Overview and Definitions
To provide clarity to the descriptions below on data residency functionality and behavior, it's necessary to have clear terms and definitions in order to better understand the capabilities that Microsoft provides in this area.
Table 1: Definitions and Terms
|Macro Region Geography
||Macro Region Geography 1 – EMEA, Macro Region Geography – Asia Pacific, Macro Region Geography - Americas
|Macro Region Geography 1 - EMEA
||Data centers in Austria, Finland, France, Ireland, Netherlands, Sweden
|Macro Region Geography 2 - Asia Pacific
||Data centers in Hong Kong, Japan, Malaysia, Singapore, South Korea
|Macro Region Geography 3 - Americas
||Data centers in Brazil, Chile, United States
|Local Region Geography
||Australia, Brazil, Canada, France, Germany, India, Japan, Qatar, South Korea, Norway, South Africa, Sweden, Switzerland, United Arab Emirates, United Kingdom
|Expanded Local Region Geography
||Poland, Italy, Indonesia, Israel, Spain, Mexico, Malaysia, Austria, Chile, New Zealand, Denmark, Greece, Taiwan
||Local Region Geography, Expanded Local Region Geography, or Macro Region Geography
||If a customer subscribes to the Multi Geo service, then they can cause defined user customer data to be stored in other Geographies outside of the Tenant Primary Provisioned Geography
||Azure Active Directory
||A Tenant represents an organization in Azure Active Directory. It's a reserved Azure AD service instance that an organization receives and owns when it signs up for a Microsoft cloud service such as Azure or Microsoft 365. Each Azure AD Tenant is distinct and separate from other Azure AD Tenant's
||When an AAD Tenant is created, a country is provided by the customer during the sign-up process. This country will determine the default Geography for all Microsoft 365 services. In some cases, not all services are able to provision in this single Default Geography. See Microsoft 365 Service provisioning mapping below for a description.
|Microsoft 365 Service provisioning mapping
||All Microsoft 365 Services will use the Default Geography to determine where a given Tenant's specified data will be provisioned and stored.
|Microsoft 365 Service provisioning country mapping
||Please refer to data maps to learn where a given service will provision specified customer data, based on the Tenant Default Geography.
|Primary Provisioned Geography
||A given Microsoft 365 service will use the Tenant Default Geography combined with the Microsoft 365 Service provisioning country mapping to determine which Geography to provision customer data into.
|Microsoft 365 Admin Center Data Location
||To see the Primary Provisioned Geography for Exchange Online, SharePoint Online and Microsoft Teams refer to Office 365 Admin Center in Settings; Org settings; Organization profile; Data location card.
|Microsoft 365 Multi-Geo Capabilities
||Microsoft 365 Multi-Geo Capabilities allows a single Tenant to store customer data-at-rest across multiple geographies rather than be limited to the single Primary Provisioned Geography. Please see the Multi-Geo description for more detail.
|Preferred Data Location (PDL)
||Used for Tenants with a Multi-Geo subscription. A property set by the administrator that indicates where the user or shared resource's s data should be stored at-rest. Please see the Multi-Geo description for more detail.
|Advanced Data Residency (ADR)
||A new Microsoft 365 add-on service that guarantees customer data residency for a defined set of services. See section 3
|Privacy and Security Product Terms
||Privacy and Security Terms for Microsoft 365 services provides some customer data location related commitments. The document can be found here. The extract of the relevant section (on November 1, 2022) is:
Office 365 Services. If Customer provisions its Tenant in Australia, Brazil, Canada, the European Union, France, Germany, India, Japan, Norway, Qatar, South Africa, South Korea, Sweden, Switzerland, the United Kingdom, the United Arab Emirates, or the United States, Microsoft will store the following Customer Data at rest only within that Geo: (1) Exchange Online mailbox content (e-mail body, calendar entries, and the content of e-mail attachments), (2) SharePoint Online site content and the files stored within that site, (3) files uploaded to OneDrive for Business, and (4) Microsoft Teams chat messages (including private messages, channel messages, meeting messages and images used in chats), and for customers using Microsoft Stream (on SharePoint), meeting recordings.
||Often used to refer to a Microsoft 365 service such as but not limited to Exchange Online, SharePoint Online, Microsoft Teams, etc.|
Overview of Data Residency
Microsoft 365 Cloud services run on our data centers around the world and provide services to customers around the world. Customer data may be stored in multiple data centers. Data residency refers to the geographic location where customer data is stored at rest. Data residency is important for government, public sector, education and regulated commercial entities to help ensure protection of personal and/or sensitive information. In many countries, customers are expected to comply with laws, regulations or industry standards that explicitly govern the location of data storage.
Microsoft makes decisions on where to persistently store customer data based on two factors:
- The Default Geography of the Tenant
- Available Geographies for a given service
Default Geography of the AAD Tenant
When a customer creates a new AAD Tenant, the customer will enter a country during the creation process. This country is what defines the Default Geography for the Tenant. There are multiple paths to creating Tenants. They can be created through AAD forms, they can be created when trying out new Microsoft 365 services (trials), etc. Once a Tenant is created, the Default Geography cannot be changed.
