title
AZ-900 Episode 34 | Core tenets of Security, Privacy, Compliance (Trust Center, DPA, OST, and more.)

description
It's easy to get lost when learning about the topics of security, privacy and compliance. With this episode I present those topics using my personal touch. Hope you will like it! Skills Learned - Describe the purpose of the Microsoft Privacy Statement, Online Services Terms (OST) and Data Protection Amendment (DPA) - Describe the purpose of the Trust Center - Describe the purpose of the Azure compliance documentation - Describe the purpose of Azure Sovereign Regions (Azure Government cloud services and Azure China cloud services) 🌐 Site: https://marczak.io/az-900/#ep34 Episode Resources - 📚 Study cheat sheet https://marczak.io/az-900/episode-34/cheat-sheet - 🧠 Practice Test https://marczak.io/az-900/episode-34/practice-test # Study Guide - Microsoft Learn: Examine privacy, compliance, and data protection standards on Azure https://docs.microsoft.com/en-us/learn/modules/examine-privacy-compliance-data-protection-standards/1-introduction?WT.mc_id=AZ-MVP-5003556 - Microsoft Learn: Explore compliance terms and requirements https://docs.microsoft.com/en-us/learn/modules/examine-privacy-compliance-data-protection-standards/2-explore-compliance-terms-requirements?WT.mc_id=AZ-MVP-5003556 - Microsoft Learn: Access the Microsoft Privacy Statement, the Online Services Terms, and the Data Protection Addendum https://docs.microsoft.com/en-us/learn/modules/examine-privacy-compliance-data-protection-standards/3-access-microsoft-privacy-statement?WT.mc_id=AZ-MVP-5003556 - Microsoft Learn: Access Azure compliance documentation https://docs.microsoft.com/en-us/learn/modules/examine-privacy-compliance-data-protection-standards/5-access-azure-compliance-documentation?WT.mc_id=AZ-MVP-5003556 - Microsoft Learn: What is Azure Government? https://docs.microsoft.com/en-us/learn/modules/examine-privacy-compliance-data-protection-standards/6-what-is-azure-government?WT.mc_id=AZ-MVP-5003556 - Microsoft Learn: What is Azure China 21Vianet? https://docs.microsoft.com/en-us/learn/modules/examine-privacy-compliance-data-protection-standards/7-what-is-azure-china-21vianet?WT.mc_id=AZ-MVP-5003556 # Expand your knowledge - extra resources - Microsoft Privacy Statement https://privacy.microsoft.com/en-us/privacystatement?WT.mc_id=AZ-MVP-5003556 - Online Services Terms (OST) https://www.microsoft.com/en-us/licensing/product-licensing?WT.mc_id=AZ-MVP-5003556 - Data Protection Amendment (DPA) https://docs.microsoft.com/en-us/legal/gdpr?WT.mc_id=AZ-MVP-5003556 - Trust Center https://www.microsoft.com/en-us/trust-center?WT.mc_id=AZ-MVP-5003556 - Azure Government https://azure.microsoft.com/en-us/global-infrastructure/government/get-started?WT.mc_id=AZ-MVP-5003556 Agenda 00:00 Episode Introduction 00:46 Microsoft Privacy Statement 02:30 Online Services Terms (OST) 03:30 Data Protection Addendum (DPA) 04:13 Trust Center 07:50 Azure Compliance Documentation 09:17 Azure Sovereign Regions 12:30 Summary ### Want to connect? - Blog https://marczak.io/ - Twitter https://twitter.com/MarczakIO - Facebook https://www.facebook.com/MarczakIO - LinkedIn https://www.linkedin.com/in/adam-marczak/ - Site https://azure4everyone.com

detail
{'title': 'AZ-900 Episode 34 | Core tenets of Security, Privacy, Compliance (Trust Center, DPA, OST, and more.)', 'heatmap': [{'end': 119.897, 'start': 83.988, 'weight': 0.767}, {'end': 159.738, 'start': 140.611, 'weight': 0.845}, {'end': 228.504, 'start': 204.12, 'weight': 0.942}], 'summary': 'Delves into core tenets of security, privacy, and compliance in microsoft online services, covering azure sovereign regions, data protection addendum, gdpr compliance, azure government for us government, and azure china for the chinese market.', 'chapters': [{'end': 338.77, 'segs': [{'end': 74.079, 'src': 'embed', 'start': 42.242, 'weight': 5, 'content': [{'end': 45.887, 'text': 'with two main ones called Azure Government and Azure China.', 'start': 42.242, 'duration': 3.645}, {'end': 49.951, 'text': "But before we go there, let's start with Microsoft Privacy Statement.", 'start': 46.487, 'duration': 3.464}, {'end': 58.863, 'text': 'I must say that when I learn about the documents and privacies and policies and different things like that that are not very technical,', 'start': 50.572, 'duration': 8.291}, {'end': 60.244, 'text': "it's very easy to get lost.", 'start': 58.863, 'duration': 1.381}, {'end': 66.472, 'text': "Because of that, I will try to put every single document and website that we'll learn about today into three main categories.", 'start': 60.845, 'duration': 5.627}, {'end': 74.079, 'text': 'I will explain what kind of information do they provide, for which services, and for what kind of audience were they designed for.', 'start': 67.153, 'duration': 6.926}], 'summary': 'Introduction to microsoft privacy statement and categorization of documents into three main categories.', 