Microsoft Cloud for Sovereignty – General Available

Today, Microsoft has announced via this blog the generally availability of Microsoft Cloud for Sovereignty across all Azure regions! Microsoft Cloud for Sovereignty helps governments meet their compliance, security, and policy requirements while utilizing the cloud to provide superior value to their citizens.

Common Questions
Talking with customers, common questions are asked in terms of achieving data sovereignty in the cloud. These often include questions around (1) residency, security and compliance of the hyperscale cloud; (2) controls for data access; and (3) the complexity of addressing regulations that vary by country.

First, Microsoft Cloud for Sovereignty is built on the foundation of more than 60 cloud regions, providing industry-leading cybersecurity along with the broadest compliance coverage. Microsoft offers the most regions of any cloud provider. Customers can implement policies to contain their data and applications within their preferred geographic boundary, in alignment with national or regional data residency requirements.

Second, Microsoft Cloud for Sovereignty provides sovereign controls to protect and encrypt sensitive data and control access to that data, enabled by sovereign landing zones and Azure Confidential Computing.

A sovereign landing zone is a type of Azure landing zone designed for organizations that need government-regulated privacy, security and sovereign controls. Organizations can leverage landing zones as a repeatable best-practice for secure and consistent development and deployment of cloud services. As many government organizations face a complex and layered regulatory landscape, utilizing sovereign landing zones makes it much easier to design, develop, deploy and audit solutions while enforcing compliance with defined policies.

Customers can also leverage Azure Confidential Computing to secure sensitive and regulated data even while it’s being processed in the cloud. Azure Confidential Computing protects data in memory in hardware-based trusted execution environments, helping prevent unwanted data access by the cloud provider, administrators and users. Customers can benefit from this capability on Azure without having to change existing applications.

Driving a rapid pace of innovation
Microsoft is also announcing new capabilities in preview, today:
- Drift analysis capabilities: Ongoing administration and maintenance can potentially introduce changes that don’t comply with policies, resulting in the deployment beginning to drift out of compliance over time. The new drift analysis tool inspects your deployment and generates a list of non-compliant settings, as well as a severity rating, making it easier to identify any discrepancies to remediate and verify the compliance of specific environments.
- Transparency logs: Gives eligible customers visibility into the instances where Microsoft engineers have accessed customer resources through Just-In-Time (JIT) access, most commonly in response to a customer support request. With this update, customers can now request access to the preview feature via the Azure portal.
- New configuration tools in the Azure portal: Allows customers to create a new tailored sovereign landing zone in two simple steps using a guided experience.

Stay tuned! More information is coming!

Learn more and get started today
Interesting links:

• Link to the "Get Started";
• Documentation on Microsoft Learn;
• Latest News of Microsoft Cloud for Sovereignty.