Update Verträge und Zertifikate für Microsoft 365 und Azure

Das Jahr ist gerade ein paar Tage alt, schon gibt es eine neue DPA angepasst an den neuen Stand des EU Boundary Programmes und eine neue SLA und neue Produktterms.



PT: neu 01.01.2024

Microsoft Product Terms

Datenschutz- und Sicherheitsbedingungen: Die Bedingungen für EU Data Boundary Services wurden aktualisiert, um den erweiterten Geltungsbereich der Verpflichtung widerzuspiegeln.


Personal Data” wurde hinzugefügt

DPA:  02.01.2024

  • Neu: 2 Januar 2024 / aktuell nur in englischer Sprache


neu ist fett markiert und gestrichen ist durchgestrichen: 


Data Transfers

Customer Data, Professional Services Data, and Personal Data that Microsoft processes on Customer’s behalf may not be transferred to, or stored and processed in a geographic location except in accordance with the DPA Terms and the safeguards provided below in this section. Taking into account such safeguards, Customer appoints Microsoft to transfer Customer Data, Professional Services Data, and Personal Data to the United States or any other country in which Microsoft or its Subprocessors operate and to store and process Customer Data, and Personal Data to provide the Products, except as described elsewhere in the DPA Terms.

All transfers of Customer Data, Professional Services Data, and Personal Data out of the European Union, European Economic Area, United Kingdom, and Switzerland to provide the Products and Services shall be governed byare subject to the terms of the 2021 Standard Contractual Clauses implemented by Microsoft. In addition, transfers from the United Kingdom shall be governed byare subject to the terms of the IDTA implemented by Microsoft. For purposes of this DPA, the “IDTA” means the International data transfer addendum to the European Commission’s standard contractual clauses for international data transfers issued by the UK Information Commissioner’s Office under S119A(1) of the UK Data Protection Act 2018. Microsoft will abide by the requirements of European Economic Area, United Kingdom, and Swiss data protection law regarding the collection, use, transfer, retention, and other processing of Personal Data from the European Economic Area, United Kingdom, and Switzerland. All transfers of Personal Data to a third country or an international organization will be subject to appropriate safeguards as described in Article 46 of the GDPR and such transfers and safeguards will be documented according to Article 30(2) of the GDPR.

In addition, Microsoft is certified to the EU-U.S. and Swiss-U.S. Data Privacy Frameworks, the UK Extension to the EU-U.S. Data Privacy Framework and the commitments they entail. Microsoft agrees to notify Customer if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the principles of the Data Privacy Frameworks.

  • Erweiterung um UK in das neue DAPF


“Location of Customer Data

For the Core Online Services, Microsoft will store Customer Data at rest within certain major geographic areas (each, a Geo) as set forth in the Product Terms.

For EU Data Boundary Online Services, Microsoft will store and process Customer Data and Personal Data within the European Union as set forth in the Product Terms.

Microsoft does not control or limit the regions from which Customer or Customer’s end users may access or move Customer Data.”

  • Erweiterung um Personal Data beim EU Boundary. Damit gilt hier nun auch vertraglich, das durch das EU Boundary Programm angesprochene Versprechen auch diese Daten nur innerhalb der EU zu speichern.


“CJIS Customer Agreement

Microsoft provides certain government cloud services (“Covered Services”) in accordance with the FBI Criminal Justice Information Services (“CJIS”) Security Policy (“CJIS Policy”). The CJIS Policy governs the use and transmission of criminal justice information. All Microsoft CJIS Covered Services shall be governed by the terms and conditions in the CJIS CustomerManagement Agreement located here: http://aka.ms/CJISCustomerAgreement..”

  • reine Anpassung

Datei mit der Gegenüberstellung der DPA aus November und der aktuellen DPA

Vergleich Nov 2023 zu Jan 2024


Neu: OnlineSvcsConsolidatedSLA(WW)(English)(January2024)(CR).docx (live.com)


  • Fabric wurde hinzugefügt



Additional Definitions

Capacity: Capacity is a dedicated set of resources that is available at a given time to be used. Capacity defines the ability of a resource to perform an activity or to produce output. Different items consume different capacity at a certain time. Fabric offers capacity through the Fabric SKU and Trials. For more information, see What is capacity (https://learn.microsoft.com/fabric/enterprise/licenses#capacity)?

Maximum Available Minutes: The sum of all minutes that a given, individual Capacity has been instantiated during an Applicable Period for a given tenant.

Downtime Minutes*: The total accumulated minutes in an Applicable Period for a given Capacity, after its creation, or before it is deprovisioned when the Capacity is unable to be utilized in all applicable Fabric features listed below:

Power BI – redirect to the Power BI section

View: View Power BI Dashboards, Reports, and Apps in the service.

Dataset Refresh: Schedule or manually trigger refresh operation and expect those operations to complete within expected timeframes considering all conditions that might impact refresh speeds (e.g., size of dataset).

Access Power BI Portal: Access and use the Power BI Portal within expected timeframes considering network conditions and limitations local to the customer environment or external to Microsoft.

Data Factory

Dataflow Gen2 Refresh: Schedule or manually trigger refresh operation and expect those operations to complete.

Open Pipeline: Open Pipelines in the service.

Data Engineering

Open Lakehouse: Open and view a Lakehouse in the service.

Open Notebook: Open and view a Notebook in the service.

Open Spark Job Definition: Open and view a Spark Job Definition in the service.

Data Science

Open ML model: Open and view ML models in the service.

Open Experiment: Open and view Experiments in the service.

Data Warehouse

Open Database: Open and view a Data Warehouse database in the service.

Real-Time Analytics

Open Eventstream: Open and view Eventstreams in the service.

Open KQL Database: Open and view a KQL database in the service.


OneLake read transactions: Any read operations to OneLake DFS APIs.

Uptime Percentage: The Uptime Percentage is calculated using the following formula: Maximum Available Minutes-DowntimeMaximum Available Minutes 100

*Downtime Minutes does not include any period of time where the inability to use Fabric features within a given Capacity was due to Microsoft Fabric throttling policy.


Service Credit:

Uptime Percentage

< 99.9%

< 99%

Service Credit




Zertifikate ISO

Certificate demonstrating Microsoft Azure, Dynamics 365, and Other Online Services’ compliance with ISO 27017 framework






Zertifikate SOC

Microsoft 365 – Viva Engage – SOC 2 Type 2 (2023)

Service Trust Portal (microsoft.com)


Zertifikate GDPR

Keine neuen Zertifikate