1 National Clouds: C&E FY17 consistent hybrid cloud platform scenario12/19/2017 National Clouds: C&E FY17 consistent hybrid cloud platform scenario © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 Digital TransformationEngage your customers Transform your products Digital Transformation Technology is omnipresent. It’s shaping business growth and disrupting industries. Customers we talk to are building digital experiences to engage their customers, to empower their employees, to optimize their operations, and to transform their products. Consider the thermostat. Customers are willing to pay up to 59% more for a “smart” thermostat over a standard one. Businesses are using technology to create new customer value can yield premiums. Smart thermostats, tennis rackets, banking services, healthcare devices, even ordering pizzas: digital transformation is happening in every industry. Empower your employees Optimize your operations

3 Cloud momentum continues to accelerate12/19/2017 Cloud momentum continues to accelerate “By 2020, a corporate ‘no-cloud’ policy will be as rare as a ‘no-internet’ policy is today”1 “The question is no longer: ‘How do I move to the cloud?’ Instead, it’s ‘Now that I’m in the cloud, how do I make sure I’ve optimized my investment and risk exposure?” 2 “By 2020 clouds will stop being referred to as ‘public’ and ‘private’. It will simply be the way business is done and IT is provisioned.” 3 The momentum seen with businesses today in relation to the cloud is showing us that cloud computing is becoming the rule and not the exception. We are witnessing the arrival of a new age, one in which the cloud serves as a key delivery model for IT and business innovation. People now ask less about “why the cloud” and more about “why not the cloud?” That’s because the cloud offers a lot for less―cost savings, simplicity, scalability, availability, business continuity, disaster recovery, and centralization to name but a few benefits. Within this cloud megatrend, the strategic focus has shifted from infrastructure to application platform. Many CIOs view technology as a service (cloud) will have the most profound impact on their roles. This implies a major business transformation that impacts processes and IT infrastructure enabled by the cloud. Sources: 1. 2. ort%20-%20Final% pdf 3. 1Gartner: Smarter with Gartner, Why a No-Cloud Policy Will Become Extinct, February 2, 2016 2KPMG: 2014 Cloud Survey Report, Elevating business in the cloud, December 10, 2014 3IDC: IDC Market Spotlight, Cloud Definitions and Opportunity, April 2015 © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4 Compliance & data residency a key factor in cloud adoption12/19/2017 Compliance & data residency a key factor in cloud adoption Security and privacy are stated most important considerations while compliance drives behavior Compliance was ranked the second in regards to importance to cloud trust 3000 customers were asked to rank their top 20 requirements related to cloud trust 1 2 3 When talking to customers about what concerns they have when adopting cloud services, and how they address those concerns, our research indicated the areas of focus. While it is no surprise that security requirement are dominant, the specific requirements (or blockers) were requirements for: Broadly applicable compliance certifications such as ISO and ISO 27018 Industry specific compliance certification such as HIPAA, CDSA and PCI DSS Regional certifications such as the US FedRamp, UK G-Cloud and Australia’s IRAP Beyond external compliance requirements, many companies also have internal policies which shaped their decision making. Microsoft: Trusted Cloud Survey, 2016 © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5 Azure infrastructure investments34 Azure regions worldwide 100 + datacenters One of 3 largest networks in the world *Operated by 21 Vianet **German data trustee services provided by T-systems Central US East US North Central US Brazil South West Europe Japan East South India Southeast Asia Australia Southeast Australia East Central India West India Japan West East Asia China West* North Europe Germany Northeast** Canada East Canada Central South Central US China East* Germany Central** Korea South East US 2 Korea Central United Kingdom West United Kingdom South West Central US US Gov US DoD East US DoD West In order to help organizations meet data residency, sovereignty and compliance requirements, Microsoft has a worldwide network of 34 Microsoft-managed Azure regions, and continues to make significant investments in geo-expansion through our local and sovereign offerings in more than 10 unique geographic regions worldwide.

