<img src="https://secure.seem3pick.com/198073.png" style="display:none;">

Top 10 Questions to ask your managed services provider about Office 365

Posted by Cathie Briggette on Thu, Aug 06, 2015

Top_10-1These are the Top 10 questions you should ask your IT department or IT Managed Services provider when you are considering Office 365 and the cloud for your business.

1. Who owns the data we store as part of Office 365, and will Microsoft use our data to build advertising products?

As a customer of Office 365, you own and control your own data. Microsoft does not use your data for anything other than providing you with the service that you have subscribed for. Microsoft does not scan your email or documents for advertising purposes. 

The following table explains how Microsoft uses your Office 365 Data:

Use of Office 365 Online Customer Data

Customer Data* 
(excluding Content)


Operating and Troubleshooting the Services



Security, Spam and Malware Prevention



Services Communications






Voluntary Disclosure to Law Enforcement



Direct Marketing



Customer Data is all the data, including all text, sound, software or image files that you provide, or are provided on your behalf, to us through your use of the services. Customer Data does not include Administrator Data, Payment Data or operational information about the services. See the Office 365 Privacy Statement.


** Content is a subset of Customer Data. Content is generally considered confidential information, and in normal service operation, is not sent over the Internet without encryption. Content includes, for example, Exchange Online e-mail body and attachments, SharePoint Online site content (not URL) and file body, instant messaging conversation body and voice conversation, and CRM files containing data about your end customer interactions.

2. Do you offer privacy controls in your service?
Privacy controls are enabled by default for all customers of the service and Microsoft allows you and/or your IT Managed Services provider to turn on and off privacy impacting features to meet the needs of your organization. Microsoft is contractually committed to the promises they make with respect to privacy and security with the data processing agreement.

3. Do we have visibility into where you store our data in the service?
Microsoft is transparent about where your data is located. For more information, please visit Where is my data in the Office 365 Trust Center.

4. What is your approach to security and which security features do you offer to protect your service from external attacks?
Security is one of the most important design principles and features of Office 365. Our focus on security spans hardware, software, the physical security of our datacenters, policies and controls, and verification by independent auditors.

When it comes to security features, there are broadly two types of categories:

1) built-in securityBuilt-in security represents all the measures that Microsoft takes on behalf of all Office 365 customers to protect your information and run a highly available service.
2) customer controls. - features that enable you or your IT Services Provider, to customize Office 365 to meet the specific needs of your organization.

You can get details about both types of security features in the Security Section of this blog.


5. Can we get our data out of your service?
You own your data and retain all rights, title, and interest in the data you store within Office 365. You can download a copy of all of your data at any time and for any reason, without any assistance from Microsoft. For more information, please visit It's your data in the Office 365 Trust Center.

6. Will you inform us when things change in the service, and will you let us know if our data is compromised?
We do inform you if there are any important changes to the service with respect to security, privacy, and compliance. We also promptly notify you if your data has been accessed improperly.

7. Are you transparent with the way you use and access our data?
Microsoft does share important aspects of data storage, such as where your data resides in terms of geographic location, who at Microsoft can access it, and what they do with that information internally. For more information, please visit the Who can access your data section of the Office 365 Trust Center.

Our position on access to your data is:
We (NSK Inc.) and Microsoft always give you access to your customer data. Access to customer data is strictly controlled and logged, and sample audits are performed by both Microsoft and third parties to attest that access is only for appropriate business purposes. We recognize the extra importance of our customers' content. If someone such as Microsoft personnel, partners, or NSK's own technicians access your content on the service, we can provide you with a report on that access upon request.

8. What kind of commitments do you have with respect to security and privacy?
On behalf of Office 365 Microsoft is willing to sign with each customer a data processing agreement, security amendment, HIPAA business associate agreement, and the EU model clauses. They also comply with standards like ISO 27001, FISMA, and Fedramp. For more information, please visit the Office 365 Security Section of this blog.

9. How do you ensure that your service is reliable?
Microsoft and NSK use best practices in design and operations, such as redundancy, resiliency, distributed services, and monitoring—to name a few. Microsoft recently started publishing their quarterly uptime numbers for the service. The uptime number for the most recent quarter is 99.97%. 

10. What are your commitments regarding keeping my service up?
Microsoft offers 99.9% uptime via a financially backed service level agreement. If a customer experiences monthly uptime that is less than 99.9%, Microsoft compensates that customer through service credits.

Images by:








Tags: Cloud Security

Subscribe to our BLOG

Recent Posts