Data Privacy and Residency
How Azure SRE Agent handles your data.
Data storage
Your agent stores data in the same Azure region where you deploy it. Data does not leave your region unless you explicitly configure cross-region integrations.
| Data type | Where it's stored | Retention |
|---|---|---|
| Conversation threads | Your agent's Azure resource | Until you delete the thread or agent |
| Knowledge base documents | Azure Blob Storage + search index (in your subscription) | Until you remove the document |
| User memories | Your agent's data store | Until you use #forget to remove them |
| Session insights | Your agent's data store | Until you delete the agent |
| Telemetry | Your Application Insights resource | Per your App Insights retention settings |
AI model usage
- Your data is not used to train AI models. Azure SRE Agent uses enterprise-grade Azure AI services that follow strict data handling policies.
- Conversations and knowledge base content are processed by the model to generate responses but are not retained by the model provider for training.
- For details on Azure AI data handling, see the Microsoft privacy policy.
Encryption
All data is encrypted at rest and in transit using Azure's standard encryption:
| Layer | Encryption |
|---|---|
| At rest | Azure Storage Service Encryption (SSE) with Microsoft-managed keys |
| In transit | TLS 1.2+ for all API and portal communication |
| Application Insights | Encrypted per Azure Monitor standards |
Access controls
Your agent enforces access through multiple layers:
| Layer | How it works |
|---|---|
| Azure RBAC | Controls who can create, modify, and delete agent resources |
| Data-plane permissions | Granular per-operation permissions (read threads, write incidents, manage memory) |
| Managed identity | Controls what Azure resources your agent can access |
| Run modes | Controls whether your agent can take actions or only investigate |
See Permissions and User Roles for details.
Resources auto-provisioned
When you create an agent, these resources are automatically created in your resource group:
| Resource | Purpose |
|---|---|
| Application Insights | Agent telemetry and action logging |
| Log Analytics workspace | Backing store for Application Insights |
| Managed Identity | Agent authentication for Azure resource access |
You retain full control over these resources — you can configure retention, access policies, and diagnostic settings through the Azure Portal.
Related
| Resource | Description |
|---|---|
| Supported regions → | Azure regions where SRE Agent is available |
| Network requirements → | Firewall and network configuration |