On-Prem: Microsoft's extensive expansion of Azure Local

Microsoft has announced extensive enhancements for Azure, primarily targeting companies with high demands for data sovereignty and resilience. The focus is particularly on hybrid scenarios and operation without a stable internet connection – intended for industries such as manufacturing, healthcare, and the public sector.

The core of the announcement is an update to Azure Local, which is an Azure infrastructure for operation in private data centers. New support has been added for Microsoft 365 Local, allowing email and collaboration services to run entirely in private clouds. Nvidia RTX PRO 6000 Blackwell Server Edition GPUs are now also supported for processing AI workloads locally – for example, where regulatory requirements preclude public cloud usage. Azure Migrate is available for migrations, and fully isolated operating modes without an internet connection are also available in preview.

In the IoT sector, Microsoft is expanding the integration between Azure IoT, Microsoft Fabric, and new analytics capabilities. This includes improved X.509 certificate management in Azure IoT Hub, WebAssembly-based analytics models for edge processing, and enhanced telemetry data processing. The Azure Device Registry will serve as a central management layer for physical assets in the future.

There are also innovations in managing distributed IT landscapes with Azure Arc: a Site Manager organizes resources by physical location, and a GCP connector allows management of Google Cloud resources via Azure. Azure Machine Configuration is now generally available and enables the deployment of operating system policies across Arc-managed servers. For Kubernetes environments, the AKS Fleet Manager supports central rollouts across multiple hybrid clusters, while Workload Identity allows secure access via Entra ID without local secrets.

Sovereignty Promise with Question Marks

However, Microsoft's emphasis on sovereignty and data sovereignty is in tension with the current debate about digital sovereignty in Europe. While the company is responding to concerns about data transfers and dependencies with Azure Local and offline modes, the fundamental problem remains: as a US company, Microsoft is subject to the CLOUD Act, which allows US authorities to access data under certain circumstances – regardless of its storage location. Microsoft can explicitly provide no contrary guarantees.

The EU data boundary, which Microsoft refers to, addresses data localization within Europe but does not resolve the legal questions surrounding potential access. The announced partner certification for a "Digital Sovereignty Specialization" also does not change the fundamental dependency on a US provider.

Nevertheless, the new features remain relevant for companies and authorities with strict compliance requirements – particularly the offline capability and local AI processing could offer solutions in certain scenarios. Whether this will be sufficient to allay fundamental sovereignty concerns, however, is likely to depend on the specific regulatory frameworks and risk assessments of the user organizations. At least for the EU Commission, the EU data boundary can now resolve data protection concerns with Microsoft 365.

According to its statements, Microsoft plans to further expand its data center capacities in Europe by 2027. Details on the new Azure features can be found in the company's Azure blog.

(fo)