'duration': 31.837, 'max_score': 42.242, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/zBzsDYZw98M/pics/zBzsDYZw98M42242.jpg'}, {'end': 119.897, 'src': 'heatmap', 'start': 83.988, 'weight': 0.767, 'content': [{'end': 87.211, 'text': "And with Microsoft Privacy Statement, let's start with the info.", 'start': 83.988, 'duration': 3.223}, {'end': 90.394, 'text': 'So what kind of information you can find in that document?', 'start': 87.872, 'duration': 2.522}, {'end': 97.096, 'text': 'This document talks about the personal data, the collection of that data, the purpose of that collection,', 'start': 91.232, 'duration': 5.864}, {'end': 99.518, 'text': 'but also the usage across different services.', 'start': 97.096, 'duration': 2.422}, {'end': 103.961, 'text': 'And it describes this information in the context of following Microsoft offerings.', 'start': 99.898, 'duration': 4.063}, {'end': 110.967, 'text': 'All of the services, applications, websites, software, servers, or even devices.', 'start': 104.742, 'duration': 6.225}, {'end': 119.897, 'text': 'So, if you have anything from Microsoft that you can pretty much imagine, like Windows, maybe you use Azure, maybe you have a Surface phone,', 'start': 111.892, 'duration': 8.005}], 'summary': 'Microsoft privacy statement covers personal data collection and usage across various microsoft offerings.', 'duration': 35.909, 'max_score': 83.988, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/zBzsDYZw98M/pics/zBzsDYZw98M83988.jpg'}, {'end': 167.42, 'src': 'heatmap', 'start': 140.611, 'weight': 1, 'content': [{'end': 144.854, 'text': "So it doesn't matter if you are an enterprise customer or a private person.", 'start': 140.611, 'duration': 4.243}, {'end': 149.878, 'text': 'you can use Microsoft Privacy Statement to learn more about the usage of your personal data.', 'start': 144.854, 'duration': 5.024}, {'end': 154.081, 'text': 'And the next document that we will cover is called Online Services Terms.', 'start': 150.578, 'duration': 3.503}, {'end': 156.537, 'text': "So let's follow the same rule here.", 'start': 154.997, 'duration': 1.54}, {'end': 159.738, 'text': 'This document provides us with following information.', 'start': 157.238, 'duration': 2.5}, {'end': 163.779, 'text': 'It describes the legal agreement, so-called licensing terms.', 'start': 160.338, 'duration': 3.441}, {'end': 167.42, 'text': 'Previously, this was also called usage rights.', 'start': 164.359, 'duration': 3.061}], 'summary': 'Microsoft privacy statement and online services terms provide information about personal data usage and legal agreements.', 'duration': 41.378, 'max_score': 140.611, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/zBzsDYZw98M/pics/zBzsDYZw98M140611.jpg'}, {'end': 238.573, 'src': 'heatmap', 'start': 204.12, 'weight': 3, 'content': [{'end': 210.024, 'text': 'They can review and see if the applications and the services that you provide follow those legal agreements.', 'start': 204.12, 'duration': 5.904}, {'end': 213.868, 'text': 'Our next document is called Data Protection Addendum.', 'start': 210.865, 'duration': 3.003}, {'end': 219.835, 'text': 'This document covers the information about the obligations between your company and Microsoft.', 'start': 214.589, 'duration': 5.246}, {'end': 228.504, 'text': 'And those obligations are specifically mentioned around the processing and security of your personal but also your customer data.', 'start': 220.536, 'duration': 7.968}, {'end': 233.305, 'text': 'And because this document is an appendix to online services terms,', 'start': 229.52, 'duration': 3.785}, {'end': 238.573, 'text': 'it talks about those obligations in the context of the online services that you purchase from Microsoft.', 'start': 233.305, 'duration': 5.268}], 'summary': 'Data protection addendum covers obligations for processing and securing personal and customer data in context of online services from microsoft.', 'duration': 34.453, 'max_score': 204.12, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/zBzsDYZw98M/pics/zBzsDYZw98M204120.jpg'}, {'end': 282.147, 'src': 'embed', 'start': 254.01, 'weight': 0, 'content': [{'end': 257.974, 'text': 'But besides the documents themselves, you also have something called Trust Center.', 'start': 254.01, 'duration': 3.964}, {'end': 262.237, 'text': "In this case, Trust Center, first of all, it's a website.", 'start': 258.754, 'duration': 3.483}, {'end': 271.962, 'text': "So it's this so-called one-stop shop a single place for your company to review all of the information regarding security, compliance,", 'start': 262.938, 'duration': 9.024}, {'end': 276.324, 'text': 'privacy policies and best practices around Microsoft services.', 'start': 271.962, 'duration': 4.362}, {'end': 282.147, 'text': 'And this provides you the information, again, for all of online services of Microsoft.', 'start': 276.984, 'duration': 5.163}], 'summary': 'The trust center is a one-stop