3

I'm looking at the list of covered services on https://www.microsoft.com/en-us/TrustCenter/Compliance/HIPAA and I don't see Azure Functions explicitly listed. Does Azure Functions fall under the umbrella of "App Service" and therefore covered?

Douglas Ludlow
  • 10,754
  • 6
  • 30
  • 54

2 Answers2

2

Azure Functions runs on the same App Service infrastructure and therefore enjoy the benefits of App Service. Azure Functions is different enough to justify its own certification process.

The team is going through the certification process and we expect it to end July 2017

Yochay Kiriaty
  • 85
  • 4
  • Thanks, it's nice to hear directly from the Azure team that they're definitely not covered but expected to be soon...and with an expected date and everything ;-) So will that separate certification also cover related "different enough" App Service offerings like Logic Apps and MS Flow, or will they require separate certifications as well? – rob3c Apr 11 '17 at 22:09
  • Flow and Logic Apps will require their on certification. – Yochay Kiriaty May 10 '17 at 14:03
  • It looks like both Azure Functions and Logic Apps are now covered according to the Microsoft Trust Center. Hopefully, Flow is in the queue to be covered soon, as well! – rob3c Jun 22 '17 at 20:57
1

Yes, Azure Functions, Web App, Api App, Logic Apps and Mobile Apps are part of App Service and they are covered. It seems that the team forgot to update this page, but I'll open an issue asking for that.

UPDATE

The team is working on the certification and the expected date is July 2017. More info: https://github.com/Azure/Azure-Functions/issues/221

Thiago Custodio
  • 17,332
  • 6
  • 45
  • 90
  • I'm no lawyer and this certainly isn't any kind of legal advice, but unless you have some inside unpublished info, I'm not sure I'd jump to that conclusion so quickly. The AF github repo issue you linked in your comment still has no confirmation as of 4/11/2017, and it looked to me like the language on the Trust Center link specifies exactly which parts of App Service are currently covered rather than globally covering all of it. It'd be nice if it were all covered - and it may be eventually - but there may also be reasons why it's not listed yet besides forgetting to update the page. YMMV – rob3c Apr 11 '17 at 17:00
  • 1
    I'll check with the team again. – Thiago Custodio Apr 11 '17 at 20:55
  • 1
    It looks like Azure Functions are *finally* covered. As suggested by Yochay Kiriaty's answer about Functions being "different enough to justify its own certification process", they're listed separately from the App Service parts (API Apps, Logic Apps, Mobile Apps and Web Apps) in the HIPAA and HITECH Act page in the Microsoft Trust Center https://www.microsoft.com/en-us/TrustCenter/Compliance/HIPAA – rob3c Jun 22 '17 at 20:55