Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Privacy, security, and compliance are essential aspects of your organization. Microsoft Planner takes advantage of Microsoft 365 tools and services, which are governed under the Microsoft Product Terms and the Data Protection Agreement (DPA). For more information, see the Microsoft Trust Center.
The following provides a more detailed look at security, compliance, and privacy for Planner:
Security
Planner is built as a part of Microsoft 365 and supports your security via features you might be familiar with from other workloads. Users authenticate via Microsoft Entra ID, and you can use many of the controls provided by Entra to manage things like token lifetime.
Within Planner, each Plan is inside a container, and access to the plan is defined by the container. For example, if the Plan is inside a Modern Group, then the members of the Group can see the contents of the Plan.
Plans can be inside other types of containers, like a Meeting or a Channel, and will use the membership defined by those containers.
Generally, the members of a container can create, update, and delete the tasks in the plan. (It's possible to further restrict this via customizations through the Business Scenarios API.)
The data of a basic plan, such as the titles and descriptions of tasks, are stored in Azure, encrypted at rest and in transit. (Customer Managed Keys aren't supported currently.) Secondary copies of the data are stored in data management services for purposes like integration with Purview. File attachments are stored in SharePoint and Conversations are stored in Exchange. (Some features, like attachments and conversations, are only available on certain container types.)
The data of premium plans are stored in Dataverse. Access to the data in Dataverse, for purposes like reporting, is managed via standard Dataverse controls. Tasks in premium plans are also mirrored into the same Azure storage as basic plans. Today this is done only for assigned tasks but might include other tasks in the future.
There are no special administrative roles for Planner. To take administrative action on a plan, use controls in Microsoft Entra to join the container (such as by adding yourself to a group).
Privacy
Microsoft is transparent about the specific policies, operational practices, and technologies that help you ensure the privacy of your data across Microsoft Planner.
- You control your data.
- We're transparent about where data is located and how it's used.
- We secure data at rest and in transit.
- We defend your data.
To learn about our privacy practices, see Privacy at Microsoft. You can also learn about exporting data for your users.
Compliance
Microsoft offers a comprehensive set of compliance offerings to help your organization comply with national, regional, and industry-specific requirements governing the collection and use and data. Planner is also covered under the Microsoft Product Terms and Data Protection Agreement (DPA).
For more information, see the Microsoft Trust Center.
Planner's latest audit reports can be found at the Service Trust Portal.
Data residency
Planner's data residency is described at Data Residency for Other Microsoft 365 Services - Microsoft 365 Enterprise | Microsoft Learn. This includes limited residency support for select regions (sometimes called "GoLocals"). View the page to find out whether a given region is supported.
Planner doesn't participate in Advanced Data Residency.
Microsoft Purview
Microsoft Purview is a family of data governance, risk, and compliance solutions that can help your organization govern, protect, and manage your entire data estate.
Purview eDiscovery and history are supported for basic plans contained by groups. Premium plans and non-group plans aren't currently supported.
Purview's integrated audit logs are supported across plan types and containers.
Retention policy isn't currently supported.
Purview integration depends on an appropriate license for Purview (like the E5 license).