website for security, compliance, and privacy info on microsoft services.', 'duration': 28.137, 'max_score': 254.01, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/zBzsDYZw98M/pics/zBzsDYZw98M254010.jpg'}, {'end': 322.444, 'src': 'embed', 'start': 297.756, 'weight': 4, 'content': [{'end': 304.36, 'text': 'checklists and plenty of online resources that you can check to learn about each specific topic.', 'start': 297.756, 'duration': 6.604}, {'end': 313.461, 'text': "Because of the nature and the structure of the website, it's really designed for anyone in your organization who really cares about either security,", 'start': 305.319, 'duration': 8.142}, {'end': 314.722, 'text': 'compliance or privacy.', 'start': 313.461, 'duration': 1.261}, {'end': 320.103, 'text': 'People like business managers, administrators, security teams and legal teams.', 'start': 315.202, 'duration': 4.901}, {'end': 322.444, 'text': 'I will now navigate to the Trust Center.', 'start': 320.624, 'duration': 1.82}], 'summary': 'Website designed for security, compliance, and privacy; caters to business managers, administrators, security and legal teams.', 'duration': 24.688, 'max_score': 297.756, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/zBzsDYZw98M/pics/zBzsDYZw98M297756.jpg'}], 'start': 0.169, 'title': 'Microsoft privacy and data protection', 'summary': 'Covers core tenets of security, privacy, and compliance in microsoft online services, including azure sovereign regions and data protection addendum. it aims to enable understanding of microsoft privacy statement, online services terms, and trust center policies.', 'chapters': [{'end': 210.024, 'start': 0.169, 'title': 'Learn about microsoft privacy and online services', 'summary': 'Introduces the core tenets of security, privacy, and compliance, providing an overview of microsoft privacy statement and online services terms, explaining the purpose, audience, and the type of information provided, covering azure sovereign regions and their main categories, aiming to enable the audience to understand and distinguish between these documents and websites.', 'duration': 209.855, 'highlights': ['The Microsoft Privacy Statement describes the collection, purpose, and usage of personal data in the context of various Microsoft offerings, designed for everyone, providing insights into the usage of personal data across different services and devices. Describes personal data collection, purpose, and usage; applicable to various Microsoft offerings; designed for everyone.', 'The Online Services Terms explains the legal agreement and licensing terms related to online services of Microsoft, designed for organizational legal teams to review and ensure compliance with the legal agreements. Describes legal agreement and licensing terms; applicable to online services of Microsoft; designed for organizational legal teams.', 'Introduces Azure sovereign regions, including Azure Government and Azure China, designed for specific geographic areas with unique compliance and regulatory requirements. Introduces Azure sovereign regions; includes Azure Government and Azure China; designed for specific geographic areas.']}, {'end': 338.77, 'start': 210.865, 'title': 'Data protection & trust center', 'summary': 'Discusses the data protection addendum, covering obligations between companies and microsoft regarding processing and security of personal and customer data, along with the trust center, a website providing comprehensive information on security, compliance, and privacy policies for microsoft services.', 'duration': 127.905, 'highlights': ['The Data Protection Addendum covers obligations between companies and Microsoft regarding processing and security of personal and customer data. The document specifically mentions obligations around the processing and security of personal and customer data, serving as an appendix to online services terms.', 'The Trust Center is a comprehensive website providing information on security, compliance, and privacy policies for Microsoft services. The Trust Center serves as a one-stop shop for companies to review all information regarding security, compliance, privacy policies, and best practices around Microsoft services, offering helpful links, tools, checklists, and online resources.', 'The Trust Center is designed for anyone in an organization who cares about security, compliance, or privacy, such as business managers, administrators, security teams, and legal teams. The website is structured to cater to individuals in an organization who are concerned about security, compliance, or privacy, providing information at varying levels and resources suitable for different roles within the organization.']