UC IT Sourcing Committee (ITSC)
Microsoft Azure deployment guidance
Microsoft Azure represents a number of cloud services, most of which are Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) providing virtual computers and storage in the cloud, among other services. This service is much like Amazon Web Services, but has a different pricing structure and provides additional tools that provide integration advantages for Microsoft environments.
The UC has a HIPAA business associate agreement with Microsoft for Azure. Azure has a unique price structure requiring a campus to set a monetary commitment prior to the beginning of their annual enrollment period. See the cost section for more details.
- Microsoft requires an annual minimum pre-payment to establish an account.
- Azure requires location-wide coordination due to the administrative structure.
- Each location must establish a process to establish accounts to its users.
- Each account holder (there can be many accounts on a campus) must specify the region (e.g. U.S., EU, etc.) where the compute and storage should be located. Microsoft will not move the data from the region selected.
Sensitive data guidance
|Data Type||Data Use Guidance||Comments|
|Credit Card (PCI-DSS)||Not permitted||No PCI addendum to agreement.|
|Export Control||Consult||Consult with location export control officer.|
|Electronic Protected Health Information (ePHI) subject to HIPAA||Consult||HIPAA BAA in place, consult with data proprietor and appropriate UC location (e.g. privacy official, information security, compliance officer). View a list of Azure services covered by the BAA.|
|Human Subject Research||Consult||Consult with data proprietor and UC location office of research.|
|Intellectual Property||Consult||Consult with data proprietor and appropriate UC location authority (e.g. tech transfer, office of research, campus counsel).|
|IT Security Information
(e.g. administrative passwords, network diagrams)
|Permitted||When appropriately configured.|
|Other Sensitive Institutional Info
(e.g. Fundraising, Attorney/Client Privileges)
|Consult||Consult with data proprietor and appropriate UC location authority (e.g. privacy official, development office, campus counsel, information security officer).|
|Personally Identifiable Information (PII)
Tied to state notification breach laws, Login credentials, SSN, Drivers license
|Consult||Consult with data proprietor and appropriate UC location authority (e.g. privacy official, campus counsel, information security officer).|
AnimalGeneral (non-Humanoid Subject Research)
|Permitted||Consult with data proprietor and UC location office of research.|
|Student Education Records (FERPA)||Permitted||Excluding student health records.|
UC location responsibilities
These are the contractual responsibilities of each UC location as they establish the service. These responsibilities must be met for the contract to remain in effect.
- Each location must specify a subscription term for Azure, between 12-36 months, which serves as its enrollment period. The per unit costs for each account at your location is fixed during the enrollment period.
- Each location must specify a pre-paid balance to be used over each annual term. An invoice for the entire amount will be given at the beginning of the period.
- As the account uses Azure services, the cost will be deducted from the committed funds each month. If there is any unused portion leftover at the end of the period, it will be forfeit.
- After the expiration or termination of services, the campus must remove its data or contact Microsoft to hold it for 90 days.
- Each UC user must specify the region where data should be hosted (e.g. United States).
- Available 24/7 with limited exceptions for planned downtime. View Azure Status Dashboard.
- Microsoft may only use your data to provide the service. They are not allowed to mine UC data.
- Microsoft will not transfer UC data outside the region specified by the UC user (e.g. United States), but may transfer it within the US for backup or support purposes.
- Microsoft will “promptly notify” the UC of any security incidents that cause unlawful access to UC data.
Procurement Services contacts
View a ist of contacts for each campus.
- Azure account holders must determine their annual pre-paid commitment amount before their enrollment period that sets the campus-wide target spend level for Azure.
- Consult with location procurement or Microsoft representative for pricing.
- The pre-paid commitment is invoiced at the beginning of the period.
- After each annual pre-paid balance is exhausted, accounts will switch to automatic quarterly billing based upon actual usage.
- If the entire pre-paid commitment is not spent at the end of the period, it is forfeited.
- Pricing will not increase during a term, but may decrease. To achieve a longer term price cap, give due consideration to establishing a 36 month term.
- An extension order must be placed prior to the expiration of the initial 12-36 month term.
- Department must pro-actively deactivate use of the services in order to stop incurring charges.
Link to contract
UC location links and contacts for this service
Visit the website or contact the individuals below for more information about this service at your location.
|UC Merced||UC Merced Procurement|
|UC Santa Cruz|
|UC Santa Barbara|
|UC San Diego||Cloud and Web Services (firstname.lastname@example.org)|
|UC San Francisco|
|Lawrence Berkeley National Labs|
|Division of Ag & Natural Resources||Gabriel Youtsey|