Microsoft Azure at U-M

Service Description 

Azure is a collection of integrated cloud services that developers and IT professionals can use to build, deploy, and manage applications through a global network of data centers. Azure allows the freedom to build and deploy where you want using the tools, applications, and frameworks of your choice. U-M offers access to Microsoft Azure under a University of Michigan enterprise agreement.

Compliance 

U-M has now signed a Business Associate Agreement with Microsoft for Azure, and it is currently pending internal review for allowing the collection, processing, or maintaining of HIPAA data. While some Michigan Medicine pilots may take place, general use of Azure for HIPAA data is not permitted at this time.

The U-M offering of Azure provides a secure environment within which to maintain or share the university's sensitive unregulated data. In addition, the U-M offering of Azure provides an environment that is compliant with regulations for some types of sensitive regulated data. However, it does not comply with some regulatory requirements for specific types of  data. See the list above of which data types are—and are not—permitted for use in Microsoft Azure at U-M.

Social Security numbers should only be used where required by law or where they are essential for university business processes. Information Assurance (IA) can help you explore appropriate storage locations or work with you to appropriately encrypt the data if those alternatives will not work for you. (Contact IA via the ITS Service Center.)

Keep in mind that compliance is a shared responsibility. You must also take any steps required by your role or unit to comply with relevant regulatory requirements.