Microsoft Cloud for Sovereignty

Abstract image of cloud spanning earth

Microsoft has a long history of providing sovereign versions of Azure in Europe. The first sovereign Azure instance, the Microsoft Cloud Germany, was discontinued in 2022 due to low customer interest. With the Microsoft Cloud for Sovereignty, Microsoft is making a new attempt. This time, the boundaries and policies are “built in” to Azure, making the approach flexible and customizable. This especially means that sovereign areas of Azure are still part of the larger Azure. The level of separation and isolation is determined by policies.

History: Microsoft Cloud Germany

Microsoft Cloud Germany was introduced in 2015 as part of Microsoft’s vision to provide localized cloud services tailored for customers with stringent data protection and sovereignty requirements. Its primary purpose was to serve organizations in Germany, the European Union (EU), and the European Free Trade Association (EFTA) that required compliance with German data residency and privacy regulations. At the time, Germany was recognized for having some of the strictest data protection laws in the world, driven by public sensitivity around data privacy.

Purpose of Microsoft Cloud Germany

The core purpose of Microsoft Cloud Germany was to address concerns around data sovereignty by creating a cloud infrastructure managed exclusively within the country, with strong legal and operational boundaries ensuring control over data. To achieve this, Microsoft implemented the following unique features:

  1. Data Residency and Sovereignty:
    Customer data was stored exclusively within German data centers, located in Frankfurt and Magdeburg, ensuring data remained inside Germany’s borders.
  2. Data Trustee Model:
    Microsoft partnered with Deutsche Telekom’s T-Systems, a German company, to act as an independent data trustee. This arrangement meant that access to customer data, even by Microsoft itself, was controlled and managed solely by T-Systems, ensuring adherence to German data protection laws and regulations. This is the model that Google now runs with T-Systems for the Sovereign Cloud powered by Google Cloud.
  3. Localized Operations:
    The service was specifically tailored for sensitive industries such as banking, healthcare, and the public sector, where compliance with German and EU-specific standards, such as GDPR, was paramount.
  4. Customer Assurance:
    To reassure customers, Microsoft baked sovereignty and compliance principles into the cloud design, making it a strong choice for organizations concerned about U.S.-based regulation, such as the U.S. CLOUD Act, which could potentially affect their data.

Challenges and Phasing Out

Despite its initial appeal, Microsoft Cloud Germany faced significant challenges:

  1. High Costs and Limited Scalability: The unique trustee model added substantial complexity and cost, which limited its scalability. The demand for a fully isolated sovereign cloud model proved to be lower than initially expected, as many organizations became more comfortable using global cloud services with robust data protection measures already in place.
  2. Evolving Customer Needs: Customers increasingly began to favor the global Azure cloud offerings, which provided broader services, advanced features, higher performance, and seamless integration. Over time, Microsoft’s mainstream Azure regions met compliance requirements (including GDPR), reducing the necessity for a separate, trustee-managed cloud.
  3. Operational Complexity: The management structure involving T-Systems added layers of operational complexity and slowed down feature rollouts compared to the global Azure infrastructure.

Key Elements of Azure for Sovereignty

  • Data Residency: Azure enables organizations to specify where their data is stored, processed, and managed, ensuring compliance with local and regional data residency requirements. Customers retain complete control over their data, ensuring it stays within the specified geopolitical boundaries.
  • Compliance and Certification: Azure provides a comprehensive portfolio of compliance offerings to meet global, regional, and industry-specific standards. These include GDPR within the European Union, CCPA in California, and national frameworks such as Germany’s C5 or UK’s G-Cloud. Azure consistently works to ensure their sovereign cloud solutions are auditable and aligned with the latest regulatory changes.
  • Custom Governance Features: Organizations can leverage Azure’s tools to implement robust governance strategies, such as advanced access control policies, encryption, and role-specific permissions. Azure also supports federated identity management to secure access and keep control firmly within the sovereign jurisdiction.
  • Operational Independence: Azure sovereign clouds often include operational and administrative capabilities controlled by local entities or trusted partners. This ensures that local governments or organizations can adhere to their autonomy and align with national interests.
  • Security and Trust: Azure builds sovereignty-focused cloud solutions with multi-layered security, combining advanced threat detection, end-to-end encryption, and AI-driven monitoring. The solutions are designed to meet the security needs of national and critical infrastructure organizations.
  • Partnership with Local Operators: In some regions, Microsoft Azure partners with trusted local entities to manage the sovereign cloud infrastructure. This collaborative model ensures compliance with geopolitical restrictions without sacrificing cutting-edge cloud technology.
  • Commitment to Transparency
    Azure provides customers with full transparency regarding data handling, including how data is stored, transferred, and accessed. Azure adheres to strict principles of customer data ownership and does not share customer data with government bodies without due process.

Sovereign Landing Zone (SLZ)

A central component of Microsoft Cloud for Sovereignty is the Sovereign Landing Zone (SLZ). The Sovereign Landing Zone is an opinionated variant of the Azure Landing Zone that provides an enterprise scale cloud infrastructure focused on operational control of data at rest, in transit, and in use. SLZ focuses on service location management, customer managed keys, and confidential computing to create a cloud architecture that enhances workload security.

Confidential computing on Azure

Another component – implemented in the Sovereign Landing Zone – is confidential computing. Confidential computing ensures that data cannot be accessed by anybody outside of the customer’s control. This is achieved through encryption and an execution environment that cannot be tampered with.

Details about Azure Confidential Computing can be found here.

EU Data Boundary

With the EU Data Boundary, Microsoft ensures that all customer data (personal data, diagnostic data, and service-generated data used in Microsoft Cloud services) is stored and processed exclusively within data centers located in the European Union. This includes popular services such as Microsoft Azure, Microsoft 365 (including Teams, Word, Excel, etc.), and Dynamics 365. Microsoft guarantees that customers’ data remains within the EU throughout the whole lifecycle—from storage to processing and other internal operations such as debugging, troubleshooting, or system maintenance.

Organizations can verify and audit Microsoft’s data handling policies to ensure complete adherence to EU standards. Microsoft shares insights via transparency centers and provides detailed documentation regarding how it safeguards customer data within the EU.

The EU Data Boundary addresses specific concerns around cross-border data transfers, particularly concerns relating to the Schrems II decision by the European Court of Justice, which invalidated the EU–US Privacy Shield framework due to concerns about U.S. government surveillance. Microsoft uses contractual, technical, and operational measures (such as encryption, access controls, and pseudonymization) to further mitigate risks associated with data transfers outside the EU.

How It Works in Practice

  • When using services like Microsoft 365 or Dynamics 365, all customer data is stored and processed within EU-based data centers (e.g., in France, Germany, Ireland, etc.).
  • For troubleshooting or service operations, internal Microsoft processes are restructured to eliminate reliance on non-EU personnel or data operations, unless authorized explicitly by the customer.
  • Diagnostics and other telemetry generation processes for Microsoft’s cloud services are redesigned to ensure that technical data remains within the EU for analysis and issue resolution.

Conclusion

The EU Data Boundary for Microsoft Cloud for Sovereignty is a cornerstone of Microsoft’s strategy to support the EU’s digital sovereignty objectives. By ensuring that data remains within EU borders and is subjected to EU data protection standards, Microsoft empowers public sector organizations to innovate securely and responsibly while meeting stringent compliance requirements.

Microsoft has made significant investments in integrating sovereignty capabilities into Azure. A key advantage of this approach is that customers have the flexibility to configure the solution to meet their specific isolation requirements. However, the sovereign boundary model represents the most technically demanding sovereignty implementation, which raises questions about how well it will be adopted in practice. Additionally, even with the introduction of Microsoft Cloud for Sovereignty, organizations remain heavily dependent on Microsoft as a service provider.

To top