I have sensitive data stored in both Azure DB and Azure SQL VM.
An authorised DBA can log on and query the database, but in theory could a random Microsoft employee do the same without asking permission?
I found this online which suggests the answer is 'no', but is it really?
Customer data ownership: Microsoft does not inspect, approve, or monitor applications that customers deploy to Azure. Moreover, Microsoft does not know what kind of data customers choose to store in Azure. Microsoft does not claim data ownership over the customer information that's entered into Azure.
Also found this on a site discussing the negatives of using a SQL Developer Licence:
Microsoft gets access to your data: it is mandatory with any non-commercial installation of SQL Server that all your usage data covering performance, errors, feature use, IP addresses, device identifiers and more, is sent to Microsoft. There are no exceptions. This will likely rule it out for any company that deals with particularly sensitive data.
I'm not proposing using a developer licence on Azure, but which is it – can Microsoft inspect my data or not, either legitimately or a rogue employee?
Best Answer
Legally speaking, they can't read your data or send your data to law enforcement without a correct court order.
Per transparency from Microsoft, to see the current state of how many laws subpoena they answered on there.
You have to choose wisely your Azure region for that reason. In example HIPAA enterprise in Canada would have to be hosted in Canada in example for their data.
A rogue Microsoft employee could maybe see your data. The process there is unknown, but that risk is the same from any hoster or rogue employee inside your corporation.