How your submissions to Defender for Office 365 are processed behind-the-scenes

PeterForster  While the majority of Microsoft's enterprise online services in the Azure, Dynamics 365, Power Platform, and Microsoft 365 service families are in-scope for the EU Data Boundary, subject to the continuing flows of Customer Data and pseudonymized personal data related to operation and use of the services detailed in other EU Data Boundary articles or sections in this documentation, some services in these families aren't in scope for the EU Data Boundary, typically where the nature of the service and the customer value it provides can't be delivered by implementing a regionalized architecture. Microsoft defender for office is one of these services that cannot be implemented in a regional architecture. To learn more, check this out. As this space keeps evolving, Microsoft is committed to providing the best possible experience to the customer while honoring the latest privacy and compliance regulations.

I will also take this moment to call out that there is a general perception that EUDB is required to meet GDPR requirements, but that is not the case. The GDPR permits transfers from the EU to US as long as certain legal mechanisms are in place and Microsoft has implemented all these legal mechanisms. Still if due to your privacy preferences, you feel that the data should be stored in your region, please let us know and we will try our best to accommodate it