6 ExpressRoute partners12/19/2017 ExpressRoute partners ExpressRoute has 30 location and 36 partners Sao Paulo Tokyo Chennai Singapore Mumbai Osaka Hong Kong Amsterdam London Dublin Los Angeles Seattle Chicago Dallas Silicon Valley New York Washington DC Atlanta Sydney Melbourne Beijing New Port Las Vegas Quebec City Montreal Toronto Paris Shanghai Berlin Frankfurt For connecting from on-premises environments, you can choose secure VPN We also offer private connectivity from your WAN environments using the ExpressRoute service. These connections make Microsoft datacenters perform like your own datacenter. 30 ExpressRoute locations worldwide Large set of partners that offer private connectivity - enterprises can connect privately from anywhere in the world. Global © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7 Industry’s largest compliance portfolio12/19/2017 Industry’s largest compliance portfolio Microsoft is meeting customer security needs with the industry's largest compliance portfolio ISO 27001 PCI DSS Level 1 SOC 2 Type 2 ISO 27018 Cloud Controls Matrix Content Delivery and Security Association Shared Assessments SOC 1 Type 2 Worldwide National European Union Model Clauses China Multi Layer Protection Scheme Singapore MTCS Level 3 China GB 18030 New Zealand GCIO Australian Signals Directorate Japan Financial Services CCCPPF ENISA IAF HIPAA / HITECH Key goal of slide: More evidence of our commitment and continued investments in compliance. Microsoft has the largest compliance portfolio in the industry. Talk Track: Specific to Japan, on 2/17, we are announcing a new Japanese certification “Cloud Security Mark.” Details below This is the first security standard for Cloud Service Providers in Japan based on International Standard ISO Japanese government had started their cloud first strategy and this certification was established to promote utilization of public cloud for not only public sector but also private sector. The purpose of Cloud Security Mark is to provide a common standard that cloud service providers (CSPs) can apply to address common customer concerns about the security and confidentiality of data in the cloud and the impact on business of using cloud services The certificate is accredited by Japan Information Security Audit Association (JASA) which is a non-profit organization established to strengthen Information Security in Japan through developing Authorized Information Security Audit System enforced by METI (Ministry of Economy, Trade and Industry). Microsoft became the first Global Cloud Service Provider accredited by this standard on February 9, 2016. Government FIPS 140-2 DISA Level 2 FERPA FedRAMP JAB P-ATO ITAR-ready CJIS 21 CFR Part 11 IRS 1075 Section 508 VPAT United Kingdom G-Cloud © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

8 Investments to address business and regulatory needs12/19/2017 Investments to address business and regulatory needs Infrastructure geo-expansion helps address some common cloud ‘blockers’ for many geographies and industries. Specific compliance certifications unblock what were once only on premises apps/workloads Compliance Local datacenters allow customer data at rest to be kept within a geography, enabling customers to help meet local data residency requirements* Data Residency Local datacenters can help reduce latency for developers and partners, fueling local innovation Performance *For further details, see © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9 The cloud is a model, not just a place12/19/2017 The cloud is a model, not just a place The cloud operating model prioritizes speed and empowers developers. Hybrid cloud allows the model to be utilized consistently across public, partner, and private cloud environments, providing ultimate flexibility. Global: Hyper-scale, globally connected cloud services deployed from regional Microsoft datacenters. Local datacenters enable customers to address local data residency requirements. Sovereign: Hyper-scale cloud services, isolated from global cloud services. Deployed from local datacenters to meet unique requirements of specific markets. Microsoft datacenter Public Cloud services deployed on dedicated resources, hosted or operated by a Microsoft partner. Provides integrated or industry-specific service offerings. Partner datacenter Deployed on customer- dedicated resources with Microsoft products and technologies. Benefit from cloud experiences on your own premises. Customer datacenter Private Hybrid © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10 How do I determine the best fit for my needs?12/19/2017 How do I determine the best fit for my needs? There are a set of core factors to take into account when determining the best option(s) to meet your needs Public Sector or restricted industry? Am I part of local or federal government, or in an industry with specific restrictions? Data Residency and/or Sovereignty Do I have data residency requirements and/or sovereignty that I need to fulfill? Compliance What are the compliance requirements that I need to abide by? Cost Is price a major factor in your decision making process? Eligibility Which datacenters am I eligible to use? Latency Is lightning speed performance crucial to my business or industry? Service Availability What services am I interested in using? Customization Do I have a solution that requires customization beyond what is available in the public cloud?' Customer/Subsidiary Location Do I have branch offices or customers located in other countries? Would these users employ a different cloud model? Data governance standards and policies Do I have data governance processes and/or controls that I need to follow? © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

