Browse all topics
All guidesGlossary
Microsoft 365 essentials

Microsoft 365 tenant isolation and data residency

How Microsoft 365 isolates tenant data, where it's physically stored, and the data residency commitments by region.

Microsoft 365 runs as a multi-tenant cloud service, but each customer tenant is logically isolated and (with the right plans and configurations) physically restricted to specific regions. Knowing how this works matters for compliance, sovereignty, and contract negotiations.

How tenant isolation works

Every Microsoft 365 tenant has:

  • A unique tenant ID (a GUID) that scopes every data store, API, and authentication context.
  • Per-tenant encryption keys that protect data at rest (with Customer Key option for tenant-managed keys).
  • Logical partitioning in shared services (Exchange, SharePoint, Teams) — every query, every storage call is keyed by tenant.
  • Network and identity isolation — sign-ins for one tenant cannot reach another's data without explicit B2B trust.
  • Audit and compliance separation — each tenant has its own audit trail.

Data does not cross tenant boundaries except through explicitly configured cross-tenant access (B2B, shared channels, multi-tenant organisations) or via Microsoft Support for break-glass cases (gated by Customer Lockbox on the right plans).

Data residency

Microsoft 365 stores most customer data in datacentre regions tied to the tenant's billing country, or to a specific data residency commitment the customer chooses. The major regions:

  • North America — US, Canada.
  • EMEA — EU, UK, Switzerland, Norway, Germany (multiple sub-regions).
  • Asia Pacific — Australia, Japan, Korea, India, Southeast Asia.
  • Latin America — Brazil.
  • Government — Government Community Cloud (GCC), GCC High, DoD (US Federal).
  • Sovereign clouds — Microsoft Cloud for Sovereignty (regional sovereign offerings).

For each workload (Exchange, SharePoint, OneDrive, Teams, Power BI, Defender, Purview), Microsoft publishes specific data residency commitments — typically "data at rest" and increasingly also "data in transit."

Advanced Data Residency

For organisations needing stricter control, Advanced Data Residency (ADR) is a paid add-on that extends the geographic guarantees to more services and pins them to specific country boundaries (rather than larger geographic regions). Useful for jurisdictions with strong data sovereignty laws.

EU Data Boundary

The EU Data Boundary is Microsoft's commitment that customer data and pseudonymised personal data stays within the EU for processing. It applies to Microsoft 365, Dynamics 365, Power Platform, and Azure for tenants in EU regions. Telemetry, support data, and certain other classes were brought into the boundary in 2024.

For EU customers under GDPR, this commitment removes most of the historical "but where is my data really processed?" concerns.

Multi-Geo Capabilities

For multinational tenants, Multi-Geo lets a single tenant store SharePoint and OneDrive content in multiple geographic regions, scoped per user. Useful when the company is one tenant but employees need their personal data stored in their country.

Multi-Geo is a paid add-on and requires careful configuration — see the dedicated Multi-Geo guide.

What's stored where

A simplified mapping for an EU tenant:

  • Exchange mailboxes — EU datacentre.
  • SharePoint and OneDrive — EU datacentre.
  • Teams chats and messages — EU datacentre.
  • Authentication (Entra ID) — global; identity data has its own residency model.
  • Backup and DR — within the same geographic region.
  • Telemetry — within the EU Data Boundary if applicable.

Always check Microsoft's current data residency commitments for your specific tenant — they evolve, and the published page is authoritative.