Edit

Services that will temporarily transfer a subset of Customer Data or pseudonymized personal data out of the EU Data Boundary

  • Article

Some services have components for which work is in progress to be included in the EU Data Boundary, but completion of this work is delayed. As described in this documentation, these service components will be included in the EU Data Boundary in the coming months. The following sections in this documentation explain the Customer Data or pseudonymized personal data that these services currently transfer out of the EU Data Boundary as part of their service operations.

Azure services

Azure Bot Service

Azure Bot Service provides a collection of libraries, tools, and services that let customers build, test, deploy, and manage intelligent bots. The Bot Service control plane uses Azure Resource Manager to route requests, and this means some Customer Data is processed globally, due to Azure Resource Manager's current architectural constraints, as described in Services temporarily excluded from the EU Data Boundary. Bot name, bot icon URL, and any configuration settings for a customer's chosen externally integrated service (for example, application credentials issued by Facebook for the bot to interact with Facebook APIs) may be processed globally but are stored at rest in the EU Data Boundary when the customer's bot is configured with regional settings specifying that it should store and process pseudonymized personal data within a region in the EU Data Boundary.

Azure Communication Services

For Azure Communication Services, when a customer end-user makes a Public Switched Telephone Network (PSTN) call to an emergency number (for example, 112), a temporary number is assigned to that user from a pool of numbers in case a callback is needed. The temporary number and the associated User ID are replicated to the United States and persists for 60 minutes in case a callback is needed.

Azure DevTest Labs

Azure DevTest Labs temporarily transfers some pseudonymized personal data from the EU. Azure DevTest Labs is a service for creating, using, and managing infrastructure-as-a-service (IaaS) virtual machines (VMs) and platform-as-a-service (PaaS) environments in labs. When customers create or modify resources in Azure DevTest Labs, the primary unique ID (PUID) of the lab, considered pseudonymized personal data, is stored in the United States. Work is ongoing to rearchitect portions of Azure DevTest Labs to store the PUID regionally.

Azure Monitor: Application Change Analysis

Application Change Analysis: Except for Application Change Analysis, which has a dependency on Azure Resource Manager, Azure Monitor services can store and process Customer Data and pseudonymized personal data in the EU (as described in Configuring Azure non-regional services for the EU Data Boundary). Application Change Analysis builds on Azure Resource Graph to provide insights into changes across multiple infrastructure and application deployment layers. The dependencies on Resource Graph and Azure Resource Manager require data to be stored and processed globally. Customer Data that will be transferred includes customer-provided resource properties that are stored by Azure Resource Graph, in addition to pseudonymized personal data such as session tokens and primary unique IDs (PUIDs). This data may be stored or processed in any Microsoft datacenter within Azure public regions. All of these data transfers are due to the dependencies on Azure Resource Manager, as described in Services temporarily excluded from the EU Data Boundary.

Azure Monitor: Application Insights

Azure Portal’s usage of Application Insights temporarily transfers some pseudonymized personal data from the EU. Application Insights is an Azure Monitor feature that enables Application Performance Management (APM) for live web applications. It stores and processes all Customer Data in the Geo selected by the customer. Azure Portal telemetry collected by Application Insights using the Application Insights JavaScript SDK includes pseudonymized personal data such as session IDs from Portal users across all regions and this is stored and processed in the United States. This data transfer is temporary and due to the Azure portal's dependency on Azure Resource Manager, as described in Services temporarily excluded from the EU Data Boundary.

Azure Serial Console

Azure Serial Console feature (part of Azure Virtual Machines and Azure Virtual Machine Scale Sets): Serial Console in the Azure portal provides access to a text-based console for Virtual Machines and Virtual Machine Scale sets. It stores all Customer Data at rest in the Geo selected by the customer, but when used through the Azure portal may process console commands and responses outside of the Geo for the sole purpose of providing the Console experience inside the Portal. This data transfer is temporary and due to the Azure portal's dependency on Azure Resource Manager, as described in Services temporarily excluded from the EU Data Boundary.

Cloud Shell

Cloud Shell temporarily transfers some pseudonymized personal data from the EU. Cloud Shell provides an interactive browser-based shell for managing Azure resources. The primary unique ID (PUID), considered pseudonymized personal data, is leveraged for live site investigations and is globally stored. Work is ongoing to rearchitect portions of Cloud Shell to store the PUID regionally. Cloud Shell can store and process Customer Data and all other pseudonymized personal data in the EU Data Boundary, as described in Configuring Azure non-regional services.

Dynamics 365 and Power Platform services

Power Automate

Power Automate temporarily transfers some pseudonymized personal data from the EU. Power Automate enables users to automate tasks and processes using workflows. Enterprise users have two options: solution-aware workflows that they can share, or personal, non-solution workflows. Non-solution workflows are created in per-user resource groups with resource group names containing the user’s object ID being globally replicated in Azure Resource Manager, as described in Services temporarily excluded from the EU Data Boundary. Work is in progress to replace non-solution workflows with solution-aware workflows in the future. Until then, customers can ensure their pseudonymized personal data resides within the EU Data Boundary by requiring solution-aware flows for their environment.