11 What is cloud data governance and why is it important?Cloud data governance drives business transformation, agility, and collaboration, to increase your competitive advantage What it is A set of processes and controls for managing data by harnessing the power of the cloud Why it’s important Reduces data complexity and costs, delivers new insights from powerful data analytics tools, helps organizations meet standards for security, privacy, and compliance Data governance is a set of processes and controls for defining, implementing, and enforcing data policies to meet an organization’s mission or achieve specific business objectives. It encompasses the actions (including people, processes, and technology) used to ensure that key information delivered throughout the organization is appropriately managed and maintained. Additionally, data governance ensures there is a mechanism to facilitate and communicate a common definition and understanding of information. Data governance is important for all organizations because they need to know exactly what their data assets are, and who is accessing those assets. If compromised, high-value assets can cause a major dent in the organization’s reputation and brand image. With a cloud data governance model, organizations can lower the cost and complexity of their healthcare data growth needs by adopting a flexible, secure, and regulatory- compliant cloud solution. In addition, organizations can get access to powerful predictive and real-time data analytics tools. These tools can enable them not only to gather actionable insights from ever-growing mountains data, but also to use those insights to make the best decisions at the point of care. And healthcare organizations can leverage the trusted Microsoft cloud to meet the highest standards for security, privacy, and compliance to help protect patient health information. As a result, they can deliver end-to-end trust through the ability to manage identity access and apply audit controls across devices, applications, and data. Cloud Data Governance In the future, most of IT will be on the cloud. Cost is one reason for this trend. Another is ease of access: an organization’s end users can take advantage of the corporate resources they need using the Internet, via secure logins without VPN or RAS. IT departments can take advantage of the cloud to focus on their core priorities, while quickly and flexibly meeting and managing their IT growth and infrastructure needs. Ultimately, healthcare organizations can use cloud data governance solutions to drive business transformation, agility, and internal collaboration, leading to a strong competitive advantage.

12 Five Steps to Data Governance Adoption12/19/2017 Five Steps to Data Governance Adoption Define business objectives Set up stewardship model Develop data strategy and policy Inventory and classify data Operationalize data strategy and implement change control process 2 1 3 4 5 Five Steps to Adoption In a cloud scenario, data governance can enable sharing of data with controls in place, thus liberating it for the right purposes. The perceived security risk for the cloud, which is really more of a trust issue, can be effectively addressed through the application of data governance for cloud adoption. Organizations can use the following five-step framework for cloud data governance adoption: Step 1: Define the business objective and priorities. Step 2: Develop data strategy and policies. Step 3: Identify data owners and data stewards. Step 4: Create an inventory of all data applications and assets and classify. Step 5: Develop and implement a change control process. © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

