Azure AD B2C | Is data store in AD B2C IAM encrypted ? Data at rest ?

Abhay Chandramouli 971 Reputation points

So I am implemeting sign in sign up using custom policies on az ad b2c and wanted to know that the data stored in az ad b2c, user info etc plus sign in logs, audit logs , are they all encrypted for data at rest ?


Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,760 questions
0 comments No comments
{count} votes

Accepted answer
  1. AmanpreetSingh-MSFT 56,506 Reputation points

    Hi anonymous user • Thank you for reaching out.

    Azure AD B2C utilizes Azure AD as the underlying technology to store identity information.

    • Data at rest: Microsoft uses BitLocker to encrypt all Azure AD identity data at rest.
    • Data transmission on the wire, all Azure AD APIs are web-based using SSL through HTTPS to encrypt the data. All Azure AD servers are configured to use TLS 1.2. Inbound connections over TLS 1.1 and 1.0 are allowed to support external clients. Any connection over all the legacy versions of SSL including SSL 3.0 and 2.0 is explicitly denied. Access to information is restricted through token-based authorization and each tenant’s data is only accessible to accounts permitted in that tenant. In addition, our internal APIs have the added requirement to use SSL client/server authentication on trusted certificates and issuance chains.


    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful