Can Microsoft employees see my data in Azure?

privacy azure sql-server azure-sql

I have sensitive data stored in both Azure DB and Azure SQL VM.
An authorised DBA can log on and query the database, but in theory could a random Microsoft employee do the same without asking permission?

I found this online which suggests the answer is 'no', but is it really?

Customer data ownership: Microsoft does not inspect, approve, or monitor applications that customers deploy to Azure. Moreover, Microsoft does not know what kind of data customers choose to store in Azure. Microsoft does not claim data ownership over the customer information that's entered into Azure.

Also found this on a site discussing the negatives of using a SQL Developer Licence:

Microsoft gets access to your data: it is mandatory with any non-commercial installation of SQL Server that all your usage data covering performance, errors, feature use, IP addresses, device identifiers and more, is sent to Microsoft. There are no exceptions. This will likely rule it out for any company that deals with particularly sensitive data.

I'm not proposing using a developer licence on Azure, but which is it - can Microsoft inspect my data or not, either legitimately or a rogue employee?


Legally speaking, they can't read your data or send your data to law enforcement without a correct court order.

Requests for customer data

Government requests for customer data must comply with applicable laws. A subpoena or its local equivalent is required to request non-content data, and a warrant, court order, or its local equivalent, is required for content data.

Per transparency from Microsoft, to see the current state of how many laws subpoena they answered on there.

enter image description here

You have to choose wisely your Azure region for that reason. In example HIPAA enterprise in Canada would have to be hosted in Canada in example for their data.

A rogue Microsoft employee could maybe see your data. The process there is unknown, but that risk is the same from any hoster or rogue employee inside your corporation.


You are putting your data on Somebody Else's Computer, and the data can be accessed in some way. In other words, the answer to your exact question is almost surely: Yes, some Microsoft employees can see your data but make an active choice not to perform the tasks that would let them do so.

A wider question is how large the risk actually is for leaks of such data. My opinion is that the risk is considerably lower that a Microsoft employee would attempt to access your data (and leak it) than that a configuration or software error made by you as a tenant would make such data available to third-parties. The latter is what we usually see when it comes to data leaks that make it to the news.


I state this from experience because I used to work there.

Internally Microsoft is very strict about protecting the data of users and customers, and unlike some other big well-known WEB outfits, Microsoft explicitly does NOT scan the contents of user's private files (eg your Hotmail.com Email, your VM's data files) to be used for marketing or advertising.

Any employee who breaks internal rules to access user data would be shown the door PDQ, and would likely face legal consequences. And only a restricted cadre even have the technical ability/access to do that.

Note that "meta data" falls under different rules, which Microsoft is upfront about, but is strict about who might actually see even that. Usually it gets anonymized en-mass and sorted into some internal company database so the operations folks can keep the systems running. Those folks care only about the overall statistics, not the actual user data (which they can't normally see).

The SQL developers license data you mention is meta-data (eg "usage data") not the customer's SQL data.

In short, no human is going to read your files sitting on a Microsoft server unless there is a court order or some dire system repair problem requiring inspection of a specific file (extremely unlikely). And in either case it will be a limited number of eyeballs, and only after internal approvals are granted.

True story: in the very old days (1980s) two of the technicians would periodically take bunches of old hard drives out to the parking lot and drive a railroad spike through each with a sledge hammer. Very therapeutic. How's that for deleting files?


Can they? Yes, the data is on their servers, which they control.

Will they? Probably not, except if they have a reason (usually legal and you have nice answer about that - also keep in mind that there are legal cases they cannot disclose). The probability depends on how your data is interesting or problematic.

Is what they get usable? That part depends on you: if you send them cleartext data then yes, if you encrypt it before sending then no

Related

bzip2 too slow. Multiple cores are avaible
How to delete all but last [n] ZFS snapshots?
How can I block hacking attempts targeting phpMyAdmin?
How to bring .vimrc around when I SSH?
I changed my TTL from 24 hours to 5 minutes. Do I need to wait 24 hours before changing the records?
What's the biggest time saver you've implemented? [closed]
Windows 2008 ignores Gratuitous ARP requests
How to allow a user to use journalctl to see user-specific systemd service logs?
Why does FTP passive mode require a port range as opposed to only one port?
IIS7 What unit does time-taken have in a w3c-log?
Postfix: "Connection timed out" on all outbound email [closed]
Use a specific forwarded key from SSH-agent?