13 “Azure meets stringent government compliance requirements“Azure meets stringent government compliance requirements. It provides the same security levels that used to require having servers behind a DMZ [demilitarized zone], which is kind of revolutionary. Microsoft Canadian datacenters further help us serve customers who felt they were blocked from the cloud due to data residency requirements.” Jeff Parsons EVP of Global Business Azzimov 12/19/2017 To provide users with a better search experience and merchants with more convertible leads, Canadian software developer Azzimov created a product-centric web and mobile search platform that runs on Microsoft Azure in Microsoft Canadian datacenters. The Azzimov Intelligent Search System refines the results from a broad universe of product information with the help of Microsoft Cortana. It also integrates with Microsoft Dynamics CRM to provide merchants with more information-rich leads. And by running in Microsoft Canadian datacenters, Azzimov meets compliance and data residency requirements for Canadian public sector customers. To gain the scalability needed to handle that volume of data, Azzimov moved its solution to Microsoft Azure in mid “The ability of Azure to scale up or down with demand is critical for our solution,” says Parsons. “If we know that a marketplace using our apps is doing a big media push, we can increase the number of Azure servers for a certain period of time and then reduce that capacity when the push is over. That allows our clients to control and manage their budgets much more effectively.” The solution also uses: Azure App Service Web Apps for sending and monitoring Azure costs; Azure Blob Storage accounts for backing up virtual machines; and Azure Content Delivery Network (CDN) to increase the speed and availability of data. For merchants, the solution includes the Azzimov Lead Generator that integrates with Microsoft Dynamics CRM to send the merchant a CRM or notification with search context and guidance history for each lead. Customers benefit from features within Microsoft Cortana that provide a richer user experience for both PC and mobile users. “We’re able to integrate with the learning processes in Cortana to enrich our data and categorize it better, which helps us understand and serve consumers more effectively,” says Parsons. © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

14 “We chose Microsoft Cloud, Germany because with it we have all the benefits and advantages of the highly scalable Azure Cloud and it is the only Hyperscaler capable of meeting our strict demands regarding German privacy protection. Servers based in Germany paired with the trustworthy and reliable server management carried out by T-Systems were the two key deciding factors for us.” Detlef Schmuck COO TeamDrive 12/19/2017 TeamDrive provides the market’s most secure and scalable, SaaS-based file sharing and synchronizing solutions. TeamDrive’s award winning proprietary technology, hosted on Microsoft’s Azure Germany Cloud servers, enables enterprises and individuals to host, control, sync and share their personal and/or sensitive data globally, with highly secure and differentiated end-to-end AES 256-bit encryption in a user-friendly layout. Award Winning Security All data are encrypted using AES 256-bit encryption and only the user can decide who has access to it. Data Privacy Seal (Independent Centre for Privacy Protection Schleswig-Holstein Germany) recipient. Data encryption keys remain with the user. No snooping, no backdoors and zero- knowledge is our promise! Free Choice of Server Highly scalable, inexpensive solution delivered via the cloud, on-premise, or a hybrid model Sync your data to either the TeamDrive cloud, a preferred cloud hosting provider (WebDAV server) or to one of our self-hosted server solutions. You can synchronize data to the environment of your choice, including your own instance of Microsoft Azure. All hosting solutions can be used simultaneously. Simple, Secure Synchronization Keep your data synchronized between various devices with the click of a button. Easy-to-use client interface enables a secure workplace without sacrificing functionality. Real-time file encryption and synchronization. © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

15 “For Memphis Police Department we delivered the fast and scalable Getac Veretos Evidence Management System that supports CJIS security policies. In many cases, data moves seamlessly from the officer and the vehicle directly to the Azure Government Cloud. This streamlined, secure hosted model eliminates many of the hidden costs and processes associated with running an internal network infrastructure.” Scott Shainman President – North America Getac 12/19/2017 Complete case study can be found at https://customers.microsoft.com/Pages/CustomerStory.aspx?recid=24622 © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

16 Resources Microsoft Datacenters Trust Center: Compliance12/19/2017 Resources Microsoft Datacenters Trust Center: Compliance Trust Center: Where Is My Customer Data? Hybrid Cloud Platform © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

