Sovereign by customer request: Microsoft significantly expands EU cloud

Contents

Microsoft is significantly expanding its Sovereign Cloud as part of a major update. The Sovereign Private Cloud is completely new, but the Sovereign Public Cloud also has many new functions. Microsoft is also working with local providers as part of the National Partner Clouds. With all these offerings, the US company aims to “strengthen digital assurances for Europe [...]”, giving customers “greater freedom of choice, more control over their data and the most robust digital resilience”.

Somewhat or completely sovereign?

The Sovereign Private Cloud is designed for users who want to run their cloud workloads under complete control at a location of their choice. The servers can therefore be located on site, in partner data centers, or just in your country. Whether the operation is hybrid or air-gapped (i.e., isolated from the rest of the Azure cloud) is up to the customer. The Sovereign Private Cloud includes the existing Azure Local offering, which allows users to connect local workloads to Azure or manage them with Azure tools.

Microsoft 365 Local, with which the Office service including Exchange Server and SharePoint Server can also be provided in a sovereign environment, is completely new and part of the Sovereign Private Cloud. Microsoft writes in the announcement that the Sovereign Private Cloud is being developed for “governments, critical industries and regulated sectors that need to meet the highest standards for data residency, operational autonomy and segregated access”. In an interview with iX, Microsoft also stated that the Sovereign Private Cloud or Microsoft 365 Local is in principle open to all customers. It remains to be seen what impact the new offering will have on the debate surrounding Microsoft 365 in the education sector. The Sovereign Private Cloud is currently being previewed, but is expected to be generally available this year.

No uncontrolled access

The Sovereign Public Cloud is also currently in a preview phase and should also be generally available in all European Azure regions in the course of the year. It is the further development of the Microsoft Cloud for Sovereignty. As part of the Sovereign Public Cloud, Microsoft is introducing a Data Guardian: in parallel with the Group's EU Data Boundary, it will ensure that data from EU customers is stored and processed exclusively in Europe. What is new is that remote access to the affected Sovereign Cloud systems is controlled exclusively by Microsoft employees based in Europe. This means that if Microsoft employees outside Europe require access to such systems, those responsible here must first approve this and also log it in a tamper-proof general ledger.

IT Summit 2025: Digital sovereignty – Basis for resilient IT

Whether cloud, AI or M365: hardly any company today can do without software and services from the USA. In view of the political upheavals since the start of Donald Trump's presidency, more and more IT managers are asking themselves: How can I reduce dependencies and make my own IT more sovereign, more resilient and therefore more future-proof?

The IT Summit by heise 2025 on November 11 and 12 in Munich provides answers. Renowned experts will explain what European cloud hosters can do compared to US hyperscalers and how to operate AI solutions locally. Learn from case studies how other companies have reduced their digital dependency. Find out how open source makes your software landscape more independent and why more digital sovereignty improves IT security.

The IT Summit by heise 2025, the new conference for IT managers, will take place on November 11 and 12 at Nemetschek Haus in Munich. The organizer is heise conferences, the program comes from the iX editorial team.

Another new feature is that customers can take over the key management for the encryption of their data completely themselves, or have it carried out by a third party. In this way, Microsoft wants to guarantee additional data protection, as access to the keys on the local hardware security module (HSM) is completely under the user's control. In the announcement, Microsoft emphasizes the close cooperation with HSM manufacturers such as Utimaco from Aachen, Thales from France and Futurex from the USA. The new External Key Management is an extension of the existing Azure Managed HSM. Users can already use this service to manage their cloud security modules.

For the Sovereign Public Cloud, there is also a new service for administering the sovereignty functions: Regulated Environment Management. Microsoft states that those responsible can configure, deploy and monitor their workloads centrally. Examples include the Data Guardian guidelines or checking access log entries.

Partners for higher requirements

Finally, Microsoft is building on National Partner Clouds from Germany and France as the third pillar of the Sovereign Cloud. Here, third-party providers operate Azure and Microsoft 365 services completely independently. One example is the agreement with the SAP subsidiary Delos Cloud, which offers a sovereign cloud for public authorities and is intended to meet the regulatory requirements of the public sector. This approach is currently explicitly intended for public authorities and critical infrastructures (KRITIS). Readers can find an overview of the structure of the Microsoft Sovereign Cloud in the announcement on the Microsoft blog.

US hyperscalers such as Microsoft are currently greatly expanding their range of sovereign clouds. While the company emphasizes that it offers the “most comprehensive range of sovereignty solutions” and that it primarily implements the requirements of EU customers within its existing cloud infrastructure, competitor AWS is taking a different approach: Amazon is currently building a completely independent cloud in Brandenburg, which will not have any critical legal or technical connections to the regular AWS cloud. Google, on the other hand, was able to convince the Bundeswehr to use an isolated private cloud environment.

(fo)