Visual Studio Team Services - Code repository privacy

Question

I've used Visual Studio Online Team Services as a code repository and want to know if it is possible for Microsoft Employees to see the code you upload if they wanted to.

The privacy policy doesn't address this specifically that I can see but it does say that Microsoft can use your data for advertising purposes and they can share it with third parties. If "data" means my proprietary code that would be good to know.

Customer Data will be used only to provide customer the Online Services including purposes compatible with providing those services. For example, we may use Customer Data to provide a personalized experience, improve service reliability, combat spam or other malware, or improve features and functionality of the Online Services. Microsoft will not use Customer Data or derive information from it for any advertising or similar commercial purposes. “Customer Data” means all data, including all text, sound, video, or image files, and software, that are provided to Microsoft by, or on behalf of, you or your end users through use of the Online Service. Customer Data is not Administrator Data, Payment Data, or Support Data. For more information about the features and functionality that enable you to control Customer Data, please review documentation specific to the Online Service.

Answer 1

No, not merely if they "want to". Microsoft does provide a clause that allows them access if it's required for security or site operation:

From time to time, Microsoft employees need to obtain access to customer data stored within Team Services. As a precaution, all employees who have or may ever have access to customer data must pass a background check, which verifies previous employment and criminal convictions. In addition, we permit access to the production systems only when there’s a live site incident or other approved maintenance activity, which is logged and monitored.

(From the Visual Studio Team Services Data Protection Overview document.

That being said, this is the most liberal interpretation of this access. I worked as a senior software engineer on the VSO version control team and there's no possibility for me to get access to customer data. If you complain about a bug in our git repository handling, I'm going to ask you if you can give me a copy that I can use to reproduce - I can't just go get it. And if you decline, then I will not be able to get your data.

So while yes, we Microsoft engineers do have the theoretical ability to get to your files, there are significant policy and security safeguards against access and abuse.