The Microsoft Service Trust Portal (STP) provides a variety of content, tools, and other resources about Microsoft security, privacy and compliance practices. It also includes independent third-party audit reports of Microsoft's online services, and information about how our online services can help your organization maintain and track compliance with standards, laws, and regulations, such as:
International Organization for Standardization (ISO)
Service Organization Controls (SOC)
National Institute of Standards and Technology (NIST)
Federal Risk and Authorization Management Program (FedRAMP)
General Data Protection Regulation (GDPR)
Accessing the Service Trust Portal
The STP contains details about Microsoft's implementation of controls and processes that protect our cloud services and the customer data therein. To access some STP materials, you must log in as an authenticated user with your Microsoft cloud services account (either an Azure Active Directory organization account or a Microsoft Account) and review and accept the Microsoft Non-Disclosure Agreement for Compliance Materials.
Existing customers can access the STP at https://aka.ms/STP with one of the following online subscriptions (trial or paid):
Note: Azure Active Directory accounts associated with organizations have access to the full range of documents and features like Compliance Manager. Microsoft accounts created for personal use have limited access to Service Trust Portal content.
New customers and customers evaluating Microsoft online services
To create a new account or to create a trial account, use one of the following sign-up forms (also used for trial accounts) to get access to the STP.
Sign up for a new Dynamics 365 trial account
Sign up for a new Azure trial account.
When you sign up for either a free trial, or a subscription, you must enable Azure Active Directory to support your access to the STP.
Navigating the Service Trust Portal
STP features and content are accessible from the main menu, shown below:
Service Trust Portal
The Service Trust Portal link takes you to the STP home page, which includes a What's New section for the STP and Compliance Manager that provides details on the latest updates.
Use Compliance Manager to help meet data protection and regulatory requirements when using Microsoft Cloud Services.
The Service Trust Portal gives you access to wealth of security implementation and design information with the goal of making it easier for you to meet regulatory compliance objectives by understanding how Microsoft cloud services keep your data secure. To review content, select an option from the menu:
Audit Reports provides independent audit and assessment reports on Microsoft cloud services compliance with data protection standards and regulatory requirements, including:
Data Protection provides Trust Documents for download, information about how Microsoft operates Azure, Dynamics 365, and Office 365.
Azure Security and Compliance Blueprints offers turn-key security and compliance solutions and support, tailored to the needs of industry verticals, that accelerate cloud adoption and utilization for customers with regulated or restricted data.
This section provides regionally specific compliance information, often in the form of Legal Opinions that render Microsoft Cloud Services
Czech Republic provides legal opinions on Microsoft online service compliance with Czech Republic law.
Poland provides legal opinions on Microsoft online service compliance with the laws of Poland.
Romania provides legal opinions on Microsoft online service compliance with the laws of Romania.
Spain provides legal opinions on Microsoft online service compliance with the laws of Spain.
This site provides information about the capabilities in Microsoft services that you can use to address specific requirements of the GDPR, documentation helpful to your GDPR accountability and to your understanding of the technical and organizational measures Microsoft has taken to support the GDPR.
GDPR: Get Started Homepage for Service Trust Portal GDPR-related content, with links to relevant content and tools available.
Data Subject Requests How Microsoft enables you to respond to Data Subject Requests, with links to relevant documentation and tools.
Data Breach Information on how Microsoft detects and responds to a breach of personal data and notifies the controllers under GDPR, with links to relevant documentation and tools.
DPIA Information about how Microsoft helps organizations meet their own Data Protection Impact Assessment obligations.
Frequently Asked Questions provides answers to common and important questions about the STP and Compliance Manager.
Office 365 Security and Compliance Center offers comprehensive resources for learning about security and compliance in Office 365, including documentation, articles, and recommended best practices.
Administrative functions that are only available to the tenant administrator account, and will only be visible when logged in as a global administrator.
Settings enables you to provision Compliance Manager roles-based access to user. For information about this, see Assigning Compliance Manager Roles to Users
Click the magnifying glass in the upper right-hand corner of the page by to expand the Search input field, enter your search terms and press Enter. The Search control will appear, with the search term in the search pane input field, and search results will appear beneath.
By default, Search returns Document results, and you can use the Filter By dropdown lists to refine the list of documents displayed, to add or remove search results from view. You can use multiple filter attributes at the same time to narrow the returned documents to specific cloud services, categories of compliance or security practices, regions of the world, or industries. Click the document name link to download the document.
Click on the Compliance Manager link to display Search results for Compliance Manager assessment controls. The listed search results show the date the assessment was created, the name of the assessment grouping, the applicable cloud service, and whether the controls is Microsoft or Customer Managed.
Note: Service Trust Portal reports and documents are available to download for at least twelve months after publishing or until a new version of document becomes available.
Service Trust Portal enables you to view the page content in different languages. To change the page language, simply click on the globe icon in the lower left corner of the page and select the language of your choice.
We can help with questions about the Service Trust Portal, or errors you experience when you use the portal. You can also contact us with questions and feedback about Service Trust Portal compliance reports and trust resources by using the Feedback link on the bottom of the STP pages.
Your feedback is very important to us. Click on the Feedback button at the bottom of the page to send us comments about what you did or did not like, or suggestions you may have for improving our products or product features.