}], 'duration': 338.601, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/zBzsDYZw98M/pics/zBzsDYZw98M169.jpg', 'highlights': ['The Trust Center serves as a one-stop shop for companies to review all information regarding security, compliance, privacy policies, and best practices around Microsoft services, offering helpful links, tools, checklists, and online resources.', 'The Microsoft Privacy Statement describes the collection, purpose, and usage of personal data in the context of various Microsoft offerings, designed for everyone, providing insights into the usage of personal data across different services and devices.', 'The Online Services Terms explains the legal agreement and licensing terms related to online services of Microsoft, designed for organizational legal teams to review and ensure compliance with the legal agreements.', 'The Data Protection Addendum covers obligations between companies and Microsoft regarding processing and security of personal and customer data, serving as an appendix to online services terms.', 'The Trust Center is designed for anyone in an organization who cares about security, compliance, or privacy, such as business managers, administrators, security teams, and legal teams.', 'Introduces Azure sovereign regions, including Azure Government and Azure China, designed for specific geographic areas with unique compliance and regulatory requirements.']}, {'end': 931.105, 'segs': [{'end': 501.357, 'src': 'embed', 'start': 471.49, 'weight': 2, 'content': [{'end': 476.273, 'text': 'And besides Trust Center, we have another portal called Azure Compliance Documentation.', 'start': 471.49, 'duration': 4.783}, {'end': 481.417, 'text': 'This portal provides us with information regarding compliance, as the name suggests,', 'start': 476.894, 'duration': 4.523}, {'end': 489.609, 'text': "having the same categories that we've just seen in a trust center, splitting those compliance offerings into multiple categories,", 'start': 482.284, 'duration': 7.325}, {'end': 496.514, 'text': "as we've just seen in a trust center like national, U.S., government, industry-specific or regional, and many more.", 'start': 489.609, 'duration': 6.905}, {'end': 501.357, 'text': "So you might think, how is that different from the trust center that we've just talked about?", 'start': 496.534, 'duration': 4.823}], 'summary': 'Azure compliance documentation offers compliance info in various categories like national, u.s. government, and industry-specific.', 'duration': 29.867, 'max_score': 471.49, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/zBzsDYZw98M/pics/zBzsDYZw98M471490.jpg'}, {'end': 885.281, 'src': 'embed', 'start': 862.727, 'weight': 1, 'content': [{'end': 870.789, 'text': 'Besides this, we have a Trust Center, which is this one-stop shop, a single place for the organization to review security, privacy,', 'start': 862.727, 'duration': 8.062}, {'end': 875.31, 'text': 'compliance and some extra additional topics when it comes to online services.', 'start': 870.789, 'duration': 4.521}, {'end': 879.814, 'text': "If you don't know where to begin your journey, this would be the great place to start.", 'start': 876.03, 'duration': 3.784}, {'end': 885.281, 'text': "And if you're built solution specifically for Azure and you want to be sure that you will stay compliant,", 'start': 880.315, 'duration': 4.966}], 'summary': 'Trust center is a one-stop shop for security, privacy, and compliance for azure services.', 'duration': 22.554, 'max_score': 862.727, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/zBzsDYZw98M/pics/zBzsDYZw98M862727.jpg'}, {'end': 915.274, 'src': 'embed', 'start': 892.627, 'weight': 0, 'content': [{'end': 902.59, 'text': "we've talked about Azure sovereign regions as specific regions of Azure that were designed to meet very strict requirements of specific markets across the globe.", 'start': 892.627, 'duration': 9.963}, {'end': 910.752, 'text': "And we've covered two sovereign regions Azure Government, which is really designed for the US government, but also Azure China,", 'start': 903.03, 'duration': 7.722}, {'end': 912.452, 'text': 'which was designed for the Chinese market.', 'start': 910.752, 'duration': 1.7}, {'end': 915.274, 'text': 'if you want to find out more about those documents.', 'start': 913.052, 'duration': 2.222}], 'summary': 'Azure has specific sovereign regions for us government and chinese market.', 'duration': 22.647, 'max_score': 892.627, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/zBzsDYZw98M/pics/zBzsDYZw98M892627.jpg'}], 'start': 338.77, 'title': 'Gdpr compliance and azure sovereign regions', 'summary': "Discusses gdpr compliance for an application hosted in the european union, detailing the process of ensuring compliance through microsoft's offerings, documentation, and azure sovereign regions, including azure government for us government and azure china for the chinese market.", 'chapters': [{'end': 931.105, 'start': 338.77, 'title': 'Gdpr compliance and azure sovereign regions', 'summary': "Discusses gdpr compliance for an application hosted in the european union, detailing the process of ensuring compliance through