Home
Microsoft

What Happens to My Data in Office 365?

With Microsoft, you are the owner of your customer data. We use your customer data only to provide the services we have agreed upon, and for purposes that are compatible with providing those services. We do not share your data with our advertiser-supported services, nor do we mine it for marketing or advertising. And if you leave our services, we take the necessary steps to ensure your continued ownership of your data.

 

When you create content in Microsoft Office 365 or import content into Office 365, what happens to it? The answer is best given as an illustration using a fictitious customer, Woodgrove Bank (WB).

 

WB just purchased Office 365, and they are planning on using Exchange Online, SharePoint Online, and Skype for Business. They will initially configure a hybrid configuration for Exchange Online and will migrate Exchange mailboxes first. Then, they will upload their document libraries to SharePoint Online.

 

WB begins their cloud migration by choosing the appropriate network configuration for their organization. After their network design has been chosen and implemented, they configure a hybrid environment with Office 365. This is the first time that customer data is touched by any Microsoft cloud service (specifically, at this point WB can optionally synchronize their internal Active Directory with Azure Active Directory).

 

WB has decided to migrate the data using the online mailbox move process. The Exchange data migration is started by running the Online Move Mailbox Wizard. The mailbox move process is as follows:

  1. The Exchange Online Mailbox Replication Service (MRS) connects securely to the customer's on-premises Exchange server running client access services.
  2. MRS asynchronously transfers the mailbox data via HTTPS to a client access front-end (CAFÉ) server in Office 365.
  3. The CAFÉ server transfers the data via HTTPS to the Store Driver on a Mailbox server in a database availability group in the appropriate datacenter.

As with all Exchange Online servers, the transferred mailbox data is stored in a mailbox database which is hosted on a BitLocker-encrypted storage volume. Once the contents of a mailbox have been completely copied to a new mailbox in Exchange Online, the original (source) mailbox is soft-deleted, the user's Active Directory security principle is updated to reflect the new mailbox location, and the user is redirected to communicate with Office 365 for all mailbox access. Had WB opted for a PST migration, the data would have also been encrypted prior to ingestion.

 

During the mailbox data transfer and upon completion, an audit trail of the mailbox move is logged on servers in both the source on-premises Exchange organization and on servers in Office 365. MRS will also produce a report of the mailbox move and its statistics.

 

Once WB’s data is stored in a mailbox in Exchange Online, it will be replicated and indexed and sitting at rest in an encrypted state, with access control limited to the designated user and anyone else granted permission by WB’s administrator.

 

Next, WB wants to upload some documents to SharePoint Online. The process starts by creating one or more sites in SharePoint Online to hold the documents. All client communication with SharePoint Online is done via HTTP secured with TLS. When uploading one or more documents to SharePoint Online, the documents are transmitted using standard HTTP PUT with TLS 1.2 encryption used between the client and SharePoint Online server. Once the document has been received by the SharePoint Online server, it is stored in an encrypted state. The document is then replicated to another local server and to remote servers, where it is also stored in an encrypted state.

 

Next, WB wants to upload some documents to OneDrive for Business. The process begins by opening the OneDrive for Business folder on the client and copying the files into the folder. Once the files have been copied, a synchronization process copies the data to the user's cloud-based OneDrive for Business folder.

 

Once the document has been received by the OneDrive for Business server, it is stored in an encrypted state. The documents are then replicated to another local server and to remote servers, where they are also stored in an encrypted state.

 

At this point, WB has on-boarded to Exchange Online and SharePoint Online, and now want to start using Skype for Business for online meetings and other features. Occasionally, meeting participants will upload files to the meeting for sharing. When a file is uploaded to Skype for Business, it is transferred from the client to the Skype for Business server using encrypted communications. Once the document has been uploaded to the Skype for Business server, it is stored in an encrypted state.

 

As part of our ongoing transparency efforts, and to help you fully understand how your data is processed and protected in Office 365, we have published a library of whitepapers that describe various architectural and technological aspects of our service. These whitepapers, along with other content, are aligned to things that we do with customer data.

 

Going back to the example, WB’s data (like all tenant data in our multi-tenant environment) is:

 

Each of the above links will take you to content in our Office 365 risk assurance documentation library that describes things like how we isolate one tenant’s data from another’s, how we encrypt and replicate your data, and how your data is protected against and monitored for unauthorized access. All the documents in our library are living documents that are updated as needed. The aka.ms URL won't change, so you'll always be able to download the latest version using the same URL.

 

We welcome your input and feedback on these documents, and any other topics you would like us to consider publishing. You can reach us directly at cxprad@microsoft.com.

 

-Scott

9 Comments

Ahem, what about the export part :)

Microsoft

@Vasil Michev, what would you like to know?  :-)

Well, for example it relates to the GDPR requirements for data portability.

Trusted Contributor

Please do a companion article describing what happens to a users data when they leave the organization. I know about the timer job for ODfB, but what about ALL of the other services, i.e., Sway, Flow, PowerApps, Teams conversations, PowerBI Dashboards, etc. 

Microsoft

@Dean Gross, if a user leaves an organization that has a tenant in Office 365, it is up to the customer/tenant administrator to determine what to do with the data.  This is not Microsoft's responsibility, nor something you would need to get us involved in.  As the data belongs to the tenant, each tenant can decide for themselves what to do for users who leave the organization.

 

That said, we are working on a document around data retention, deletion and destruction, which will cover topics such as what happens when data is deleted.  The document is in development, and I don't have an ETA for it, but it should be ready sometime this summer.

Regular Visitor

Scott, to me, this is a clear explanation of a complicated topic, so thank you very much. 

 

Now please forgive the old teacher inside me, but you write at the end of the 7th para, "...report of the mailbox move and it statistics." I believe you intended to say "its". Minor typo. 

 

If you make the correction feel free to delete this comment. 

 

Again, thanks for a great article. 

Occasional Visitor

So basically, Woodgrove Bank (the fictitious customer) is the tenant and owns the data in O365.  There is no fine print, from what I can tell, there is no "gotcha", that I have seen, it is just pretty straightforward.

 

Am I over simplifying this, @Scott Schnoll

 

Thanks for the post, I'll be sharing this with my network.

Microsoft

Hi David,

No, you are not oversimplifying it -- that's exactly it.  Each tenant/customer owns their own data.  And this article was written to provide transparency about how our cloud services, in this case Office 365, processes that data.

Thanks for the comment!

-Scott

Would love to see this level of data about where "conversations" are stored and how they are managed -- MS Teams vs Skype for Business vs Yammer vs Office 365 Groups vs Office web apps, etc. I can have a conversation with a peer within a Teams channel about sensitive IP, and store that IP to a SharePoint Online team site via a tab, and then jump over into Yammer, where I might have a similar conversation about that IP. I can access the IP through that same team site through Yammer, but the conversation itself is a different, separate artifact. Are either of these discoverable? Where are they stored? Can I access all of these conversations via the Graph and Delve, or are there any disconnects?