// Trust & Security Report
Microsoft
Azure Health Bot / Healthcare Agent Service
Certifications held
12
Maturity
Enterprise
Trains on your data
No
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on learn.microsoft.com“The healthcare agent service is HIPAA-ready and has also the following list of certification... [including HITRUST, ISO 27001:2013, SOC 2 Type 2, GDPR Compliant]”
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Offered
Data region
Global Azure regions. EU Data Boundary commitment for European customers. Local data residency available in Europe and India regions for Azure Bot Service.
Microsoft has publicly committed that customer data in Azure commercial services is not used to train foundational AI models without the customer's permission. This was confirmed by Microsoft in 2024: 'Microsoft does not use customer data from Microsoft 365 consumer and commercial applications to train foundational large language models.' The Microsoft Products and Services Data Protection Addendum (DPA) governs data processing and is publicly available. Azure Health Bot stores conversation data in Azure Storage and Cosmos DB, encrypted at rest and in transit; encryption keys are managed by Microsoft and rotated periodically.
// Security controls
Encryption at rest
All customer data stored in Azure Storage and Azure Cosmos DB is always encrypted at rest. Encryption keys managed by Microsoft and rotated periodically.
learn.microsoft.comEncryption in transit
All incoming and outgoing data connections use HTTPS only; data in transit is always encrypted.
learn.microsoft.comBug bounty
Microsoft Security Response Center (MSRC) runs a proprietary bug bounty program at https://www.microsoft.com/en-us/msrc/bounty-microsoft-azure. Azure services listed on azure.microsoft.com/services are in-scope. Rewards range from $1,250 to $60,000 USD for Critical/Important severity findings. Not hosted on HackerOne or Bugcrowd.
microsoft.comPenetration testing policy
Microsoft publishes Security Testing Rules of Engagement for security researchers and customers performing testing against Microsoft Online Assets.
microsoft.comHealthcare Safeguards
All AI-generated outputs pass through Healthcare Safeguards: evidence detection, provenance tracking, clinical code validation, clear disclaimer, evidence attribution, feedback mechanisms, and abuse monitoring.
learn.microsoft.comAudit trails
Built-in compliance constructs including end-user consent collection, data retention policies, audit trails, and conversation timeout.
microsoft.comMSRC vulnerability disclosure
Known vulnerabilities in Azure Health Bot (including SSRF/tenant isolation issues) were disclosed in 2024 and patched by Microsoft. MSRC maintains the responsible disclosure process.
hipaajournal.com// Products & data scope
data: Development and evaluation use only. Full HIPAA/ISO compliance framework applies. Not recommended for production patient data.
No charge. Intended for prototyping. Same Azure infrastructure as paid tiers.
data: Full enterprise data scope. HIPAA BAA available via Microsoft. Supports Generative AI with customer data grounding via Azure AI Search. PHI can be processed under BAA. Data stored in Azure Storage and Cosmos DB, encrypted at rest and in transit.
Pay-as-you-go at $0.01 per Action. Launched November 2025, replacing deprecated S1 Standard tier. Supports GPT-powered orchestration, triage, appointment scheduling, custom scenarios.
data: Same HIPAA/compliance posture as C1. No Generative AI features. Deprecated as of November 2025 for new instances.
Existing S1 customers can remain; no new S1 instances allowed. $500/month fixed fee plus consumption.
// What to watch
- Medical Device Disclaimer: Azure Health Bot is explicitly NOT a medical device and must not be used as one. The customer bears sole legal responsibility for any medical-device use.
- Multitenant architecture: The healthcare agent service is described as a multitenant cloud platform. Data isolation between tenants is enforced but the service is not single-tenant by default.
- Known 2024 vulnerability: Security researchers disclosed SSRF and tenant isolation vulnerabilities in the Azure Health Bot Service in 2024. Microsoft patched them. No ongoing concern, but relevant for regulated procurement.
- HIPAA BAA is a customer-initiated agreement with Microsoft, not automatically applied. Healthcare organizations must ensure BAA is in place before processing PHI.
// At a glance
Pricing model
Freemium + Pay-as-you-go (PAYGO). Free F0 tier for development. C1 production tier at $0.01 per Action (e.g., $0.01 classic message, $0.05 credible source response, $0.18 triage session).
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Microsoft's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
microsoft.com