Skip to content

Update technical-faq.yml#366

Open
akirayuppie wants to merge 4 commits into
MicrosoftDocs:publicfrom
akirayuppie:patch-2
Open

Update technical-faq.yml#366
akirayuppie wants to merge 4 commits into
MicrosoftDocs:publicfrom
akirayuppie:patch-2

Conversation

@akirayuppie

Copy link
Copy Markdown

This FAQ addition addresses a common question from Japanese enterprise customers regarding compliance with the Act on the Protection of Personal Information (APPI) in the context of Microsoft Defender for Identity (MDI). Specifically, it clarifies whether end-user consent is required for overseas data transfer when using MDI.

Justification and Accuracy:
The content has been carefully reviewed against official guidance from Japan’s Personal Information Protection Commission (PPC), particularly Q&A 12-3, as well as legal commentaries. According to the PPC and current legal interpretations, providing personal data to Microsoft as part of using MDI is classified as “outsourcing” rather than a “provision to a third party in a foreign country.” Therefore, explicit end-user consent for cross-border data transfer is not required, as long as the proper contractual and supervisory safeguards are in place.

This clarification is important for legal compliance and customer assurance. The FAQ content accurately reflects the current legal requirements and aligns with both Japanese government guidance and Microsoft’s standard contractual obligations.

This FAQ addition addresses a common question from Japanese enterprise customers regarding compliance with the Act on the Protection of Personal Information (APPI) in the context of Microsoft Defender for Identity (MDI). Specifically, it clarifies whether end-user consent is required for overseas data transfer when using MDI.

Justification and Accuracy:
The content has been carefully reviewed against official guidance from Japan’s Personal Information Protection Commission (PPC), particularly Q&A 12-3, as well as legal commentaries. According to the PPC and current legal interpretations, providing personal data to Microsoft as part of using MDI is classified as “outsourcing” rather than a “provision to a third party in a foreign country.” Therefore, explicit end-user consent for cross-border data transfer is not required, as long as the proper contractual and supervisory safeguards are in place.

This clarification is important for legal compliance and customer assurance. The FAQ content accurately reflects the current legal requirements and aligns with both Japanese government guidance and Microsoft’s standard contractual obligations.
@learn-build-service-prod

Copy link
Copy Markdown
Contributor

Learn Build status updates of commit a4e9b6c:

✅ Validation status: passed

File Status Preview URL Details
defender-for-identity/technical-faq.yml ✅Succeeded

For more details, please refer to the build report.

@akirayuppie

akirayuppie commented Oct 10, 2025

Copy link
Copy Markdown
Author

The fact has been reviewed by CELA. @Dansimp may I ask review and merge please?

@learn-build-service-prod

Copy link
Copy Markdown
Contributor

Learn Build status updates of commit b52cc25:

✅ Validation status: passed

File Status Preview URL Details
defender-for-identity/technical-faq.yml ✅Succeeded

For more details, please refer to the build report.

@learn-build-service-prod

Copy link
Copy Markdown
Contributor

Learn Build status updates of commit 9d7fc09:

✅ Validation status: passed

File Status Preview URL Details
defender-for-identity/technical-faq.yml ✅Succeeded

For more details, please refer to the build report.

@akirayuppie

Copy link
Copy Markdown
Author

@DebLanger may I ask please have a look at and make it publish?
The fact was came from CELA so this is surely true.

@prmerger-automator

Copy link
Copy Markdown
Contributor

@akirayuppie : Thanks for your contribution! The author(s) and reviewer(s) have been notified to review your proposed change.

@prmerger-automator

Copy link
Copy Markdown
Contributor

@akirayuppie : Thanks for your contribution! The author(s) and reviewer(s) have been notified to review your proposed change.

@learn-build-service-prod

Copy link
Copy Markdown
Contributor

Learn Build status updates of commit 597f1b0:

✅ Validation status: passed

File Status Preview URL Details
defender-for-identity/technical-faq.yml ✅Succeeded

For more details, please refer to the build report.

@prmerger-automator

Copy link
Copy Markdown
Contributor

PRMerger Results

Issue Description
Yaml File(s) This PR includes changes to .yml file(s) owned by another author.
GDPR Content(s) PR references GDPR and must be human reviewed to ensure appropriate guidelines are followed.

@ShannonLeavitt

Copy link
Copy Markdown
Contributor

@AbbyMSFT

Could you review the proposed changes?

IMPORTANT: When the changes are ready for publication, adding an approval and a #sign-off comment is the best way to signal that the PR is ready for the review team to merge.

#label:"aq-pr-triaged"
@MicrosoftDocs/public-repo-pr-review-team

@prmerger-automator prmerger-automator Bot added the aq-pr-triaged Tracking label for the vendor PR Review team label Jul 2, 2026
@prmerger-automator

Copy link
Copy Markdown
Contributor

@akirayuppie : Thanks for your contribution! The author(s) and reviewer(s) have been notified to review your proposed change.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds a new entry to the Microsoft Defender for Identity technical FAQ to address a Japan-specific APPI compliance question about whether end-user consent is required for cross-border data transfer when using MDI.

Changes:

  • Added a new “Licensing and privacy” FAQ Q&A covering APPI overseas transfer consent considerations for MDI.

Comment on lines +90 to +92
- question: When using Microsoft Defender for Identity (MDI), is end-user consent required for overseas data transfer under Japan’s Act on the Protection of Personal Information (APPI)?
answer: |
No, end-user consent is not required. Providing personal data to MDI constitutes “outsourcing” rather than a “provision to a third party in a foreign country” under the APPI. Therefore, explicit end-user consent for cross-border data transfer is not necessary.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants