// Trust & Security Report

    Microsoft logo

    Microsoft

    Azure Health Bot / Healthcare Agent Service

    Certifications held

    12

    Maturity

    Enterprise

    Trains on your data

    No

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    HIPAA / HITECH
    HELD

    The healthcare agent service is HIPAA-ready and has also the following list of certification... [including HITRUST, ISO 27001:2013, SOC 2 Type 2, GDPR Compliant]

    Verify on learn.microsoft.com
    ISO 27001:2013
    HELD

    ISO 27001:2013

    Verify on learn.microsoft.com
    ISO 27017:2015
    HELD

    ISO 27017:2015

    Verify on learn.microsoft.com
    ISO 27018:2014
    HELD

    ISO 27018, and CSA Gold certified

    Verify on microsoft.com
    SOC 1 Type 2
    HELD

    SOC 1 Type 2

    Verify on learn.microsoft.com
    SOC 2 Type 2
    HELD

    SOC 2 Type 2

    Verify on learn.microsoft.com
    SOC 3
    HELD

    SOC 3

    Verify on learn.microsoft.com
    HITRUST CSF
    HELD

    HITRUST

    Verify on learn.microsoft.com
    CSA STAR Attestation
    HELD

    CSA STAR Attestation

    Verify on learn.microsoft.com
    CSA STAR Certification
    HELD

    CSA STAR Certification

    Verify on learn.microsoft.com
    GDPR
    HELD

    GDPR Compliant

    Verify on learn.microsoft.com
    FedRAMP
    HELD

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Offered

    Data region

    Global Azure regions. EU Data Boundary commitment for European customers. Local data residency available in Europe and India regions for Azure Bot Service.

    Microsoft has publicly committed that customer data in Azure commercial services is not used to train foundational AI models without the customer's permission. This was confirmed by Microsoft in 2024: 'Microsoft does not use customer data from Microsoft 365 consumer and commercial applications to train foundational large language models.' The Microsoft Products and Services Data Protection Addendum (DPA) governs data processing and is publicly available. Azure Health Bot stores conversation data in Azure Storage and Cosmos DB, encrypted at rest and in transit; encryption keys are managed by Microsoft and rotated periodically.

    // Security controls

    Encryption at rest

    All customer data stored in Azure Storage and Azure Cosmos DB is always encrypted at rest. Encryption keys managed by Microsoft and rotated periodically.

    learn.microsoft.com

    Encryption in transit

    All incoming and outgoing data connections use HTTPS only; data in transit is always encrypted.

    learn.microsoft.com

    Bug bounty

    Microsoft Security Response Center (MSRC) runs a proprietary bug bounty program at https://www.microsoft.com/en-us/msrc/bounty-microsoft-azure. Azure services listed on azure.microsoft.com/services are in-scope. Rewards range from $1,250 to $60,000 USD for Critical/Important severity findings. Not hosted on HackerOne or Bugcrowd.

    microsoft.com

    Penetration testing policy

    Microsoft publishes Security Testing Rules of Engagement for security researchers and customers performing testing against Microsoft Online Assets.

    microsoft.com

    Healthcare Safeguards

    All AI-generated outputs pass through Healthcare Safeguards: evidence detection, provenance tracking, clinical code validation, clear disclaimer, evidence attribution, feedback mechanisms, and abuse monitoring.

    learn.microsoft.com

    Audit trails

    Built-in compliance constructs including end-user consent collection, data retention policies, audit trails, and conversation timeout.

    microsoft.com

    MSRC vulnerability disclosure

    Known vulnerabilities in Azure Health Bot (including SSRF/tenant isolation issues) were disclosed in 2024 and patched by Microsoft. MSRC maintains the responsible disclosure process.

    hipaajournal.com

    // Products & data scope

    Azure Health Bot - Free (F0) TierHealthcare AI chatbot

    data: Development and evaluation use only. Full HIPAA/ISO compliance framework applies. Not recommended for production patient data.

    No charge. Intended for prototyping. Same Azure infrastructure as paid tiers.

    Azure Health Bot / Healthcare Agent Service - Agent (C1) TierHealthcare AI chatbot / Generative AI healthcare copilot (enterprise)

    data: Full enterprise data scope. HIPAA BAA available via Microsoft. Supports Generative AI with customer data grounding via Azure AI Search. PHI can be processed under BAA. Data stored in Azure Storage and Cosmos DB, encrypted at rest and in transit.

    Pay-as-you-go at $0.01 per Action. Launched November 2025, replacing deprecated S1 Standard tier. Supports GPT-powered orchestration, triage, appointment scheduling, custom scenarios.

    Azure Health Bot - Legacy Standard (S1) TierHealthcare AI chatbot (rule-based, no GenAI)

    data: Same HIPAA/compliance posture as C1. No Generative AI features. Deprecated as of November 2025 for new instances.

    Existing S1 customers can remain; no new S1 instances allowed. $500/month fixed fee plus consumption.

    // What to watch

    • Medical Device Disclaimer: Azure Health Bot is explicitly NOT a medical device and must not be used as one. The customer bears sole legal responsibility for any medical-device use.
    • Multitenant architecture: The healthcare agent service is described as a multitenant cloud platform. Data isolation between tenants is enforced but the service is not single-tenant by default.
    • Known 2024 vulnerability: Security researchers disclosed SSRF and tenant isolation vulnerabilities in the Azure Health Bot Service in 2024. Microsoft patched them. No ongoing concern, but relevant for regulated procurement.
    • HIPAA BAA is a customer-initiated agreement with Microsoft, not automatically applied. Healthcare organizations must ensure BAA is in place before processing PHI.

    // At a glance

    Pricing model

    Freemium + Pay-as-you-go (PAYGO). Free F0 tier for development. C1 production tier at $0.01 per Action (e.g., $0.01 classic message, $0.05 credible source response, $0.18 triage session).

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Microsoft's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    microsoft.com

    > Browse all vendor trust reports