Now Available: 2026 Independent IRAP Assessments of Microsoft’s Azure, Dynamics365 and Microsoft 365  

Modern government, business and society depend on access to the latest technology to operate, compete and progress, and cloud computing has long been central to maintaining that technological advantage. The cloud is where critical public services and national data are hosted, where innovation is scaled, and where Australia’s digital future is being built. 

That level of reliance demands more than capability alone. It requires confidence that cloud platforms can be trusted and relied upon for the country’s most sensitive and regulated workloads. Trust at this level must be demonstrated through transparency and independent verification, not assumptions or marketing claims. 

Today, I am pleased to share that Microsoft has completed its latest Information Security Registered Assessors Program  (IRAP) assessments for Azure, Dynamics 365 and Microsoft 365, supporting workloads operating up to and including the “Protected” level under the Australian Government Information Security Manual. 

These assessments were conducted by Neon Cloud, an ASD endorsed IRAP assessor, and evaluate Microsoft cloud services against the Australian Government Information Security Manual (ISM) and ACSC Cloud Assessment and Authorisation Framework, alongside guidance from the Protective Security Policy Framework and broader Australian Government requirements. 

It is important to note that IRAP is not a certification, nor is it a binary pass or fail exercise. It is a risk-based framework designed to help organisations make informed decisions about how cloud services can be deployed within their specific security, regulatory and operational context. 

Microsoft has been investing in independent IRAP assessments since 2015 and continues to reassess our cloud platform every twenty-four months. In an environment where threats, dependencies and geopolitical conditions continue to shift, repeatable independent assurance plays a key role in supporting long term operational resilience. This ongoing cycle reflects a long-term commitment to transparency, assurance and supporting Australian customers as their security, resilience and sovereignty requirements continue to evolve. 

The latest assessments are available to download via the Australian IRAP section of the Microsoft Service Trust Portal at: https://aka.ms/au-irap.