UCLA Allowable Data Use - Microsoft Azure Online Services

UCLA faculty and staff use of the cloud computing services available via the UC-wide Microsoft Azure Online Services agreement must comply with applicable University policies, notably policies relating to the protection of University data and the UC Electronic Communications Policy. This includes the data use requirements in the table below, which are based on the UCLA Data Classification Standard and University-negotiated agreements established to help safeguard information about individuals and other confidential information for which the campus is a steward.

Always employ due care when processing, transmitting, or storing sensitive information. Violation of these data use policies may result in disciplinary action up to and including termination.

Contact IT Services Client Support at clientsupport@it.ucla.edu if the data you have is listed in the middle (yellow) column below, if you have data that does not appear in the table, or if you have any other data use questions.

Table 1. Data use requirements for Microsoft Azure Online Services

Permitted

Contact Client Support

Prohibited

  • Any information already publicly available 
  • Student records not related to health 
  • Personnel records
  • Individuals’ health information (Only for Azure Services listed in footnote 1 below)1
  • Data relating to human subjects or animal research 
  • Export controlled data3
  • Use of 3rd-party apps4
  • Sensitive information not about individuals
  • Storage of MedNet AD, EM AD, and all other logon passwords (except UCLA Logon and OASIS Logon)
  • Storage of UCLA Logon and OASIS Logon passwords 
  • Individuals’ health information (Only for Azure Services listed in footnote 2 below)2
  • Social Security numbers 
  • Drivers license and CA identification numbers
  • Credit card data

 

A Business Associate Agreement (BAA) is in place between UC and Microsoft, but it currently only covers a subset of available Azure Online Services: Active Directory, Advisor, API Management, Application Insights, Automation, BizTalk Services, Cognitive Services, Cloud Services (Web and Worker Roles), Databricks, DevOps (formerly VSTS), DevTest Labs, Information Protection, Key Vault, Kubernetes Service (AKS), Log Analytics, Media Services, Microsoft Azure Portal, Mobile Services, Monitor, Multi-Factor Authentication, Power BI Embedded, Resource Manager, Rights Management Service, Scheduler, Security Center, Service Bus, SQL Database, Storage (Blobs, Tables, Queues), Traffic Manager, Virtual Machines (including with SQL Server), Virtual Network and Websites.
2 The following Azure Online Services are not currently covered under the Business Associate Agreement (BAA) in place between UC and Microsoft, so may not be used to process, transmit, or store individuals' health information: Backup, Cache, CDN, Event Hubs, ExpressRoute, HDInsight, Machine Learning, Notification Hubs, Azure RemoteApp, Site Recovery and Visual Studio Online.
For more information regarding export control regulation at UCLA, see: http://ora.research.ucla.edu/RPC/Pages/nsreg.aspx
4 The UC Microsoft Azure Online Services agreement does not cover third party applications or software that may be designed to run on or otherwise interface with Azure.

Logon to the Software Central Store to access the terms and conditions of the UC Microsoft Azure Online Services Agreement and the UC Microsoft HIPAA BAA Agreement. (valid UCLA logon required)

Follow this link for instructions on How to Establish a Microsoft Azure Online Account at UCLA

Follow this link to view the UCLA Microsoft Azure Online Services Review PowerPoint Presentation

Gartner has published research regarding Microsoft Azure that may be helpful. This research is available to UCLA faculty and staff at no cost under UCLA’s Gartner membership. To access this research, go to UCLA’s Gartner Research Portal, log in with your UCLA credentials and search for:
Microsoft Azure: In-Depth Assessment (G00263763)
Blueprint for Architecting Web Application Availability at Microsoft Azure (G00265214)