17 12/19/2017 © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

18 Azure geographic views12/19/2017 Azure geographic views © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

19 Azure regions in the United StatesGlobal offerings Microsoft Azure is available from eight Azure regions in the United States Customer data is stored within the US with most Azure services, enabling customers to address most local data residency requirements* Open to all public cloud users Azure regions can be selected, including access to WW regions Sovereign Microsoft Cloud for Government Data is stored within the U.S. and provides a physical and network-isolated instance of Microsoft Azure Provides screened U.S. persons and policies to help protect customer data and applications Offers continuous commitment to meet rigorous compliance demands (i.e. FedRAMP, CJIS, HIPAA) of a government-community cloud Microsoft Cloud U.S. Dept. of Defense* Two new physically isolated Azure Government regions for Department of Defense First of a kind, datacenters are architected to meet stringent DoD security controls and compliance requirements Designed to meet specific controls and commitments defined in the DoD Cloud Computing Security Requirements Guide (SRG) that require the specific engineering controls in place for data permitted to be stored in the cloud *DoD datacenters have been announced but are not yet operational Central US North Central US South Central US East US 2 West Central US US Gov US DoD East East US US DoD West *For updated compliance information visit the Microsoft Trust Center. For data residency details, see

20 Making the right choice in the United StatesCompliance in the United States Federal Government Compliance FedRAMP FDA 21 CFR Part 11 CJIS HIPAA/ HITECH IRS 1075 DISA FISMA CDS GxP MPAA NIST CSA CCM FERPA PCI-DSS DIACAP FIPS 140-2 ISO/IEC 27001 Section 508 VPATs ISO/IEC 27018 Shared Assessments SOC 1 SOC 2 SOC 3 “Microsoft has exceeded the LAPD's expectations in this regard by taking on the difficult requirements of the CJIS regulatory regime and meeting them head-on.” Sanjoy Datta Information Security Officer Los Angeles Police Department “Microsoft Azure is well known for its industry-leading security and reliability and, with it, we can provide the most secure and compliant cloud capability to our customers.” Rick Smith CEO TASER “In working with law enforcement, we need to meet several security and privacy standards - particularly CJIS. Microsoft Azure and Azure Government are the only major platforms that meet those standards.” Ken Smith Founder/Head of Product Rejjee For updated compliance information visit the Microsoft Trust Center

21 Azure regions in CanadaGlobal offerings Canada Microsoft Azure is available from two local datacenter regions Data replication occurs within Canada for business continuity Customer data is stored within Canada with most Azure services, enabling customers to address most local data residency requirements* Open to all public cloud users Azure regions can be selected, including access to WW regions Canada East Canada Central *For updated compliance information visit the Microsoft Trust Center. For data residency details, see

22 Making the right choice in CanadaCDS ISO/IEC 27018 SOC 2 CSA CCM MPAA SOC 1 PCI-DSS Shared Assessments ISO/IEC 27001 SOC 3 Compliance in the Canada “We encourage innovation and we are excited to be taking advantage of the newly opened Microsoft Canadian datacenter where we will begin moving more than 35,000 users to the Microsoft Canadian cloud over the coming years.” Labi Kousoulis Minister Internal Services Province of Nova Scotia “Azure meets stringent government compliance requirements. It provides the same security levels that used to require having servers behind a DMZ [demilitarized zone], which is kind of revolutionary. Microsoft Canadian datacenters further help us serve customers who felt they were blocked from the cloud due to data residency requirements.” Jeff Parsons EVP of Global Business azzimov “Microsoft Azure cloud gives us the high-performance infrastructure we need to handle major fluctuations in traffic and demand for a majority of our media websites and we get all of the compute capacity we need, when we need it, and only pay for what we use.” Richard Roy Vice President of IT and CTO Quebecor For updated compliance information visit the Microsoft Trust Center

23 Azure regions in EuropeGlobal offerings Europe Data replication occurs; between two datacenter regions within the Europe geography Complies with EU model clauses 2010/87/EU Microsoft was the first hyperscale cloud service provider to receive Spain's Esquema Nacional de Seguridad (National Security Framework) certification United Kingdom Customer data is stored within the UK with most Azure services, enabling customers to address most local data residency requirements* Open to all public cloud users Azure regions can be selected, including access to WW regions Sovereign cloud offerings Microsoft Cloud Germany Built to specifically to address unique German data access requirements A physically and logically separate instance of Microsoft Azure, Office 365, and Dynamics CRM Online available to all customers and partners in EU/EFTA A dedicated network within Germany datacenters, independent from the public cloud network A German Data Trustee (provided by T-systems) controls physical and logical access to customer data A commitment that all customer data and required supporting systems reside in German datacenters West Europe Germany Northeast Germany Central United Kingdom West United Kingdom South North Europe *For updated compliance information visit the Microsoft Trust Center. For data residency details, see

24 Making the right choice in EuropeCDS ISO/IEC 27018 SOC 2 CSA CCM MPAA SOC 1 ENSIA IAF PCI-DSS Shared Assessments ISO/IEC 27001 SOC 3 EU Model Clauses Spain ENS UK G-cloud FACT Compliance in the Europe Regional Compliance “With the increase in the volume and velocity of data that we’re looking at, Microsoft Azure IoT Suite has a key part to play in our ability to reliably aggregate data across our customers’ fleets.” Nick Farrant Senior Enterprise Architect Data Services Rolls-Royce For updated compliance information visit the Microsoft Trust Center

25 Azure regions can be selected, including access to WW regionsAzure regions in Asia Global offerings Asia Data replication occurs; between two datacenter regions within the Asia Pacific geography Achieved MTCS T3 Open to all public cloud users South Korea** New datacenter announced May 2016, not yet operational Customer data will be stored within South Korea with most Azure services, with the goal of meeting the requirements of the Korean Cloud Computing Related Regulation and Standards, such as Cloud Computing Act and Data Protection Standards for Cloud Computing Services* Will be open to all public cloud users Japan Data replication occurs within Japan for business continuity Customer data is stored within Japan with most Azure services, enabling customers to address most local data residency requirements* Microsoft has been accredited by JASA on Cloud Security Mark Gold, while meeting requirements from FISC and My Number Act Azure regions can be selected, including access to WW regions Sovereign offerings Microsoft Cloud China A dedicated network within China, independent from the public Azure network Azure in China is operated by 21Vianet, one of the leading IDC service providers in China Microsoft Azure is certified by the China Electronics Standardization Institute as compliant with GB 18030, the encoding standard mandated by the Chinese government for the Chinese ideographic character set Adheres to Multi-Level Protection Scheme, a Chinese state cloud security standard issued by the Ministry of Public Passed the Trusted Cloud Service certification developed by the Data Center Alliance and tested by the China Academy of Information and Communications Technology. Japan East Southeast Asia Japan West East Asia China West* China East* Korea South Korea Central *For updated compliance information visit the Microsoft Trust Center. For data residency details, see **South Korea datacenters have been announced but are not yet operational

26 Making the right choice in AsiaCompliance in Asia Regional Compliance CDS ISO/IEC 27018 SOC 2 CSA CCM MPAA SOC 1 PCI-DSS Shared Assessments ISO/IEC 27001 SOC 3 China TRUCS China MLPS China GB 18030 Japan My Number Act FISC CS Mark (Gold) MTCS “The ultimate goal of driving innovation through cloud services is to reduce the total cost in business operation and maximize IT efficiency to achieve business agility. I believe that the expansion of the Microsoft Cloud in Korea will create big momentum for many Korean companies to very actively adopt cloud services.” Chan Park Chief Technology Officer (CTO), JYP Entertainment "The core of cloud service is security. Microsoft Azure is perceived as the trusted cloud service as it has numerous certifications from many international organizations. I hope the Microsoft announcement today provides Korea with an opportunity to increase awareness of the need for security in cloud services.” Chun Shik Park Professor of Information Security of Seoul Women’s University and the former Chairman, KIISC (Korea Institute of Information Security and Cryptology) “The Korea data center news shows us the clear evidence that the Microsoft Azure responds actively to market needs. The announcement that Microsoft’s investment in data center in Korea is very meaningful in the sense that Microsoft has a strong vision in Korea, a clear leader in the global gaming industry.” Taeyoung Kim CEO of WEBZEN For updated compliance information visit the Microsoft Trust Center

