Contracting with Microsoft
How can we do business with Microsoft?
Procurement processes at Microsoft have become increasingly streamlined. This means that we can focus on what is most important: developing relationships with compliant, capable, competitive suppliers that enable us to address our priorities and goals successfully. The policies, guidelines, and program information on this page are central to contracting with Microsoft.
Master Supplier Services Agreement (MSSA)
This overarching contract specifies standard payment terms and diverse spend reporting.
Learn more about MSSA
Supplier Code of Conduct (SCoC)
These standards of conduct and behavior are expected of Microsoft employees and anyone doing business with Microsoft.
Review the SCoC
Supplier Guidelines
In conjunction with the MSSA, these guidelines outline the requirements that all suppliers are expected to follow.
Read the guidelines
Supplier Security and Privacy Assurance (SSPA)
This program drives supplier compliance in data processing and protection requirements.
Review the requirements
Global purchasing terms and conditions
Microsoft purchase order (PO) terms and conditions differ based on which Microsoft subsidiaries a supplier does business with. In some cases, regulations require that certain invoice terms and conditions be tailored to a particular Microsoft subsidiary.
Find the terms and conditions specific to your localeSuppliers that are currently undergoing the onboarding process can direct questions to the Accounts Payable Support Desk.
Find the terms and conditions specific to your localeSupplier Security and Privacy Assurance (SSPA)
Strong privacy and security practices are critical to our mission, essential to customer trust, and required by law in several jurisdictions. The standards captured in Microsoft's privacy and security policies reflect our values as a company, and extend to suppliers who handle Microsoft data on our behalf.
Supplier Security and Privacy Assurance (SSPA) is Microsoft's corporate program to deliver Microsoft's data processing instructions to our suppliers in the form of the Microsoft Supplier Data Protection Requirements (DPR), SSPA drives compliance to these requirements through an annual compliance cycle; for new suppliers, work cannot start until this is complete, Suppliers may also be selected to provide independent assurance by completing an assessment against the DPR.
The DPR includes a requirement to provide privacy and security awareness training, Companies may download this training storyboard outline to customize for their own purposes, Microsoft provides privacy awareness materials for informational purposes only. Nothing in this material is intended to reflect Microsoft's internal policies or privacy programs, or to provide legal advice to the recipient. If the recipient uses these materials for its own internal purposes, such use should be in consultation with the recipient's privacy compliance experts and legal counsel.
Download Privacy Fundamentals 101 training
Any questions regarding the Microsoft SSPA Program can be directed to [email protected].
Microsoft Supplier Data Protection Requirements
Requirements for the protection of personally identifiable information and Microsoft product information.
The Master Supplier Services Agreement (MSSA)
If a contract is required by Microsoft, this must be executed by Microsoft and the supplier prior to doing work. This is an overarching agreement. After the supplier has signed this agreement, only business-specific statements of work (SOW) or purchase orders (PO) are needed. Having a uniform agreement in place helps ensure that Microsoft and the supplier can consistently rely on certain aspects of their relationship without discussion or concern.