Privacy with Microsoft Defender for Identity

This article describes how Microsoft Defender for Identity collects data in a manner that protects personal privacy.

Note

If you're interested in viewing or deleting personal data, please review Microsoft's guidance in Windows Data Subject Requests for the GDPR. If you're looking for general information about GDPR, see the GDPR section of the Service Trust portal.

What data is collected?

Microsoft Defender for Identity monitors information generated from your organization's Active Directory, network activities, and event activities to detect suspicious activity. The monitored activity information enables Defender for Identity to help you determine the validity of each potential threat and correctly triage and respond.

For more information see: Microsoft Defender for Identity monitored activities.

Data location

Defender for Identity operates in the Microsoft Azure data centers in the following locations:

  • European Union

  • United Kingdom

  • United States

  • Australia

  • Switzerland

  • Singapore

  • India

Customer data collected by the service might be stored as follows:

  • Your workspace is automatically created in data center that's geographically closest to your Microsoft Entra ID. Once created, Defender for Identity workspaces can't be moved to another data center. Your workspace's data center is listed in the Microsoft Defender portal, under Settings > Identity > About > Geolocation.

  • A geographic location as defined by the data storage rules of an online service, if the online service is used by Defender for Identity to process such data.

Data retention

Data from Microsoft Defender for Identity is retained for 180 days, visible across the portal.

Your data is kept and is available to you while the license is under grace period or suspended mode. At the end of this period, that data will be erased from Microsoft's systems to make it unrecoverable, no later than 180 days from contract termination or expiration.

Data sharing

Defender for Identity shares data, including customer data, among any of the following Microsoft products that are also licensed by the customer:

  • Microsoft Defender XDR
  • Microsoft Defender for Cloud Apps
  • Microsoft Defender for Endpoint
  • Microsoft Defender for Cloud
  • Microsoft Sentinel
  • Microsoft Security Exposure Management (public preview)

For more information, see: