21 minutes to read
Last Updated: May 2019
Thank you for developing with Microsoft!
By accessing or using Microsoft APIs, including within a software application, website, tool, service, or product you create or offer to Customers (your "Application"), you are agreeing to these terms and to comply with any accompanying documentation that applies to your use of the Microsoft APIs ("API Terms") with Microsoft Corporation ("Microsoft", "we", "us", or "our"). You represent and warrant to us that you have the authority to accept these API Terms on behalf of yourself, a company, and/or other entity, as applicable. We may change, amend or terminate these API Terms at any time. Your use of the Microsoft APIs after any change or amendment means you agree to the new API Terms. If you do not agree to the new API Terms or if we terminate these API Terms, you must stop using the Microsoft APIs.
1. Defined Terms
a) "Customer(s)" means the licensee of a Microsoft online service ("Microsoft Offering") and if the licensee is an organization, includes their administrators and end users.
b) "Microsoft APIs" means (i) any form of machine accessible application programming interface that Microsoft makes available which provides access to a Microsoft Offering, including all associated tools, elements, components and executables therein, (ii) any Microsoft sample code that enables interactions with a Microsoft Offering, and (iii) documentation that Microsoft makes available to help enable your access to the Microsoft APIs.
c) "Microsoft email protocols and APIs" may include and means IMAP, POP, MAPI, RPC over HTTP, Outlook REST API, Outlook APIs in Microsoft Graph API, Exchange Web Services ("EWS"), Exchange Active Sync ("EAS"), Exchange Management Shell and any Exchange online APIs in the Microsoft APIs, individually or in any combination, when used to provide access to a Microsoft Offering.
d) The Microsoft APIs include:
the Microsoft Graph API (documented, for example, at https://docs.microsoft.com/graph);
any other Microsoft APIs that enable access to data in Azure Active Directory;
any other Microsoft APIs that enable access to data in services that are part of Office 365 (including, but not limited to, Office 365 Services, Office 365 Business, Office 365 Business Premium, Office 365 Business Essentials, Office 365 Home, and Office 365 Personal), including, for example, all APIs in the following services:
Office 365: Outlook/Exchange, SharePoint, OneDrive, Microsoft Teams, Excel, OneNote, Project Online, Microsoft Planner, Microsoft Kaizala Pro, and Yammer; and
Office 365 for Education;
Any other Microsoft APIs that enable access to data in services that are part of Outlook.com, OneDrive.com, and Yammer;
Microsoft email protocols and APIs;
any other Microsoft APIs that enable access to data in Microsoft Intune(R); and
any other Microsoft APIs that enable access to data from Project Rome services, including, but not limited to: user activities, notifications, device relay and share (documented, for example, at https://docs.microsoft.com/windows/project-rome/).
2. Scope and Application Registration
a) These API Terms govern your use of Microsoft APIs except:
if you have entered into another agreement with Microsoft that expressly supersedes these API Terms and governs your use of specific Microsoft APIs, or
for any APIs other than the APIs listed in section 1.d) of these terms, if you access APIs that present accompanying terms ("Accompanying Terms") and you have accepted those Accompanying Terms, then those Accompanying Terms will apply to your access of those APIs.
b) Registration for your Application may be required pursuant to documentation. If registration is required, you must register your Application with Microsoft. Your registration must be accurate and kept up-to-date by you at all times. Once you have successfully registered an Application, you will be given access credentials for your Application. "Access Credentials" means the necessary security keys, secrets, tokens, and other credentials to access the Microsoft APIs. The Access Credentials enable us to associate your Application with your use of the Microsoft APIs. All activities that occur using your Access Credentials are your responsibility. Access Credentials are non-transferable and non-assignable. Keep them secret. Do not try to circumvent them.
3. Microsoft APIs License and Guidelines
a) Microsoft APIs License Subject to your compliance with all of the API Terms, Microsoft grants you a limited, non-exclusive, non-assignable, non-transferable, revocable license to use the Microsoft APIs to develop, test, and support your Application, and allow Customers to use your integration of the Microsoft APIs within your Application. You may use the Microsoft APIs only as expressly permitted in these API Terms. Violation of these API Terms may result in the suspension or termination of your use of the Microsoft APIs.
b) Microsoft APIs Guidelines
You may NOT:
Use the Microsoft APIs in a way that could impair, harm or damage Microsoft, the Microsoft APIs, any Microsoft Offering, or anyone's use of the Microsoft APIs or any Microsoft Offerings;
Use the Microsoft APIs to disrupt, interfere with, or attempt to gain unauthorized access to services, servers, devices, or networks connected to or which can be accessed via the Microsoft APIs;
Use the Microsoft APIs, or any information accessed or obtained using the Microsoft APIs, for the purpose of migrating Customers away from a Microsoft Offering, except in connection with use of the Microsoft APIs by your Application or unless expressly permitted by Microsoft pursuant to a duly executed written agreement;
Scrape, build databases or otherwise create copies of any data accessed or obtained using the Microsoft APIs, except as necessary to enable an intended usage scenario for your Application;
Request from the Microsoft APIs more than the minimum amount of data, or more than the minimum permissions to the types of data, that your Application needs for Customers to use the intended functionality of your Application;
Use an unreasonable amount of bandwidth, or adversely impact the stability of the Microsoft APIs or the behavior of other apps using the Microsoft APIs;
Attempt to circumvent the limitations Microsoft sets on your use of the Microsoft APIs. Microsoft sets and enforces limits on your use of the Microsoft APIs (e.g., limiting the number of API requests that you may make or the number of users you may serve), in its sole discretion;
Use Microsoft APIs in any manner that works around any technical limitations of the Microsoft APIs or of the accessed Microsoft Offering, or reverse engineer, decompile or disassemble the Microsoft APIs, except and only to the extent that applicable law expressly permits, despite this limitation;
Use the Microsoft APIs, or any data obtained using the Microsoft APIs, to conduct performance testing of a Microsoft Offering unless expressly permitted by Microsoft pursuant to a duly executed written agreement;
Use the Microsoft APIs, or any data obtained using the Microsoft APIs, to identify, exploit or publicly disclose any potential security vulnerabilities;
Request, use or make available any data obtained using the Microsoft APIs outside any permissions expressly granted by Customers in connection with using your Application;
Use or transfer any data accessed or obtained using the Microsoft APIs, including any data aggregated, anonymized or derived from that data (collectively the "Microsoft APIs Data") for advertising or marketing purposes including (i) targeting ads, or (ii) serving ads. For purposes of clarity, this prohibition on using Microsoft APIs Data for advertising or marketing purposes does not extend to using other data, such as (i) the number of users of your Application, (ii) a user identifier you independently receive from a user (e.g., an email address you receive when a user enrolls to use your Application, a device identifier, or an advertising identifier), or (iii) a product or service identifier that identifies a Microsoft Offering;
Make your Application available for use in a manner that circumvents the need for users to obtain a valid license to the Microsoft application or service that is accessed through the Microsoft APIs;
Redistribute or resell, or sublicense access to, the Microsoft APIs, any data obtained using the Microsoft APIs, or any other Microsoft Offering accessed through the Microsoft APIs; or
Misrepresent expressly, by omission, or implication, the need for users to obtain a valid license to the Microsoft application or service that is accessed through the Microsoft APIs;
Falsify or alter any unique referral identifier in, or assigned to an Application, or otherwise obscure or alter the source of queries coming from an Application to hide a violation of this agreement; or
Use the Microsoft APIs or allow any user to use the Application in a way that violates applicable law, including:
Illegal activities, such as child pornography, gambling, piracy, violating copyright, trademark or other intellectual property laws.
Intending to exploit minors in any way.
Accessing or authorizing anyone to access the Microsoft APIs from an embargoed country as prohibited by the U.S. government.
Threatening, stalking, defaming, defrauding, degrading, victimizing or intimidating anyone for any reason.
Violating applicable privacy laws and regulations.
Use the Microsoft APIs in a way that could create, in Microsoft's sole discretion and judgment, an unreasonable risk to Customers from a security or privacy perspective.
c) Accessing the Exchange and Outlook Services through Microsoft email protocols and APIs
Unless you have use permissions expressly and specifically granted by Customers in connection with using your Application, you may not use Microsoft email protocols and APIs for any purpose other than:
syncing email messages, calendar events, and contacts, or
backing up email messages, calendar events, and contacts.
d) Accessing the Microsoft Intune Service through a Microsoft API
When your Application or services access a Intune APIs in Microsoft Graph using a Post command, for example, such as documented at https://docs.microsoft.com/graph), you must include:
In your Application and services' license terms, a statement that certain functionalities are enabled by accessing Microsoft Intune(R) through the Microsoft API and use of your Application and accompanying services does not remove the need for users to have a valid license for their use of the Microsoft Intune(R) service.
In your Application and services' marketing material and product documentation that references functionality enabled by your Application or service's access to Microsoft Intune(R) through the Microsoft API:
The attribution "Microsoft Intune(R) App Protection Policies" displayed in a manner consistent with the Microsoft Trademark & Brand Guidelines, and
A statement that use of your Application and services does not remove the need for users to maintain a valid license for their use of the Microsoft Intune(R) service.
In your Application's user interface or console that displays commands for functionality enabled by the Microsoft API for Intune, include the attribution "Microsoft Intune(R) App Protection Policies" in a conspicuous place on the console or UI. The attribution must be in a manner consistent with the Microsoft Trademark & Brand Guidelines.
e) Accessing Microsoft OneDrive through a Microsoft API
When your Application or services access a Microsoft API for Microsoft OneDrive, other than the work files of a user or work files created on behalf of a user, you may not enable storage of system data in Microsoft OneDrive, the systems data including (i) computer system back-up data, (ii) team, organization, or departmental level data, or (iii) data related to any assignment of a per user license to a team, organization, department, or other non-human entity. Such systems data can be stored in Microsoft SharePoint shared libraries, which is a solution for more advanced content management and collaboration, including storing and managing files, communications, and intranet sites across a team or organization.
f) Accessing the Microsoft Yammer Service through a Microsoft API
When your Application or services access a Microsoft API for Yammer, you must adhere to the following requirements:
Contact and Cooperation. You (or the name of the contact you gave to Microsoft when you applied for your application key if it's not you) must be reachable at all times for privacy and security questions or concerns. You can change this name or contact by signing up for a new application key, and providing the correct contact information and using the new application key instead.
Reporting. In addition to the vulnerabilities and data breach requirements of section 4. Security, you must promptly report any security deficiencies in or intrusions to your Application or services systems that you discover to Microsoft in writing via email to firstname.lastname@example.org. You will work with Microsoft to immediately correct any security deficiency and will disconnect immediately any intrusions or intruder. In the event of any such security deficiency or intrusion, you will make no public statements (e.g., press, blogs, social media, bulletin boards, etc.) without prior written and express permission from Microsoft in each instance.
Branding. If your product or service uses or is based upon accessing the Microsoft Yammer service through a Microsoft API, and you wish to include Yammer branding or logos, please contact us at email@example.com. Absent express written permission from us, you may not use Yammer branding, except as outlined in section 3. f) 4. below.
Attribution. The images provided to you through the accessing the Microsoft Yammer service through a Microsoft API may contain the trade names, trademarks, service marks, logos, domain names, and other distinctive brand features of Microsoft and its partners. You may not delete or in any manner alter these trade names, trademarks, service marks, logos, domain names, and other distinctive brand features. You agree to maintain, and not to remove, modify, obscure or alter, any link or notices appearing on any image provided through the Service.