Available Geographies for a given service
Microsoft 365 services are not deployed to all Microsoft data centers globally. The larger services, like Exchange Online, SharePoint Online and Microsoft Teams are universally deployed to all Geographies. Other services make decisions on where to deploy their services based on the number of customers, regional affiliations, and software architectures. When a customer first uses a service in this category, the provisioning logic will use the Default Geography and the supported Geographies to determine where to provision a given customer.
Over time, a particular service may deploy their software to additional Geographies, so the provisioning locations for new customers can change over time, and this does not necessarily cause customer data to be moved to a new Geography.
In order to understand where your data, for a given service is stored, your primary tool for understanding this is in the Tenant Admin Center. As a Tenant administrator you can find the actual data location by navigating to Admin->Settings->Org Settings->Organization Profile->Data Location. Currently the data location is available for Exchange Online, SharePoint Online and Microsoft Teams. In addition to this resource, please see the Data Maps page.
Example 1: For a Tenant with the sign-up country as "France" that has a new subscription that includes Exchange Online, SharePoint Online and Microsoft Teams, then the customer data for those services will be provisioned into the French Local Region Geography. Why? Because those services are deployed into the French data centers and the Tenant has a France sign up country.
Example 2: For a Tenant with the sign-up country as "Belgium" that has a new subscription that includes Exchange Online, SharePoint Online and Microsoft Teams, then the customer data for those services will be provisioned into the Macro Region Geography 1 – EMEA. Why? Because there are no Microsoft 365 data centers in Belgium and the closest Geography is Macro Region Geography 1 - EMEA.
Example 3: For a Tenant with the sign-up country as "Japan" that has a new subscription that includes Microsoft Forms, then the customer data for Forms will be provisioned into the Macro Region Geography 3 - Americas. Why? Because Forms is only deployed in Macro Region Geography 3 - Americas and Macro Region Geography 1 – EMEA (EU Tenants only).
Example 4a: For a Tenant with the sign-up country as "Sweden" that has a new subscription that includes Microsoft Yammer, then the customer data for Yammer will be provisioned into the Macro Region Geography 1 - EMEA. Why? Because Yammer is deployed in Macro Region Geography 1 - EMEA and Swedish Tenants are best served out of that Geography.
Example 4b: For a Tenant with the sign-up country as "Sweden" that has a subscription that includes Microsoft Yammer from before Yammer was deployed to Macro Regional Geography 1 - EMEA, then the customer data for Yammer will be located in Macro Region Geography 3 - Americas. Why? Because, at that time, Yammer only had a single deployment for all customers in Macro Region Geography 3 - Americas.
Once a Microsoft 365 service provisions a Tenant into a particular Geography, there are five ways that this data could be moved to another Geography:
- The Microsoft 365 service decides to move the data to a new Geography for service operations reasons, if there are no other policies in place to prevent the move.
- For Local Geographies that have Microsoft data centers, and for Tenants that have the same country, there are options to migrate data from the Regional Geographies into the Local Geographies. This option is typically only available for 6 months after a Local Region Geography has been established.
- If a Tenant subscribes to the Multi-Geo service, then Tenants user's data for Exchange Online, SharePoint Online and Microsoft Teams can be assigned to Satellite Geographies.
- If a Tenant has sign up country as a Local Region Geography or Expanded Local Region Geography and has a subscription to the Advanced Data Residency service add-on, then the Tenant data for the included services will be migrated from the Regional Geography to the relevant Local Region Geography.
- At times Microsoft reopens Migration opt in from Regional Geography to the relevant Local Geographies or Expanded Local Geographies.
Durable commitments on data location
There are three methods for ensuring that the Tenant data location for a particular service does not change.
- Product Terms: Exchange Online, SharePoint Online, OneDrive for Business and Microsoft Teams provisioned in any Local Region Geography, or the European Union or the United States have a commitment for customer data residency expressed in the Product Terms. For more information see the Product Terms Data Residency page.
- Multi Geo subscription: allows customers to assign data location for Exchange Online, SharePoint Online, OneDrive for Business and Microsoft Teams to any supported Geography. For more information see Multi Geo Data Residency.
- Advanced Data Residency subscription guarantees data residency for an expanded set of Microsoft 365 services in any Local Region Geography or Expanded Local Region Geography. For more information see the Advanced Data Residency page.
Table 2: Available Data Residency by Workload
|Service Name||Product Terms||Multi-Geo||ADR|
|SharePoint Online / OneDrive for Business
|Microsoft Defender for Office P1
|Office for the Web
- Only available for Local Region Geography countries, European Union and the United States.
- Available in Local Region Geography, Expanded Local Region Geography and Regional Geography countries/regions
- Only available for Local Region Geography and Expanded Local Region Geography countries.
See the Workload Data Residency Capabilities section for more details on these topics.
Table 3: Available Data Residency by Country
|Country||Exchange Online||SharePoint Online||Teams||MDO P1||Office for the web||Viva Connections||Viva Topics||Purview|
|United Arab Emirates||P-M-A||P-M-A||P-M-A||A||A||A||A||A|
P: Product Terms Data Residency
M: Multi-Geo Data Residency
A: Advanced Data Residency
Country/Region specific Data Center city locations
The following Regional Geographies can store data at rest.
