How does Azure DevTest Labs handle user’s personal data?


This article provides steps for how to delete and export personal data from the DevTest Labs service and can be used to support your obligations under the GDPR. If you’re looking for general information about GDPR, see the GDPR section of the Service Trust portal.

What personal data do we collect?

DevTest Labs as a service collects two main pieces of personal data from the user.

These include user email address and user object Id. This information is critical for the service to provide in-service features to the lab admins and lab users.

User email address

User email address is used to send auto shut down email notifications to lab users reminding them of their machine being shut down and allowing them to delay or skip the shut down if they may wish to. The email address can be configured at Lab level or at VM level.

User object ID

User object ID is used to show month over month cost trends and cost by resource to the Lab admins to allow them to track costs and manage thresholds for their Lab.

Why do we need this personal data?

This data is used for operational purposes and critical for the service to be able to deliver key features. If we set a retention policy on the user email address, lab users will not receive timely auto shutdown email notifications after their email address is deleted from our system. Similarly, the lab admin will not be able to view month over month cost trends and cost by resource for the machines in their labs if the user object Ids get deleted based on a retention policy. Hence this data needs to be retained for as long as the user's resource is active in the Lab.

How can I have the system to forget my personal data?

If a user would like this data to be deleted , he/she can do so by deleting the corresponding resource in the Lab. We as a service will anonymize all deleted personal data 30 days after it is deleted by the user.
For example, If lab users deleted their VM, or removed their email address, we as a service anonymize this data 30 days after the resource was deleted.
The 30 day retention policy after deletion is to make sure that we provide an accurate month over month cost projection to the Lab admin.

How can I request an export on my personal data?

As a lab user, you can request an export on the personal data we store and process on your behalf.
To request for an export, navigate to the Personal data option on the Overview blade of your lab. Clicking on the Request export button should kick off the creation of a downloadable excel file in your Lab admin's storage account. You can then reach out to your Lab admin to view this data.

As a Lab admin, you can navigate to your storage account by clicking on the resource group that your Lab belongs to.

In the storage account, navigate to the Blobs section.

The resource usage file should be created in the in the Blobs section under the name labresourceusage.

You can then navigate into the labresourceusage section to find the a folder named after your lab. This folder should lead you to the csv files for disks and virtual machines in your lab. Then you can download these csv files, filter the content for the lab user requesting an access and share it with them.

Try this feature today and let us know what you think about it!

Got an idea to make it work better for you? Submit your feedback/ideas or vote for others at Azure DevTest Labs UserVoice forum.

Have a question? Check out the answers or ask a new one at MSDN forum.


Comments (0)

Skip to main content