You warrant that your Application has been developed to operate with Microsoft API content in a secure manner. Your network, operating system and the software of your servers, databases, and computer systems (collectively, "Systems") must be properly configured to securely operate your Application and store content collected through your Application (including the Microsoft API content). Your Application must use reasonable security measures to protect the private data of your users.
We may use technology to detect, prevent or limit the impact of any issues caused by your Application (before, after, or instead of suspension of your access). This may include, for example, (i) filtering to stop spam, (ii) performing security or privacy monitoring regarding scraping, denial of service attacks, user impersonation, application impersonation, or illicit consent grant(s), or (iii) limiting or terminating your access to the Microsoft APIs.
You will permit Microsoft reasonable access to your Application for purposes of monitoring compliance with these API Terms. You will respond to any questions by Microsoft about your compliance with these API Terms.
Without limiting the foregoing, upon request by Microsoft, you will provide us (or an independent auditor acting on our behalf) with up to two full-feature client account-level instances to access your Application (and/or other materials relating to your use of the API) as reasonably requested by us to verify your compliance with these API Terms (including, in particular, your security and privacy obligations under these API Terms).
We may restrict or terminate access to the APIs or perform an audit (including by hiring an independent auditor acting on our behalf) of your Application if you fail to provide adequate information and materials (including up to two full-featured instances of your Application) to verify your compliance with these Terms.
You must have a process to respond to any vulnerabilities in your Application, and in the case of any vulnerabilities related to your Application's connection to the Microsoft APIs discovered by you or reported to you by a third party, you agree that you will provide vulnerability details to the Microsoft Security Response Center (firstname.lastname@example.org).
In the event of a data breach by you resulting from any aspect of the Microsoft APIs involving your Application or any data collected through your Application, you will promptly contact the Microsoft Security Response Center (email@example.com) and provide details of the data breach. You agree to refrain from making public statements (e.g., press, blogs, social media, bulletin boards, etc.) without prior written and express permission from Microsoft in each instance as it relates to the Microsoft APIs.
The rights and requirements of this section -- 4. Security -- will survive for five (5) years following any termination of these API Terms.
5. Your Compliance with Applicable Privacy and Data Protection Laws
You must comply with all laws and regulations applicable to your use of the data accessed through the Microsoft APIs, including without limitation laws related to privacy, biometric data, data protection and confidentiality of communications. Your use of the Microsoft APIs is conditioned upon implementing and maintaining appropriate protections and measures for your service and Application, and that includes your responsibility to the data obtained through the use of the Microsoft APIs. For the data you obtained through the Microsoft APIs, you must:
a) obtain all necessary consents before processing data and obtain additional consent if the processing changes ("Data Access Consents"),
b) In the event you're storing data locally, ensure that data is kept up to date and implement corrections, restrictions to data, or the deletion of data as reflected in the data obtained through your use of the Microsoft APIs,
c) implement proper retention and deletion policies, including deleting all data when your user abandons your Application, uninstalls your Application, closes its account with you, or abandons the account,
d) maintain and comply with a written statement available to Customers and users that describes your privacy practices regarding data and information you collect and use ("Your Privacy Statement"), and that statement must be as protective as the Microsoft Privacy Statement, and
e) When your Application allows end users to sign in with a Microsoft account and Microsoft is not providing the user interface for the sign in, your Privacy Statement must provide a link to https://account.live.com/consent/Manage and/or https://myapps.microsoft.com, or such other location(s) as we may specify from time to time, with a clear indication that Customers and end users can go to the Microsoft site(s) to revoke Data Access Consents at any time. If Customers or end users must take additional steps to disable your Application's access to Customer or end user data, then Your Privacy Statement must clearly indicate to Customers and end users the additional steps required to disable access.
Nothing in the Agreement shall be construed as creating a joint controller or processor-subprocessor relationship between you and Microsoft.