Table 4: Regional Geographies
|Regional Geographies||Locations where customer data may be stored|
|Macro Region Geography 1 - EMEA (Europe, Middle East and Africa)||Austria, Finland, France, Ireland, Netherlands, Sweden|
|Macro Region Geography 2 - Asia Pacific||Hong Kong, Japan, Malaysia, Singapore, South Korea|
|Macro Region Geography 3 - Americas||Brazil, Chile, United States|
Table 5: Current Local Geographies and Region specific Datacenter locations
|Canada||Quebec City, Toronto|
|European Union||Austria (Vienna), Finland (Helsinki), France (Paris, Marseille), Ireland (Dublin), Netherlands (Amsterdam), Sweden (Gävle, Sandviken, Staffanstorp)|
|India||Chennai, Mumbai, Pune|
|South Korea||Busan, Seoul|
|South Africa||Cape Town, Johannesburg|
|Sweden||Gävle, Sandviken, Staffanstorp|
|United Arab Emirates||Dubai, Abu Dhabi|
|United Kingdom||Durham, London, Cardiff|
|United States||Boydton, Cheyenne, Chicago, Des Moines, Quincy, San Antonio, Santa Clara, San Jose|
How does Microsoft define data?
Click to expand
Review our definitions for different types of customer data on the Microsoft Trust Center. In the Privacy & Security Terms, Microsoft makes contractual commitments regarding customer data/your Tenant and user data. We refer to customer data as the customer data that is committed to be stored at rest only within a Tenant's region according to the Privacy & Security Terms.
Where are the exact addresses of the data centers?
Click to expand
Microsoft does not disclose the exact addresses of its data centers. We established this policy to help secure our data center facilities. However, we do list city locations. Please see Table 5 in the Country/Region-specific Data Center City Locations on the Overview and Definitions page to learn more.
Does the location of your customer data have a direct impact on your end users' experience?
Click to expand
The performance of Microsoft 365 is not simply proportional to a Tenant user's distance to data center locations. Microsoft's continued investments in its global cloud network, global cloud infrastructure, and the Microsoft 365 services architecture help provide users with a singular, consistent experience independent of where customer data is stored at rest. If your users are experiencing performance issues, you should troubleshoot those in depth. Microsoft has published guidance for Microsoft 365 customers to plan for and optimize end-user performance on the Office Support web site.
How does Microsoft help me comply with my national, regional, and industry-specific regulations?
Click to expand
To help a Tenant comply with national, regional, and industry-specific requirements governing the collection and use of individuals' data, Microsoft 365 offers the most comprehensive set of compliance offerings of any global cloud productivity provider. Please review our compliance offerings and more details in the Microsoft Purview section on the Microsoft Trust Center. Also, certain Microsoft 365 plans offer further compliance solutions to help a Tenant manage their data, comply with legal and regulatory requirements, and monitor actions taken on their data.
Who can access your data and according to what rules?
Click to expand
Microsoft implements strong measures to help protect a Tenant's customer data from inappropriate access or use by unauthorized persons. This includes restricting access by Microsoft personnel and subcontractors, and carefully defining requirements for responding to government requests for customer data. However, you can access your Tenant's customer data at any time and for any reason. More details are available on the Microsoft Trust Center.
Does Microsoft access your data?
Click to expand
Microsoft automates most Microsoft 365 operations while intentionally limiting its own access to customer data. This helps us manage Microsoft 365 at scale and address the risks of internal threats to customer data. By default, Microsoft engineers have no standing administrative privileges and no standing access to customer data in Microsoft 365. A Microsoft engineer may have limited and logged access to customer data for a limited amount of time, but only when necessary for normal service operations and only when approved by a member of senior management at Microsoft (and, for customers who are licensed for the Customer Lockbox feature, by the customer).
How does Microsoft secure your data?
Click to expand
Microsoft has robust policies, controls, and systems built into Microsoft 365 to help keep your information safe. Review the Microsoft 365 security section on the Microsoft Trust Center to learn more.
Does Microsoft 365 encrypt your data?
Click to expand
Microsoft 365 uses service-side technologies that encrypt customer data at rest and in transit. For customer data at rest, Microsoft 365 uses volume-level and file-level encryption. For customer data in transit, Microsoft 365 uses multiple encryption technologies for communications between data centers and between clients and servers, such as Transport Layer Security (TLS) and Internet Protocol Security (IPsec). Microsoft 365 also includes customer-managed encryption features.
Where can I find data residency information for Microsoft Azure?
Click to expand
Please review the Products available by region page to find data residency information for Microsoft Azure.
Why do I see my Microsoft 365 service requests for my data at rest connecting to servers in countries outside of my region?
Click to expand
On occasion, a customer request may be handled by servers in a different region than the location where a Tenant's customer data is stored at rest. This may happen where network routing decisions choose a different server for the request processing, but in these cases such Tenant's customer data is not moved to a new at rest location.
Send inn og vis tilbakemelding for