Azure BAA Execution Verification

Posted by StephenY45

Solved

We are looking to implement Azure AD in our environment. Part of our prep work for this project is ensuring that the BAA for Azure services is executed – and being able to provide evidence to support that to auditors. We recently took over our domain on Azure and I’m trying to find any kind of reference to it in the portal but so far I’m striking out.

I know that the BAA itself actually exists – I just cant find anything that explicitly says ‘the BAA was effective on xx/yy/zz’. Does anyone have any idea where I might be able to find that kind of evidence? Either in the Azure Portal or through some other MS endpoint?

local_offer Tagged Items
microsoft
Microsoft Azurestar4.3

Spice (4) Reply (4)

StephenY45

pimiento

Enter to win a

Contest ends 2022-08-31 Contest Details View all contests

check Best Answer

DragonsRule

pure capsaicin

checkBest Answer

I think this has it:

https://docs.microsoft.com/en-us/azure/compliance/offerings/offering-hipaa-us

Text

For Microsoft-responsible controls, we provide extra audit result details based on third-party attestations and our control implementation details to achieve that compliance. Each HIPAA/HITRUST control is associated with one or more Azure Policy definitions.

flagReport

1 found this helpful thumb_up thumb_down

View Best Answer in replies below

4 Replies

DragonsRule

This person is a verified professional.

Verify your account to enable IT peers to see that you are a professional.

pure capsaicin

checkBest Answer
I think this has it:
https://docs.microsoft.com/en-us/azure/compliance/offerings/offering-hipaa-us
Text

For Microsoft-responsible controls, we provide extra audit result details based on third-party attestations and our control implementation details to achieve that compliance. Each HIPAA/HITRUST control is associated with one or more Azure Policy definitions.
flagReport
1 found this helpful thumb_up thumb_down
OP StephenY45

pimiento

Thanks, we saw that too but were just not sure if its adequate.
Apparently AWS has a page that specifically says "BAA was effective on date .....". Thats what auditors accepted in the past, so I guess what we need to figure out is if we are looking for something like that, or with Microsoft, if its just a matter of saying we accepted the volume licensing agreement, we accepted the terms and condition - hence the BAA is executed.

Spice (1) flagReport
Was this post helpful? thumb_up thumb_down
BenoitT

This person is a verified professional.

Verify your account to enable IT peers to see that you are a professional.

chipotle

My understanding is that it's referred to as an "implied BAA"
In short, whoever asks, tell them you're on 365.

flagReport
2 found this helpful thumb_up thumb_down
OP StephenY45

pimiento

Thanks Guys,
We are likely just going to ask the auditors what they've required from other companies running azure.

flagReport
1 found this helpful thumb_up thumb_down

Read these next...

Training for HelpDesk/Support Tech
IT & Tech Careers
I'd like to find online self-paced training for a new hire on the helpdesk. Networking fundamentals, Windows 10, AD, DHCP and DNS...those sorts of things. Something that will prep them for working up to administering SCCM/MEPM/Intune or whatever it's call...
Dall·E 2 + SpiceRex: How I told AI to generate impressive orange T-Rex art
Water Cooler
A couple of months ago, I signed up for early access to Dall·E 2, a powerful technology used by humans to create impressive (often very artistic) computer-generated images, by simply providing a text-based description of the desired output.The Dall·E 2 i...
Snap! Cisco data breach, ÆPIC, SQUIP, FCC cancels Starlink funding, Jared Mauch
Spiceworks Originals
Your daily dose of tech news, in brief. While not a holiday, today is the Woz's birthday; happy 72nd birthday, Steve Wozniak! You need to hear this. Cisco admits corporate network compromised by gang with links to Lapsus$ This one has defi...
Why do I receive the same email again and again? outlook 365
Software
2 months now we are receiving a non stop email forward loop. Receiving the same email again and again. Happened 3 times in 2 months. i have noticed it happens on email accounts that are seen/managed by multiple users. We are using office 365. The solution...
What's Your Account Termination Process? (Office 365)
Cloud Computing & SaaS
Hey Spiceheads,I've recently found that the account termination process has many steps in Office 365 depending on what the account is. When a client terminates an employee, we immediately Block Sign-In:This gives us time to plan out the next steps or send...

Azure BAA Execution Verification

Enter to win a

4 Replies

Read these next...

Training for HelpDesk/Support Tech

Dall·E 2 + SpiceRex: How I told AI to generate impressive orange T-Rex art

Snap! Cisco data breach, ÆPIC, SQUIP, FCC cancels Starlink funding, Jared Mauch

Why do I receive the same email again and again? outlook 365

What's Your Account Termination Process? (Office 365)