Microsoft has adopted the International Organization for Standardization and International Electrotechnical Commission’s standard 27018 for their cloud offerings. That is a big step in setting a uniform, international approach for protecting the privacy of data stored in the cloud.
“ISO/IEC 27018:2014 establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information (PII) in accordance with the privacy principles in ISO/IEC 29100 for the public cloud computing environment.”
Azure is the first cloud platform which adopted the ISO 27018 set of privacy controls. Office 365, Dynamics CRM Online and Microsoft Intune have also adopted the standard for protecting customer’s privacy. There are defined regulations for transmitting data over public networks, data storage and strict processes for data recovery.
You can see here all security certifications related to Office 365 and Microsoft Dynamics CRM Online.