Skip to content

Microsoft 365 Shared Responsibility Model

Published: at 11:36 AM

Table of contents

Open Table of contents


One conversation I frequently have with clients regarding cloud services is helping them understand the shared responsibility model. There are often privacy concerns over their data or clients feel that simply throwing data into the cloud by default makes it secure. The line I always use is- The cloud vendor is responsible for the cloud; you are responsible for what is in the cloud. In this article, I explore the Microsoft shared responsibility model and what Microsoft is responsible for and what you, the customer is responsible for.

Microsoft Shared Responsibility model

SaaS platforms like Microsoft 365 are great because they are extremely powerful and eliminate the need to deploy and manage software on your servers. That does not mean that SaaS solutions free you from having to manage security or the data stored within it. Again, you are responsible for security in the cloud.

This is where the shared responsibility model comes into play. The provider delegates many security-related matters such as data protection and security to their customers through the shared responsibility model. Here’s the official link on how Microsoft 365’s shared responsibility model works and what you should know if you deploy Microsoft 365 in your business.

What Microsoft Is Responsible For

As part of the Microsoft 365 SaaS platform, Microsoft manages and guarantees the following:

As you can see, Microsoft manages the aspects of the security of Microsoft 365, as well as related issues, such as data and service availability.

What You Are Responsible For

The primary responsibility of Microsoft 365 customers lies in securing the data you store and manage on the Microsoft 365 platform. Although Microsoft manages the infrastructure and services that host that data, users need to guard against risks such as the following:

In closing, while Microsoft keeps your infrastructure available, you are responsible for keeping your data secure and compliant.