27 Azure regions can be selected, including access to WW regions12/19/2017 Azure regions in India Global offerings Asia Data replication occurs between two datacenter regions within the Asia Pacific geography Achieved MTCS T3 Open to all public cloud users India Data replication occurs within India for business continuity Customer data is stored within India with most Azure services, enabling customers to address most local data residency requirements* India datacenter infrastructure and facilities operations have been independently certified under ISO 27001, SOC 1, SOC 2, SOC 3 as well as PCI DSS 3.0 India billing address is required for use Azure regions can be selected, including access to WW regions South India Central India West India *For updated compliance information visit the Microsoft Trust Center. For data residency details, see © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

28 Making the right choice in IndiaRegional Compliance CDS ISO/IEC 27018 SOC 2 CSA CCM MPAA SOC 1 PCI-DSS Shared Assessments ISO/IEC 27001 SOC 3 “Data residency has been key concern of industry globally due to security and compliance reasons. Having option of data residing within india and even having BCP option, opens completely new possibilities for the enterprises which were reluctant so far. This also helps regulated businesses to use hosted solutions which was not as easy earlier.” Dhiren Savla Chief Information Officers, VFS Global “The launch of Microsoft’s Dynamics CRM Online in India is fantastic news! India is a hub to the operations of global companies like ours. And of course, India is fast emerging as a market for next generation companies. The availability of in- country storage and processing infrastructure will offer better performance, redundancy, security, and compliance. This will spur greater adoption of cloud based services across the enterprise software landscape that is shaping the new Digital India - enabling businesses to offer differentiated user experiences and new opportunities for growth at optimal cost.” Deepak Padaki Senior Vice President Strategy & Chief Risk Officer, Infosys Limited “Especially for us at Cloud Nine, with clinical and non-clinical information residing as part of the CRM across landscapes, data residency and replication and the speed of fetch will greatly improve the user experience and further enable a drive towards greater engagement.” Mr. Rohit Managing Director at Cloud Nine Hospitals For updated compliance information visit the Microsoft Trust Center

29 Azure regions in AustraliaGlobal offerings Asia Data replication occurs between two datacenter regions within the Asia Pacific geography Achieved MTCS T3 Open to all public cloud users Australia Data replication occurs within Australia for business continuity Customer data is stored within Australia with most Azure services, enabling customers to address most local data residency requirements, including Australian government Certified Cloud Services List* To assist agencies, Microsoft New Zealand has produced a series of documents showing how its enterprise cloud services address the questions in “Cloud Computing ISPC” by linking them to the standards against which Microsoft cloud services are certified Australia billing address is required for use Azure regions can be selected, including access to WW regions Australia Southeast Australia East For updated compliance information visit the Microsoft Trust Center. For data residency details, see

30 Making the right choice in AustraliaCompliance in Australia Regional Compliance CDS ISO/IEC 27018 SOC 2 CSA CCM MPAA SOC 1 PCI-DSS Shared Assessments ISO/IEC 27001 SOC 3 Irap NZCC Framework “Australian Government has adopted a cloud-first policy so they can subscribe to a solution and turn it on and off as they need to help manage costs. For us, we’ve got one platform we can manage and control. That’s more efficient, and we can pass those savings and efficiencies on to our customers.” Andre Pinkowski Technical Director and Co- Founder, Single Cell For updated compliance information visit the Microsoft Trust Center

31 Azure regions in BrazilGlobal offerings There is one Azure region in Brazil; customer data in Brazil South may be replicated to South Central US for disaster recovery purposes Open to all public cloud users Azure regions can be selected, including access to WW regions Brazil South For updated compliance information visit the Microsoft Trust Center. For data residency details, see

32 Making the right choice in South AmericaCompliance in the South America Regional Compliance CDS ISO/IEC 27018 SOC 2 CSA CCM MPAA SOC 1 PCI-DSS Shared Assessments ISO/IEC 27001 SOC 3 Argentina PDPA For updated compliance information visit the Microsoft Trust Center

33 12/19/2017 © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.