Microsoft 365 operated by 21Vianet is a separate instance of Microsoft’s Microsoft 365 cloud services located in mainland China and independently operated and sold by Shanghai Blue Cloud Technology Co., Ltd. (“21Vianet”). It is based on the same Microsoft 365 technology that powers Microsoft’s global Microsoft 365 services with comparable service levels to customers.

Microsoft 365 operated by 21Vianet provides online productivity and collaboration solutions. 21Vianet offers trusted Microsoft 365 services that helps enterprises expand their businesses and maintain compliance with industry requirements.

As a customer of Microsoft 365 operated by 21Vianet, you get

• A cloud service hosted in datacenters exclusively in mainland China and operated independently by 21Vianet, a leading Chinese Internet datacenter provider.
• Powered by world-class Microsoft 365 technology built on Microsoft’s extensive experience with online services and used by customers around the world.

We recognize that as an Microsoft 365 customer, you have entrusted us to help protect your Customer Data. We value this trust, and the privacy and security of your Customer Data is one of our top concerns. We strive to take a leadership role when it comes to security, privacy, compliance practices and transparent.

As an industry leader in providing cloud services, are continually taking steps to maintain your trust in Microsoft 365. Our commitment to the area of trust is explained through the following pillars of the Trust Center.

Security: Our comprehensive approach

Safeguarding your Customer Data is one of our foremost objectives. Microsoft 365 uses the defense-in-depth approach to provide industry-leading physical, logical, and data security of our datacenters and Customer Data. We also give you enterprise-grade user and administrative controls to further secure your IT environment.

• The Microsoft 365 services provide built-in security features result of over a decade of providing and protecting online services by Microsoft.
• Flexible security settings that enable you to have control over your information.
• Security processes that monitor, anticipate, and mitigate threats to protect your Customer Data.

Learn more

Privacy
Data ownership and what it means

• You are the owner of your Customer Data; 21Vianet is the processor of your Customer Data.
• It’s your Customer Data, so if you ever choose to leave the service, you can take your Customer Data with you.
  • You own your Customer Data and retain the rights, title, and interest in the Customer Data you store in Microsoft 365 operated by 21Vianet.
  • You can take your data with you. You can download a copy of all your data at any time and for any reason, without any assistance from 21Vianet.
    • Exchange Online data, including emails, calendar appointments, contacts, and tasks, can be downloaded to a local computer by any end user at any time via the Import and Export wizards.
    • SharePoint Online documents can be downloaded at any time from the workspace into your local computer.
    • Vanity domain names such as contoso.com can be removed by following the Domain Removal instructions.
    • To download a copy of end-user metadata (such as email address, first and last name, and other data), you can use PowerShell cmdlets, including the Get-MsolUser Windows PowerShell cmdlet for Microsoft 365. If you use Exchange Online, you can also use the Get-MailUser and Get-User Exchange PowerShell commands.
  • Upon expiration or termination of your Microsoft 365 subscription or contract, 21Vianet will provide you, by default, additional limited access for 90 days to export your Customer Data.
• We do not mine your Customer Data for advertising purposes. It is our policy to not use your Customer Data for purposes other than providing you productivity services.

Our role as data processor

• We use your Customer Data only for purposes consistent with providing you services. 21Vianet does not have standing access to any service operation.
• We will not disclose Customer Data to a third party (excluding our suppliers and subcontractors) except as you direct or as required by applicable law and regulations.
• If compelled to disclose Customer Data to a third party, we will use commercially reasonable efforts to notify you in advance of a disclosure unless legally prohibited.

Privacy controls

• Privacy controls enable you to configure who in your organization has access and what they can access.
• Design elements prevent mingling of your Customer Data with that of other organizations using Microsoft 365.
• Extensive auditing and supervision prevent administrators from getting unauthorized access to your Customer Data.
• We enable you to collaborate but also give you the ability to control information sharing.

Compliance

Microsoft 365 operated by 21Vianet partners with customers to help them address regulatory requirements. We provide customers with information about the security and compliance features of the services, to help customers assess the services against their own legal and regulatory requirements.

In addition, the services are built and updated using an extensible compliance framework that enables the services to be designed and built using a single set of controls to speed up and simplify compliance across a diverse set of regulations and rapidly adapt to changes in the regulatory landscape.

Microsoft 365 provides admin and user controls, including eDiscovery, legal hold, and data loss prevention, to help you meet internal compliance requirements. These require no additional on-premises infrastructure to use.

Independent verification

• Office 365（a component of Microsoft 365） operated by 21vianet is verified to meet the requirements specified in ISO/IEC 27001, Information System Classified Security Protection (DJCP) Level 3, and Trusted Cloud Service Certification.

Proactive approach to regulatory compliance

• The services are built using the many controls in the Microsoft 365 compliance framework that enable the services to stay up to date with the ever-evolving industry standards
• A specialist compliance team continuously tracks standards and regulations, developing common control sets for our product team to build into the service.

Customer controls for organizational compliance

• Legal hold and eDiscovery built into the service help you find, preserve, analyze, and package electronic content (often referred to as electronically stored information or ESI) for a legal request or investigation. Privacy controls allow you to configure who in your organization has access and what they can access.
• Data loss prevention in Microsoft 365 helps you identify, monitor, and protect sensitive information in your organization through deep content analysis.

Transparent operations

Moving to a cloud service shouldn’t mean losing knowledge of what’s going on. With Microsoft 365, it doesn’t. We aim to be transparent in our operations so you can monitor the state of your service, track issues, and have historical view of availability.

The high availability of the services comes from years of experience in running online services. Based on Microsoft licensed technologies, the services combine robust recovery-oriented design by Microsoft, continuous learning, and consistent communication to deliver high quality and a great customer experience.

Data location and access

• We maintain multiple copies of your Customer Data, across the Microsoft 365 operated by 21Vianet datacenters, for redundancy and will share with you where your Customer Data is located.
• We tell you who has access to your Customer Data and under what circumstances.

Support with a human face

• You have phone support for critical issues 24 hours a day, 365 days a year.
• We have processes in place to provide around-the-clock escalation to resolve issues that cannot be resolved by operations alone.

We are accountable to you

• We conduct a thorough review of all incidents related to the services you use
  • Our post-incident review consists of analysis of what happened, our response, and our plan to prevent it in the future.
• We commit to delivering at least 99.9% uptime with a financially backed guarantee.

High availability design principles:

• Redundancy
  • Physical redundancy at server, datacenter, and service levels.
  • Data redundancy with robust failover capabilities.
  • Functional redundancy with offline functionality.
• Resiliency
  • Active load balancing.
  • Automated failover with human backup.
  • Recovery testing across failure domains.
• Simplification
  • Standardized hardware reduces issue isolation complexities.
  • Fully automated deployment models, making deployment easier than ever.
  • Standard built-in management mechanism.
• Monitoring
  • Internal monitoring built to drive automatic recovery.
  • Outside-in monitoring raises alerts about incidents.
  • Extensive diagnostics provide logging, auditing, and granular tracing.
• Distributed services
  • Distributed component services like Exchange Online, SharePoint Online, and Skype for Business limit scope and impact of any failures in a component.
  • Directory data replicated across component services insulates one service from another in any failure events.
  • Simplified operations and deployment.

Microsoft 365 Service Health Dashboard

The Microsoft 365 Service Health Dashboard is the window into the health of the services for your specific organization. As an Microsoft 365 customer, you get a detailed view into the availability of services that is relevant to your organization. Our service dashboard gives you full insight into your services by showing their current status and even lets you see when you need to renew licenses.