Azure Government Cloud: Four Essential Things to Know
What makes Azure Government different? Who can use it? Why would you use it? Let’s look at the essentials of Azure Government.
Jun 08, 2023 • 7 Minute Read
What is Azure Government?
There are two common responses I get when I tell people I’ve built a cloud course focused on Azure Government. In the first instance, previously conscious and alert individuals suddenly doze off before I finish the phrase, “controlled, unclassified data.”
The second is the expressed belief that it’s just a marketing angle on ‘vanilla’ Azure. You know, Azure for Government, Azure for Healthcare, Azure for Balloon Artists, right?
The first response is, perhaps, warranted. Most of the individuals with the first response have a genuine need to know what Azure Government is all about, so after a brief power nap, they generally return to the conversation with renewed interest.
The second response, however, is based on a misunderstanding. When it comes to Azure Government, we are not talking about Azure for a particular purpose. We are talking about a completely different cloud platform, called “Azure Government.”
Transforming careers, transforming organizations
Knowledge is power. It's time time to ascend the career ladder and put some rigour in your learning with hands-on labs in AWS, Microsoft Azure, Google Cloud, and beyond.
The Four Ws of Azure Government
Let’s see if I can boil it down for you by answering four questions. I’ll keep it brief in order to avoid this post turning into a sleeping aid – and then you can decide if you want to pursue your quest to learn more about Azure Government (it’s well worth it, I promise)!
1. What makes Azure Government different?
Azure Government is part of Microsoft’s US Sovereign Cloud, which is built in a fully isolated environment that is both physically and logically separated. In addition to Azure, Office 365 and Dynamics 365 can also host services in the US Sovereign Cloud. As the name implies, all services in the US Sovereign Cloud are contained within an accreditation boundary that requires screened US persons and data sovereignty within the continental United States.
Government offerings – Azure vs AWS vs GCP
Both AWS and GCP have government-specific offerings, too. But Azure’s approach is markedly differently from AWS and GCP’s offerings. At this time, neither AWS or GCP has chosen the sovereign cloud path. Similar to Azure Government, AWS and GCP advertise extra physical security measures. But unlike Azure Government, they assert that data centers isolated from the rest of their global cloud platforms are sufficient.
If you're interested in delving deeper into the government-specific offerings by other cloud providers, explore our AWS GovCloud: Beyond the Buzzwords course.
Azure Government vs global Azure
Azure Government is built on the exact same technologies as global Azure, but it is a completely separate cloud platform. Here are a few more differences between Azure Government that are different from global Azure:
Azure Government has a handful of regions or data center locations, all located in the United States. This in contrast to the dozens of world-wide regions in global Azure.
There are a couple of DoD-Specific regions and ”unannounced” regions that serve the needs of organizations that handle classified data.
Data Centers in Azure Government have additional physical security, and Microsoft personnel administering and supporting Azure Government go through additional screening processes.
Azure Government Secret and Azure Government Top Secret
Within Azure Government, there are two offerings, called Azure Government Secret and Azure Government Top Secret, but the publically available description of that infrastructure is (understandably) vague.
Azure Government includes many Azure features, but in order to cover more compliance scopes, it doesn’t include all Azure resources. You will only rarely see resources still in preview in Azure Government, but, every once in a while, a service or feature will be available in Azure Government before it is in global Azure.
To understand which services are available, by region, including Azure Government, check out the Azure Products by Region resource. Be sure to use the region drop-down and select “Non-Regional,” “Azure Government” to include those regions in your search results, and tick the “Reserved Access Regions Option.” Select “United States” for the most relevant comparison service availability versus Azure Government.
Azure Government and multi-tenancy
Just like nearly all cloud platforms, Azure Government is multi-tenant. That is, multiple customers may share the same hardware. However, in Azure Government, the customers who may be digital neighbors all have to be public sector organizations.
2. Who can use Azure Government?
Azure Government subscriptions are available only to organizations in the US public sector or their designated service providers.
Those public sector categories include federal civilians, DoD, the intel community, municipalities, tribal governments, justice and public safety, and power and utilities.
Microsoft is so strict about this requirement that I couldn’t even get an Azure Government subscription to produce our Introduction to Azure Government course! (Fortunately, for the purposes of training and experimenting, all of the features in the two portals look and behave pretty much the same as global Azure.)
3. Why use Azure Government over global Azure — and vice versa?
If your organization has relatively low compliance requirements in the context of public sector security and privacy standards; or the vast majority of your services and content are for public consumption, you should consider global Azure over Azure Government.
Azure Government service set
There are more services in global Azure, which makes this a compelling reason in its own right. But some services in Azure Government have a few differences and limitations not present in global Azure, as documented in this Comparison of Services in Azure Government and Global Azure Of course, nothing is stopping your organization from having subscriptions in both global Azure and Azure Government clouds!
Azure Government compliance standards
Often, compliance standards will determine which cloud you should employ, as well as when you should be taking it up a notch with Azure Government Secret or Azure Government Top Secret offerings. Microsoft maintains this Azure Government Services by Audit Scope document, which tells you when you should be using what.
Regardless of the service set and audit scope, sometimes your decision will be as simple as the type of data you need to store and manage. This Venn diagram says it all:
4. Where does Azure Government fit into hybrid and multi-cloud architectures?
Typically, when you combine your traditional network with a cloud platform, that’s considered a hybrid cloud deployment. But, also, if you have cloud resources in more than one Microsoft offering, such as global Azure and Azure Government, that’s considered a “hybrid” choice. When you combine cloud platform offerings from multiple vendors, such as Microsoft and Amazon, that’s considered Multi-Cloud.
Don’t panic if this is starting to get confusing. Fortunately, many public sector organizations find they can take an “all of the above” approach. You may already have a footprint in AWS or GCP, or you determine that it would be good to diversify across cloud providers. If that’s the case, Azure Government, combined with AWS or GCP government offerings, may present a reasonable multi-cloud opportunity.
Want to learn more about Azure Government? You can take a virtual road trip on historic Route 66 in my course, Introduction to Azure Government.
Cloud adoption within the public sector faces a wide array of challenges. But there is also tremendous opportunity. In this in-depth white paper, Chris Hughes expertly lays out the challenges, opportunities, and potential of public sector cloud adoption.