This white paper examines how Microsoft investigates, manages, and responds to security incidents within Azure. Other service impacting issues that are not security incidents are addressed by a separate response plan (or business continuity plan), and will not be discussed in this paper.


The security incident management program is a critical responsibility for Microsoft, and represents an investment that customers using Microsoft Online Services can count on. The five-stage process presented in this white paper is a process that has evolved over many years – and continues to do so – and involves a team of dedicated experts with skill and dedication to protecting Microsoft customers.