Microsoft treats compliance, security and privacy very seriously and where other big cloud providers may attract companies with faster networks or lower prices – there is no simpler way of keeping your environment compliant than going with Azure. The constant efforts of maintaining this level of compliance accessibility needs to be described and documented somewhere, and one place to share with all compliance officers is… Azure Trust Center.
What is Azure Trust Center?
It is a one stop shop for all required information on
- Compliance
- Adherence to local and global standards
- Microsoft’s commitment to privacy and security
- Descriptions of Microsoft’s policies and practices in wide area of security
- Microsoft’s commitment to support and develop security features
Who is the consumer of the Microsoft Trust Center
The Trust Center is a great documentation library for anyone in position of managing privacy, security and compliance. It also is useful during application audits where any application owner can point auditors to one place with every question on Azure platform’s adherence to any kind of regulations or standards.
Azure Trust Center vs Microsoft Defender for Cloud
There might be some confusion that trust center is part of Microsoft Defender for cloud. They are in fact very different and independent. They serve different purposes to different consumers. You can see for yourself – you can access the Trust Center when not logged in. Which means – you do not even need to have a subscription to access it. Check the detailed article on why Azure Trust Center is not part of Microsoft Defender for Cloud.
Azure Trust Center is all about the security and compliance of Azure, where thinking of Azure as a platform for your solutions. Business-wise Microsoft sends an invoice every month as it is offering a service, which your organization consumes. And Trust Center is all about providing the necessary documentation on that very service. Note that you will find there the exact same information as every other customer. The documentation, commitments, and certifications are all based on Azure service, and not on your particular configuration or your particular application.
On the other hand – Microsoft Defender for Cloud is a dashboard created especially for your environment. You will find there recommendations which will help you keep your solutions secure and compliant. It even implements a rating called “Secure score” which rates your environment and your security efforts. Microsoft Defender for Cloud was previously called “Azure Security Center”, and it is a name which still shows in a lot of documentation and blog posts. To learn more check our Microsoft Defender for Cloud recommendations guide.
ISO 27001 Compliance
Almost all important Azure cloud services are compliant to ISO 27001. It is a globally accepted certification and is treated as a gold standard for security practices. This is why Microsoft puts constant effort of maintaining the compliance. Azure solutions are accredited by third party organizations and all the documentation of those audits as well as the scope of reviews are to be found… at the Microsoft trust center.