Microsoft Azure updated its privacy policy on April 19, 2026, making several changes to how it handles your data and communicates with you. The company added language stating it may contact you by phone using automated dialers and AI-generated voices if you consent to marketing communications. It also simplified and reorganized its data retention section, clarifying that it keeps your data while you use its services and for business, legal, and security purposes, but removed some specific examples and details about how long it retains different types of information.
Microsoft now discloses that it may contact you by phone for marketing using automated dialers and AI-generated voices if you have consented to marketing communications, which represents a new disclosure of contact method and technology type. The company has also reorganized its data retention policy to state it retains data for broader business purposes including improving products and protecting systems, while removing previous specific examples and retention criteria, making it less clear exactly how long specific types of your data will be kept. You should review your consent settings for marketing communications and verify what contact methods you have authorized, particularly if you have concerns about automated or AI-generated calls.
Microsoft disclosed a new marketing contact method (AI-generated voice calls) that consumers may not expect, requiring them to verify their consent preferences. Simultaneously, the company made its data retention commitments less specific and more operationally broad, which reduces consumer clarity about how long their data is kept and may complicate vendor compliance verification.
→ Review your Microsoft account consent settings for marketing communications and verify what contact methods (phone, email, SMS) you have authorized
→ Check your phone call settings and preferences if you want to opt out of or restrict automated marketing calls
→ You may receive marketing calls generated using AI and automated dialers if you previously consented to marketing contact but did not restrict the contact method
→ You will have less visibility into exactly how long Microsoft retains specific categories of your data, making it harder to predict when information will be deleted
This is the 2nd significant Retention Change change Microsoft Azure has made since ConductAtlas began monitoring.
ConductAtlas has recorded 3 material changes to this document over 43 days of monitoring (since March 2026). An additional minor or cosmetic changes were excluded.
2 of Microsoft Azure's significant changes have been classified as negative for consumers.
Added explicit authorization to contact users by phone using auto-dialer and AI-generated voices if they have consented to marketing communications.
Removed specific retention criteria and examples; replaced with broader justifications including business operation, product improvement, and security, reducing operational transparency on retention timelines.
This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology
The company tells you it might call you with robot voices for marketing, but only if you already agreed to marketing contact.
The company gave fewer details about exactly how long it keeps different types of your data, making it harder to understand your data timeline.
+ 1 more obligation changes. Full breakdown available with Watcher.
Track changes →Microsoft Azure modified its privacy statement in two material ways: it added disclosure of AI-generated voice marketing calls (contingent on prior consent) and restructured its data retention section to emphasize business operation and security purposes while removing specific retention criteria and examples. The first change may trigger marketing call regulation review (TCPA in the US, PECR in the UK, or similar frameworks depending on jurisdiction). The second change broadens the stated retention rationale while reducing operational specificity, which may complicate compliance verification and transparency obligations under GDPR Article 5(1)(e) and similar retention principles. Organizations that have Microsoft as a data processor should consider whether the reorganized retention language adequately demonstrates compliance with their own retention policies and DPA obligations.
GDPR (Articles 5, 6, 21), CCPA (California), PECR (UK marketing calls), TCPA (US automated calls), similar state and EU marketing and call regulations
Full compliance analysis
Obligation analysis, escalation trigger, board language, and recommended action.
Watcher: regulatory citations + obligations. Professional: full compliance memo.
ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-001093.
See the full side-by-side comparison of every sentence added, removed, and modified.
🔒 Full diff — WatcherMicrosoft revised how it explains data retention. Previously, the policy listed specific criteria for deciding how long to keep data, …
Microsoft Azure's privacy policy now discloses that if you consent to receive marketing communications via phone, the company may contact …
Microsoft updated its data retention policy on March 6, 2026, to provide more specific guidance on how long it keeps …
Get alerted when this policy changes again — including what changed and why it matters.
Prefer a weekly summary instead?
Get the biggest policy changes across 320+ platforms every Sunday.