Microsoft Secure Score data storage and privacy

This section covers frequently asked questions regarding privacy and data handling for Secure Score.

Data storage location

Secure score operates in the Microsoft Azure datacenters in the European Union, the United Kingdom, or in the United States. Customer data collected by the service may be stored in: (a) the geo-location of the tenant as identified during provisioning or, (b) if Secure Score uses another Microsoft online service to process such data, the geolocation as defined by the data storage rules of that other online service.

Customer data in pseudonymized form may also be stored in the central storage and processing systems in the United States.

Once configured, you can't change the location where your data is stored. This provides a convenient way to minimize compliance risk by actively selecting the geographic locations where your data will reside.

How long will Microsoft store my data? What is Microsoft's data retention policy?

At service onboarding

By default, data is retained for 90 days based on your active licenses.

At contract termination or expiration

Your data is kept and is available to you while the license is under grace period or suspended mode. At the end of this period, data that is associated to expired or terminated license is erased from Microsoft's systems to make it unrecoverable, no later than 90 days from the associated contract termination or expiration.


Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft 365 Defender Tech Community.