Streamline controls with Microsoft Cloud for Sovereignty

Microsoft released the latest news and announcements arround Cloud for Sovereignty via this blog. We had the honour and opportunity to work close with the product team of Microsoft "Cloud for Sovereignty". This release provides tools that simplify the configuration and deployment of complex sovereign controls and expand on best practice guidance. Let's take a look to the new features of this release!

Guardrails
Codified architectures and tooling that reduce complexity and make the process of building sovereign environments designed to help achieve regulatory requirements simple, predictable, and repeatable. Microsoft has provided:

• The latest and most recent version of the Azure built-in Sovereignty Baseline Policy Initiative is available on GitHub;
• A comparison guidance between ALZ and SLZ and when to use one another;
• Updated Policy portfolio, by adding NATO’s D32 directive on information protection (preview) and Azure policy initiatives for Cloud Security Alliance (CSA) Cloud Controls Matrix, Netherlands BIO (Baseline Informatiebeveiliging Overheid), and the Italian National Cybersecurity Agency.

Tools
New assessment, policy compiler, and drift detection analysis tools to help better manage cloud environments. Introducing a new regional Microsoft Azure service that simplifies the management of Sovereign Landing Zone (SLZ) within the Azure Portal. The following tools are in technical preview:

• The Search functionality within for "Microsoft Cloud for Sovereignty Services" the Azure portal;
• The Landing Zone Configurations in the Azure Portal;
• The Assessment feature - assesses various aspects, such as the SLZ Baseline Policy assignment, Custom Policy Initiatives usage, and individual policy assignments, offering results categorized as good, better, or best based on severity findings.
• The Policy compiler - It systematically analyzes your organization’s policy initiatives by examining key components—such as display names, descriptions, parameters, and effects. By comparing these elements across different policies, the tool detects redundancies, conflicts, and gaps. It then uses this analysis to provide a set of reconciled policy initiatives, making policy management more efficient and reliable.
• The Landing zone drift analyzer monitors and compares the current state of the deployed cloud environment with its original intended landing zone configuration, identifying critical deviations or changes.

Guidance
Sample reference architectures on how to take advantage of LLMs and Microsoft Azure OpenAI Service based on Retrieval Augmented Generation (RAG) pattern with SLZ and guardrails, as well as guidance on workload migrations. Microsoft has updated their Microsoft Cloud Adoption Framework Documents and updated the following topics:

• Sovereignty choices for monitoring Azure workloads;
• Implement encryption with Customer-Managed Keys in Microsoft Cloud for Sovereignty;
• Migrate and modernize with Microsoft Cloud for Sovereignty ;
• illustrative example of using LLMs and Azure OpenAI Service within the context of the retrieval augmented generation (RAG) pattern for generative AI;
• How to configure Microsoft Power Platform and Dataverse environments to improve control over your data and enhance your digital sovereignty posture.

For more information visit the Microsoft Cloud for Sovereignty homepage or product documentation page.