microsoft's compliance offerings, documentation, and azure sovereign regions, including azure government for us government and azure china for the chinese market.", 'duration': 592.335, 'highlights': ["The chapter provides an overview of GDPR compliance, detailing the importance of understanding the General Data Protection Regulation and accessing documentation for key terminology and compliance requirements, enabling businesses to stay compliant with GDPR (e.g., Microsoft's Trust Center and Azure Compliance Documentation Portal).", "Microsoft's Trust Center serves as a one-stop shop for organizations to review security, privacy, compliance, and additional topics related to online services, offering a comprehensive resource for businesses to begin their compliance journey for Microsoft products (e.g., Microsoft 365, Azure).", 'The Azure Compliance Documentation Portal offers a centralized resource for businesses building solutions specifically for Azure, providing detailed information to ensure compliance with Azure services and platforms, targeting business managers, administrators, security teams, and legal teams.', 'Azure sovereign regions, such as Azure Government and Azure China, are specifically designed to meet the high security and compliance requirements of specific markets, with dedicated instances, separate lifecycles, and physical isolation to adhere to strict regulations for the US government and the Chinese market.', 'The chapter emphasizes the significance of Azure sovereign regions in meeting strict compliance and security requirements for specific markets, such as the US government and the Chinese market, highlighting the unique features of Azure Government and Azure China, including separate instances, lifecycles, and physical isolation.']}], 'duration': 592.335, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/zBzsDYZw98M/pics/zBzsDYZw98M338770.jpg', 'highlights': ['Azure sovereign regions, like Azure Government and Azure China, are designed to meet high security and compliance requirements for specific markets, with dedicated instances, separate lifecycles, and physical isolation.', "Microsoft's Trust Center serves as a comprehensive resource for organizations to review security, privacy, compliance, and additional topics related to online services, offering a one-stop shop for compliance journey for Microsoft products.", 'The Azure Compliance Documentation Portal provides detailed information to ensure compliance with Azure services and platforms, targeting business managers, administrators, security teams, and legal teams.', 'The chapter emphasizes the significance of Azure sovereign regions in meeting strict compliance and security requirements for specific markets, such as the US government and the Chinese market.']}], 'highlights': ['The Trust Center serves as a one-stop shop for companies to review all information regarding security, compliance, privacy policies, and best practices around Microsoft services, offering helpful links, tools, checklists, and online resources.', 'Azure sovereign regions, like Azure Government and Azure China, are designed to meet high security and compliance requirements for specific markets, with dedicated instances, separate lifecycles, and physical isolation.', 'The Microsoft Privacy Statement describes the collection, purpose, and usage of personal data in the context of various Microsoft offerings, designed for everyone, providing insights into the usage of personal data across different services and devices.', 'The Online Services Terms explains the legal agreement and licensing terms related to online services of Microsoft, designed for organizational legal teams to review and ensure compliance with the legal agreements.', 'The Data Protection Addendum covers obligations between companies and Microsoft regarding processing and security of personal and customer data, serving as an appendix to online services terms.', 'The Trust Center is designed for anyone in an organization who cares about security, compliance, or privacy, such as business managers, administrators, security teams, and legal teams.', 'Introduces Azure sovereign regions, including Azure Government and Azure China, designed for specific geographic areas with unique compliance and regulatory requirements.', "Microsoft's Trust Center serves as a comprehensive resource for organizations to review security, privacy, compliance, and additional topics related to online services, offering a one-stop shop for compliance journey for Microsoft products.", 'The Azure Compliance Documentation Portal provides detailed information to ensure compliance with Azure services and platforms, targeting business managers, administrators, security teams, and legal teams.', 'The chapter emphasizes the significance of Azure sovereign regions in meeting strict compliance and security requirements for specific markets, such as the US government and the Chinese market.']}