoft Documentation. Microsoft Corporation. https://docs.microsoft.com/en-us/azure/security/fundamentals/encryption-overview. Retrieved 04 August 2023. 
  17. Lanfear, T.; Lehr, B.; Wassenaar, B. et al. (13 February 2023). "Azure facilities, premises, and physical security". Microsoft Documentation. Microsoft Corporation. https://learn.microsoft.com/en-us/azure/security/fundamentals/physical-security. Retrieved 04 August 2023. 
  18. "Security implications of logical separation in the cloud" (PDF). Microsoft Corporation. https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/REXpGk. Retrieved 04 August 2023. 
  19. Lanfear, T.; Toh, A.; Coulter, D. et al. (1 April 2023). "Penetration testing". Microsoft Documentation. Microsoft Corporation. https://docs.microsoft.com/en-us/azure/security/fundamentals/pen-testing. Retrieved 04 August 2023. 
  20. Field, S. (11 November 2014). "Red Teaming: Using Cutting-Edge Threat Simulation to Harden the Microsoft Enterprise Cloud". Microsoft Azure Blog. https://azure.microsoft.com/en-us/blog/red-teaming-using-cutting-edge-threat-simulation-to-harden-the-microsoft-enterprise-cloud/. Retrieved 04 August 2023. 
  21. Lanfear, T.; Wren, B.; Coulter, D. et al. (19 January 2023). "Azure security logging and auditing". Microsoft Documentation. Microsoft Corporation. https://docs.microsoft.com/en-us/azure/security/fundamentals/log-audit. Retrieved 04 August 2023. 
  22. Lanfear, T.; Mel; Wren, B. et al. (9 March 2023). "Azure threat protection". Microsoft Documentation. Microsoft Corporation. https://docs.microsoft.com/en-us/azure/security/fundamentals/threat-detection. Retrieved 04 August 2023. 
  23. "How Microsoft categorizes data for online services". Microsoft Corporation. Archived from the original on 19 May 2021. https://web.archive.org/web/20210519053953/https://www.microsoft.com/en-us/trust-center/privacy/customer-data-definitions. Retrieved 04 August 2023. 
  24. Mazzoli, R.; Cross, K.C.; Vukos-Walker, C. et al. (25 April 2023). "Health Insurance Portability and Accountability Act (HIPAA) & Health Information Technology for Economic and Clinical Health (HITECH) Act". Microsoft Documentation. Microsoft Documentation. https://docs.microsoft.com/en-us/compliance/regulatory/offering-hipaa-hitech. Retrieved 04 August 2023. 
  25. 25.0 25.1 "Microsoft Products and Services Data Protection Addendum (DPA)". Microsoft Corporation. January 2023. https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA. Retrieved 04 August 2023. 
  26. "Microsoft Continues to Outsource Internal Support and Services". Microsoft Corporation. 2 January 1996. https://news.microsoft.com/1996/01/02/microsoft-continues-to-outsource-internal-support-and-services/. Retrieved 04 August 2023. 
  27. Bowie, W. (6 February 2016). "Why does MS outsource technical support to people who don't speak english?". Microsoft Community. Microsoft Corporation. https://answers.microsoft.com/en-us/msoffice/forum/all/why-does-ms-outsource-technical-support-to-people/fb2e0b2a-7bbb-478e-9b43-22aaebd783ca. Retrieved 04 August 2023. 
  28. "Azure Expert Managed Service Providers (MSPs)". Microsoft. https://www.microsoft.com/azure/partners/azureexpertmsp. Retrieved 04 August 2023.