6. Changes to the Microsoft APIs and API Terms
WE MAY CHANGE OR DISCONTINUE THE AVAILABILITY OF SOME OR ALL OF THE MICROSOFT APIs AT ANY TIME FOR ANY REASON WITH OR WITHOUT NOTICE. Such changes may include, without limitation, removing or limiting access to specific API(s), requiring fees or setting and enforcing limits on your use of additions to the Microsoft APIs. We may also impose limits on certain features and services or restrict your access to some or all of the Microsoft APIs. We may release subsequent versions of the Microsoft APIs and require that you use those subsequent versions, at your sole cost and expense.
Any version of the Microsoft APIs designated as "preview", "pre-release" or "beta" ("Preview API"), may not work in the same way as a final version. We may change or not release a final or commercial version of a Preview API in our sole discretion.
WE MAY MODIFY THESE API TERMS AT ANY TIME, WITH OR WITHOUT PRIOR NOTICE TO YOU. YOUR CONTINUED USE OF THE MICROSOFT APIs FOLLOWING THE RELEASE OF A SUBSEQUENT VERSION OF THESE API TERMS WILL BE DEEMED YOUR ACCEPTANCE OF ANY MODIFICATIONS TO THESE API TERMS.
If you give feedback about the Microsoft APIs to Microsoft, you give to Microsoft, without charge, the right to use, share and commercialize your feedback in any way and for any purpose. You will not give feedback that is subject to a license that requires Microsoft to license its software or documentation to third parties because Microsoft includes your feedback in them. These rights survive these API Terms.
You may be given access to certain non-public information, software, and specifications relating to the Microsoft APIs ("Confidential Information"), which is confidential and proprietary to Microsoft. You may use Confidential Information only as necessary in exercising your rights granted under these API Terms. You may not disclose any Confidential Information to any third party without Microsoft's prior written consent. You agree that you will protect any Confidential Information from unauthorized use, access, or disclosure in the same manner that you would use to protect your own confidential and proprietary information.
9. Disclaimer of Warranties, Limitation of Liability and Indemnity
a) Disclaimer of Warranties
WE MAKE NO WARRANTIES, EXPRESS OR IMPLIED, GUARANTEES OR CONDITIONS WITH RESPECT TO YOUR USE OF THE MICROSOFT APIs. YOU UNDERSTAND THAT USE OF THE MICROSOFT APIs IS AT YOUR OWN RISK AND THAT WE PROVIDE THE MICROSOFT APIs ON AN "AS IS" BASIS "WITH ALL FAULTS" AND "AS AVAILABLE" TO THE EXTENT PERMITTED UNDER YOUR LOCAL LAW, WE EXCLUDE ANY IMPLIED WARRANTIES, INCLUDING FOR MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE, WORKMANLIKE EFFORT, AND NON-INFRINGEMENT. YOU MAY HAVE CERTAIN RIGHTS UNDER YOUR LOCAL LAW. NOTHING IN THESE API TERMS ARE INTENDED TO AFFECT THOSE RIGHTS, IF THEY ARE APPLICABLE. WE DO NOT GUARANTEE THE MICROSOFT APIs WILL FUNCTION WITHOUT INTERRUPTION OR ERRORS IN FUNCTIONING. IN PARTICULAR, THE OPERATION OF THE MICROSOFT APIs MAY BE INTERRUPTED DUE TO MAINTENANCE, UPDATES, OR SYSTEM OR NETWORK FAILURES. WE DISCLAIM ALL LIABILITY FOR DAMAGES CAUSED BY ANY SUCH INTERRUPTION, ERRORS IN FUNCTIONING, OR THAT DATA LOSS WILL NOT OCCUR.
b) Limitation of Liability
IF YOU HAVE ANY BASIS FOR RECOVERING DAMAGES (INCLUDING BREACH OF THESE API TERMS), YOU AGREE THAT YOUR EXCLUSIVE REMEDY IS TO RECOVER, FROM MICROSOFT OR ANY AFFILIATES, RESELLERS, DISTRIBUTORS, SUPPLIERS (AND RESPECTIVE EMPLOYEES, SHAREHOLDERS, OR DIRECTORS) AND VENDORS, ONLY DIRECT DAMAGES UP TO USD $5.00 COLLECTIVELY. YOU CAN'T RECOVER ANY OTHER DAMAGES OR LOSSES, INCLUDING, WITHOUT LIMITATION, DIRECT, CONSEQUENTIAL, LOST PROFITS, SPECIAL, INDIRECT, INCIDENTAL, OR PUNITIVE. These limitations and exclusions apply even if this remedy doesn't fully compensate you for any losses or fails of its essential purpose or if we knew or should have known about the possibility of the damages. To the maximum extent permitted by law, these limitations and exclusions apply to any claims related to these API Terms or your use of the Microsoft APIs.
You will defend, hold harmless, and indemnify Microsoft from any claim or action brought by a third party, including all damages, liabilities, costs and expenses, and reasonable attorney fees, to the extent resulting from, alleged to have resulted from, or in connection with your breach of the obligations herein or infringement of Microsoft's or third party's intellectual property.
d) No Injunctive Relief
In no event shall you seek or be entitled to rescission, injunctive or other equitable relief, or to enjoin or restrain the operation of the Microsoft APIs, content or other material used or displayed through the current Microsoft website or successor site.
e) No Third-Party Beneficiaries
There are no third-party beneficiaries to this Agreement.
a) We may suspend or immediately terminate these API Terms, any rights granted herein, and/or your license to the Microsoft APIs, in our sole discretion at any time, for any reason. You may terminate these API Terms at any time by ceasing your access to the Microsoft APIs.
b) Upon termination, all licenses granted herein immediately expire and you must cease use of the Microsoft APIs. You must also comply with Customer's instruction to return or delete any data accessed or obtained through the Microsoft APIs, unless expressly permitted by Microsoft or prohibited by law. Neither party will be liable to the other for any damages resulting solely from termination of these API Terms.
11. General Terms
a) Applicable Law
United States. If you reside in the United States, Washington state law governs the interpretation of these API Terms and applies to claims for breach of it, regardless of conflict of laws principles. The laws of the state where you live govern all other claims, including claims under state consumer protection laws, unfair competition laws, and in tort.
Outside the United States. If you reside in any other country, the laws of that country apply.
b) Support. Because the Microsoft APIs are provided "as is," we may not provide support services for them. You are solely responsible for the quality of your Application and providing support for your Application.
c) Assignment and Delegation. You may not assign or delegate any rights or obligations under these API Terms, including in connection with a change of control. Any purported assignment and delegation shall be ineffective. We may freely assign or delegate all rights and obligations under these API Terms, fully or partially without notice to you.
d) Reservation of Rights. All rights not expressly granted herein are reserved by Microsoft. You acknowledge that all intellectual property rights within the Microsoft APIs remain the property of Microsoft and nothing within these API Terms will act to transfer any of these intellectual property rights to you.
e) Microsoft and you are independent contractors. Nothing in this Agreement shall be construed as creating an employer-employee relationship, processor-subprocessor relationship, a partnership, or a joint venture between the parties.
f) No Waiver. Either party's failure to act with respect to a breach of these API Terms does not waive either party's right to act with respect to that breach or subsequent similar or other breaches.
g) Survival. Sections of these API Terms that, by their terms, require performance after the termination or expiration of these API Terms will survive, such as, for example, the rights and requirements of section 4. Security.
h) Modifications. We may modify these API Terms at any time with or without individual notice to you. Any modifications will be effective upon your continued use of the Microsoft APIs.
i) Entire Agreement. These API Terms and any documents incorporated into these API Terms by reference, constitute the entire agreement between you and us regarding the Microsoft APIs and supersede all prior agreements and understandings, whether written or oral, or whether established by custom, practice, policy or precedent, with respect to the subject matter of these API Terms. If any provision of these API Terms is found to be illegal, void, or unenforceable, the unenforceable provision will be modified so as to render it enforceable to the maximum extent possible.