Microsoft Copilot Studio

Microsoft Copilot Studio transfers some pseudonymized personal data out of the EU Data Boundary. As part of service operations, when DevOps personnel run queries that combine system-generated data stored inside and outside the EU Data Boundary, transient egress of pseudonymized personal data may occur during the duration of the query runtime.

Microsoft 365 services

Exchange Online

Exchange Online transfers some pseudonymized personal data out of the EU Data Boundary for service health monitoring. As part of service operations, when DevOps personnel run queries that combine system-generated data stored inside and outside the EU Data Boundary, transient egress of pseudonymized personal data may occur during the duration of the query runtime.

Microsoft Teams

Teams Q&A

Teams Q&A is an experience in Teams powered by Viva Engage (formerly named Yammer) that allows presenters to take questions from meeting attendees and answer them in real time. Data from Teams Q&A will be processed and stored in North America in the following scenarios, until Dec 31, 2024.

  • Pseudonymized personal data about a user’s interactions with the Teams Q&A feature, such as loading the Q&A feed or scrolling through the Q&A feed.
  • Customer Data (for example, messages and reactions) for customers that onboarded to Teams Q&A without a prior Viva Engage network (tenancy), or customers that onboarded to Viva Engage prior to 2019. (Note that Teams Q&A customers that onboarded to Viva Engage after 2019 will have their Customer Data processed and stored in the EU Data Boundary.)
  • When a user from Customer A is invited as a guest to a meeting hosted by Customer B, and that meeting uses Teams Q&A, the UserID of the participants will be stored in North America.

Microsoft 365 tenant administrators can disable Q&A in Microsoft Teams at any time, either by using PowerShell or by configuring Teams Meeting Policies through the Teams admin center. Disabling Q&A will not affect previously-created meetings with Q&A content, which will still be accessible for review and the creation of new questions and replies. However, after disabling Teams Q&A, meeting organizers will not be available to add Q&A in new Teams meetings, webinars, or town hall events.

Windows Update

Windows Update for Business deployment service enables an IT administrator to receive and manage various types of Windows Updates for devices in their organization. When devices enrolled in this service check for Windows updates, the Device ID and the IP address for the device will be processed and stored in the US until April 30, 2024.

Security services

Microsoft Entra ID and Azure Active Directory B2C

Microsoft Entra ID and Azure Active Directory B2C: Microsoft Entra ID is a cloud-based identity and access management service. Microsoft Entra ID helps customers, and their employees, access external resources (such as Microsoft 365, the Azure portal, other SaaS applications) and internal resources (such as on premises applications) from any location on the planet. Microsoft Entra ID operates as a non-regional service. Azure Active Directory B2C (Azure AD B2C) provides business-to-consumer (B2C) identity as a service. It allows businesses to build customer-facing applications and manage customer, consumer, and citizen access to these B2C applications. Like Microsoft Entra ID, Azure AD B2C operates as a non-regional service. This section provides details on service components that cause Customer Data to be processed globally, with work underway to move the data storage and processing in the EU Data Boundary.

  • Global consolidation for service incident investigation: Microsoft Entra ID sign-in logs contain limited Customer Data which is used by on-call engineers for incident investigations to fix customer issues and determine the pervasiveness and severity of a service-impacting event.
  • Email: Self Service password reset contain limited Customer Data which is used by on-call engineers for incident investigations to fix customer issues and determine the pervasiveness and severity of a service-impacting event.
  • Legacy non-EU tenants: A small number of Microsoft Entra tenants were initially created with a country code that is NOT in Europe and later the tenant country code was changed to the one in Europe. The Microsoft Entra directory data location is decided during the tenant creation time and not changed when the country code for the tenant is updated. Starting March 2019 Microsoft has blocked updating the country code on a tenant to avoid such confusion.

Microsoft Entra ID and Azure Active Directory B2C transfer some pseudonymized personal data out of the EU Data Boundary. As part of service operations, when DevOps personnel run queries that combine system-generated data stored inside and outside the EU Data Boundary, transient egress of pseudonymized personal data may occur during the duration of the query runtime.

Microsoft Intune

Microsoft Intune is a cloud-based endpoint management solution. Intune can be used to configure Windows Update for Business, a separate free service available for certain editions of Windows 10 and Windows 11. Intune temporarily transfers some pseudonymized personal data from the EU. When Intune is used to configure Windows Update for Business, Intune passes the configuration details, which includes pseudonymized device identifiers to Windows Update for Business. Work is ongoing to rearchitect Windows Update for Business to store and process the configuration details within the EU Data Boundary.

As part of service operations, when DevOps personnel run queries that combine system-generated data stored inside and outside the EU Data Boundary, transient egress of pseudonymized personal data may also occur during the duration of the query runtime.