Where is your data located?

Microsoft Office 365 helps you comply with your data residency requirements and regulations. On this page, we share where certain types of customer data are located at rest for specific Office 365 services. Additionally, the Online Services Terms delineates the data processing terms that govern the location of your customer data.

New Office 365 tenants are defaulted to a datacenter geography (Geo) based on the country of the transaction associated with that tenant’s first subscription.

OR

Datacenter locations by service

More services

Resources

Data residency

Office 365 provides in-Geo data residency, business continuity, and disaster recovery for core customer data.

To maintain reliability and high availability, we replicate your customer data in at least two geographically distributed datacenter locations. Core customer data will only be replicated in datacenter locations in your Geo. Core customer data is customer data committed to be stored at rest only in your Geo according to the Microsoft Online Services Terms. At any given time, your core customer data may be stored at rest in any of the datacenter locations assigned to your Geo.

Consistent experience

Office 365 is designed to provide a consistent experience independent of the location of your customer data.

The performance, international availability, and supported languages of Office 365 are not determined by your Geo and datacenter locations. Microsoft’s continued investments in its global cloud network, global cloud infrastructure, and services architecture help provide users with a singular, consistent experience independent of where their data is stored.

Secure and compliance-driven

Office 365 has robust policies, controls, and systems built in to help keep your data safe and help you comply with your regulations.

Your Office 365 data belongs to you. That means you have complete control over it. We give you extensive privacy controls and visibility into where your data resides and who can get access to it. Microsoft-managed service-level security technologies and policies are enabled by default, and customer-managed controls let you customize your Office 365 environment to fit your organization’s security and compliance needs.

FAQ

Show all

Review our definitions for different types of data on the Microsoft Trust Center as well as the Microsoft Online Services Terms. We refer to core customer data as the customer data that is committed to be stored at rest only within your Geo according to the Microsoft Online Services Terms.

Microsoft is obligated to provide Online Services in accordance with the Microsoft Online Services Terms.

If we expand a current multi-country Geo (Asia Pacific, European Union, or South America) where your data is stored into a new country, we will provide a 1-month advance notice of the change to administrators who have checked the "compliance notifications" option in the My Profile part of the Office 365 Admin center.

We store core customer data at rest only in specified Geos as described in the Microsoft Online Services Terms and we maintain this commitment even when processing your customer data throughout our global system. When we move your data within our global systems and facilities for efficient processing, we implement robust policies and processes to protect it. We encrypt your data in transit, limit unauthorized access and use (even by Microsoft personnel), and avoid unauthorized storage of core customer data outside of your Geo. When your data is in transit on public networks, it is always encrypted.

Microsoft does not disclose the exact addresses of its datacenters. We established this policy to help secure our datacenter facilities.

The performance of Office 365 is not simply proportional to a user’s distance to datacenter locations. Microsoft’s continued investments in its global cloud network, global cloud infrastructure, and the Office 365 services architecture help provide users with a singular, consistent experience independent of where their data is stored at rest. If your users are experiencing performance issues, you should troubleshoot those in depth. Microsoft has published guidance for Office 365 customers to plan for and optimize end-user performance on the Office Support web site.

To help you comply with national, regional, and industry-specific requirements governing the collection and use of individuals’ data, Office 365 offers the most comprehensive set of compliance offerings of any global cloud productivity provider. Please review our compliance offerings and more details in the Office 365 Compliance section on the Microsoft Trust Center. Also, certain Office 365 plans offer further compliance solutions to help you manage your data, comply with legal and regulatory requirements, and monitor actions taken on your data.

Microsoft implements strong measures to help protect your customer data from inappropriate access or use by unauthorized persons. This includes restricting access by Microsoft personnel and subcontractors, and carefully defining requirements for responding to government requests for customer data. However, you can access your own customer data at any time and for any reason. More details are available on the Microsoft Trust Center.

Microsoft automates most Office 365 operations while intentionally limiting its own access to customer data. This helps us manage Office 365 at scale and address the risks of internal threats to customer data. By default, Microsoft engineers have no standing administrative privileges and no standing access to customer data in Office 365. A Microsoft engineer may have limited and logged access to customer data for a limited amount of time, but only when necessary for normal service operations and only when approved by a member of senior management at Microsoft (and, for customers who are licensed for the Customer Lockbox feature, by the customer).

Microsoft has robust policies, controls, and systems built into Office 365 to help keep your information safe. Review the Office 365 security section on the Microsoft Trust Center to learn more.

Office 365 uses service-side technologies that encrypt customer data at rest and in transit. For customer data at rest, Office 365 uses volume-level and file-level encryption. For customer data in transit, Office 365 uses multiple encryption technologies for communications between datacenters and between clients and servers, such as Transport Layer Security (TLS) and Internet Protocol Security (IPsec). Office 365 also includes customer-managed encryption features.

Please review the Where your data is located section in the Microsoft Trust Center to find the details for other Microsoft cloud services.

Multi-Geo enables a single Office 365 tenant to span across multiple Office 365 datacenter geographies (Geos) and gives customers the ability to store their Office 365 core customer data, on a per-user basis, in select Geos.

Multi-Geo is available for Exchange Online and OneDrive. Microsoft is investigating Multi-Geo for other Office 365 services. Updates will be posted at aka.ms/Multi-Geo.

Multi-Geo for Office 365 is available in the following Geos: Asia Pacific, Australia, Canada, India, Japan, Korea, United Kingdom, and United States. See aka.ms/Multi-Geo for details.