Microsoft Sovereign Cloud Core Customer Scenarios: No Cloud Operator Access

(upbeat music) - Let's dive into a scenario that sits at the heart of digital trust. No cloud operator access. Organizations want the advantages of cloud scale, innovation, security, and speed, but need to stay in control of access to their data, including access by their cloud service provider, Microsoft. This scenario focuses on giving customers confidence that even though they're using the cloud, they are in control of access to their data and workloads. And no one at Microsoft, no engineer, no operator, no automated search system, can access it without their consent. Let's consider a real world case. Imagine a central government agency with a clear ambition: to deliver more personalized, more effective public services using data-driven insights to better serve every citizen. The goal is inclusion and equity, making sure government programs adapt to individual needs, and that access to services is intuitive, fair, and secure for everyone. But with that ambition comes responsibility. Citizen data is among the most sensitive data that exists. Processing it demands absolute trust, strict purpose limitation, and full compliance with data protection laws. That means no one outside the agency can access workloads unless there is an explicitly approved and lawful purpose. And, outside doesn't just mean external attackers. It includes civil servants without authorization, partners, and yes, also the cloud provider itself. Even during day-to-day operations such as troubleshooting, patching, maintenance, upgrades, or emergency escalations, the agency must retain control. The question here is not whether to use the cloud. The question is how do you benefit from cloud innovation while staying in control, and without handing over all access to cloud operators? This is exactly the use case for the no cloud operator access scenario. In Microsoft's sovereignty framework, scenario refers to situations where customers require strict safeguards and controls, ensuring that no cloud provider personnel can access sensitive workloads or data without consent. This includes scenarios with zero cloud operator access to customer content, cryptographic separation between provider and customer, full control of encryption keys, and strong boundaries supported by both technical controls and surface architecture, visibility and audit evidence showing enforced non-access. It is about creating a cloud environment where customers get all the benefits of hyperscale computing without giving up operational control or privacy. Microsoft delivers a robust set of tools, architectures, and operating commitments designed to ensure customers maintain control over sensitive data. And here's how. It starts with strict identity and access boundaries. Microsoft engineering personnel do not have standing access to customer data. Because production infrastructure is automated and self-healing, Microsoft personnel rarely needs access to customer data in production infrastructure. Moreover, we do not need to know what is in customer content to maintain the service. So most interactions and monitoring are done through dashboards and systems that consume data from Microsoft telemetry and diagnostic systems. Connections from DevOps engineering personnel are tightly controlled through secure access workstations and VDI solutions that are locked down and do not allow any data exfiltration from production infrastructure. In the extremely rare case that Microsoft engineering personnel would require access to customer data in case of a support request, then that requires an access elevation procedure. This follows four-eyes principles, which will, after approval, only allow limited time bound access, and that access is automatically revoked. Customers can expand this with customer lockbox, requiring explicit approval from the customers before access to customer data is granted to the engineer. We are also working on additional no-access engineering operating model investments. Microsoft software infrastructure regions, such as in Europe, implement operational models, ensuring local personnel oversight, strict segmentation, and minimized access to reduce legal exposure and privileged pathways. In addition, Microsoft provides contractual commitments concerning confidentiality and third party access.

Then, customers can apply advanced encryption, confidential computing for data protected in use for sensitive scenarios. With confidential computing, supported processes or workloads run in secure in class or secure virtual machines. Even while being computed, data remains encrypted and shielded. Not even cloud operators or malicious insiders can view it. Of course, when applying encryption, key management is of fundamental importance. Customers hold their own encryption keys using hardware security modules they manage. If Microsoft doesn't have the keys, Microsoft cannot access the data, ever. Then observability is important, or attempted access approved or denied in solutions such as customer lockbox is locked in customer accessible logs. Customers see exactly what happens in their sovereign environment. And finally, for the highest levels of isolation, Microsoft supports deployments like Azure Local or Microsoft 365 Local, customer-operated, fully isolated environments where Microsoft has no operational role. Organizations use Microsoft for this scenario, because enabling no cloud operator access requires real engineering maturity and operational discipline. So let's summarize Microsoft's approach. We design infrastructure that allows controlled operator access and the no standing access by default, not as an afterthought. Furthermore, we have decades of experience with high security workloads. Defense intelligence and national security organizations already rely on Microsoft's infrastructure. Then we integrate our complete security stack, identity, encryption, confidential compute, secure in-class, and policy controls all across the environment. And finally, we add independent auditability. Customers can verify non access rather than simply trusting it. This all helps achieving sovereignty without compromise. Organizations get full control while still using hyperscale innovation, AI, and the global Microsoft Cloud ecosystem. (uplifting music)