Compare Azure Government and global Azure

Microsoft Azure Government uses same underlying technologies as global Azure, which includes the core components of Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS). Both Azure and Azure Government have the same comprehensive security controls in place and the same Microsoft commitment on the safeguarding of customer data. Whereas both cloud environments are assessed and authorized at the FedRAMP High impact level, Azure Government provides an extra layer of protection to customers through contractual commitments regarding storage of customer data in the United States and limiting potential access to systems processing customer data to screened US persons. These commitments may be of interest to customers using the cloud to store or process data subject to US export control regulations.

Export control implications

You are responsible for designing and deploying your applications to meet US export control requirements such as the requirements prescribed in the EAR, ITAR, and DoE 10 CFR Part 810. In doing so, you should not include sensitive or restricted information in Azure resource names, as explained in Considerations for naming Azure resources.

Guidance for developers

Azure Government services operate the same way as the corresponding services in global Azure, which is why most of the existing online Azure documentation applies equally well to Azure Government. However, there are some key differences that developers working on applications hosted in Azure Government must be aware of. For more information, see Guidance for developers. As a developer, you must know how to connect to Azure Government and once you connect you will mostly have the same experience as in global Azure.

You can use AzureCLI or PowerShell to obtain Azure Government endpoints for services you provisioned:

  • Use Azure CLI to run the az cloud show command and provide AzureUSGovernment as the name of the target cloud environment. For example,

    az cloud show --name AzureUSGovernment
    

    should get you different endpoints for Azure Government.

  • Use a PowerShell cmdlet such as Get-AzureEnvironment (or Get-AzureRmEnvironment) to get endpoints and metadata for an instance of Azure service. For example,

    Get-AzureEnvironment -Name AzureUSGovernment
    

    should get you properties for Azure Government. These cmdlets get environments from your subscription data file.

Table below lists API endpoints in Azure vs. Azure Government for accessing and managing some of the more common services. If you provisioned a service that isn't listed in the table below, see the Azure CLI and PowerShell examples above for suggestions on how to obtain the corresponding Azure Government endpoint.


Service category Service name Azure Public Azure Government Notes
AI + Machine Learning Azure Bot Service *.botframework.com *.botframework.azure.us
Azure Form Recognizer *.cognitiveservices.azure.com *.cognitiveservices.azure.us
Computer Vision *.cognitiveservices.azure.com *.cognitiveservices.azure.us
Custom Vision *.cognitiveservices.azure.com *.cognitiveservices.azure.us
Portal
Content Moderator *.cognitiveservices.azure.com *.cognitiveservices.azure.us
Face API *.cognitiveservices.azure.com *.cognitiveservices.azure.us
Language Understanding *.cognitiveservices.azure.com *.cognitiveservices.azure.us
Portal
Personalizer *.cognitiveservices.azure.com *.cognitiveservices.azure.us
QnA Maker *.cognitiveservices.azure.com *.cognitiveservices.azure.us
Speech service See STT API docs Speech Studio

See Speech service endpoints

Speech translation endpoints
Virginia: https://usgovvirginia.s2s.speech.azure.us
Arizona: https://usgovarizona.s2s.speech.azure.us
Text Analytics *.cognitiveservices.azure.com *.cognitiveservices.azure.us
Translator See Translator API docs *.cognitiveservices.azure.us
Analytics HDInsight *.azurehdinsight.net *.azurehdinsight.us
Power BI app.powerbi.com app.powerbigov.us Power BI US Gov
Compute Batch *.batch.azure.com *.batch.usgovcloudapi.net
Cloud Services *.cloudapp.net *.usgovcloudapp.net
Azure Functions *.azurewebsites.net *.azurewebsites.us
Service Fabric *.cloudapp.azure.com *.cloudapp.usgovcloudapi.net
Containers Container Registry Suffix *.azurecr.io *.azurecr.us
Databases Azure Cache for Redis *.redis.cache.windows.net *.redis.cache.usgovcloudapi.net See How to connect to other clouds
Azure Cosmos DB *.documents.azure.com *.documents.azure.us
Azure Database for MariaDB *.mariadb.database.azure.com *.mariadb.database.usgovcloudapi.net
Azure Database for MySQL *.mysql.database.azure.com *.mysql.database.usgovcloudapi.net
Azure Database for PostgreSQL *.postgres.database.azure.com *.postgres.database.usgovcloudapi.net
Azure SQL Database *.database.windows.net *.database.usgovcloudapi.net
Integration Service Bus *.servicebus.windows.net *.servicebus.usgovcloudapi.net
Internet of Things Azure Event Hubs *.servicebus.windows.net *.servicebus.usgovcloudapi.net
Azure IoT Hub *.azure-devices.net *.azure-devices.us
Azure Maps atlas.microsoft.com atlas.azure.us
Notification Hubs *.servicebus.windows.net *.servicebus.usgovcloudapi.net
Management and Governance Azure Monitor logs mms.microsoft.com oms.microsoft.us Log Analytics workspace portal
workspaceId.ods.opinsights.azure.com workspaceId.ods.opinsights.azure.us Data collector API
*.ods.opinsights.azure.com *.ods.opinsights.azure.us
*.oms.opinsights.azure.com *.oms.opinsights.azure.us
portal.loganalytics.io portal.loganalytics.us
api.loganalytics.io api.loganalytics.us
docs.loganalytics.io docs.loganalytics.us
Azure Automation *.azure-automation.net *.azure-automation.us
Portal and Cloud Shell https://portal.azure.com https://portal.azure.us
Gallery URL https://gallery.azure.com/ https://gallery.azure.us/
Migration Azure Site Recovery *.hypervrecoverymanager.windowsazure.com *.hypervrecoverymanager.windowsazure.us Site Recovery service
*.backup.windowsazure.com/ *.backup.windowsazure.us/ Protection service
*.blob.core.windows.net/ *.blob.core.usgovcloudapi.net/ Storing VM snapshots
Public download MySQL Gov download MySQL Download MySQL
Networking Traffic Manager *.trafficmanager.net *.usgovtrafficmanager.net
Security Azure Active Directory https://login.microsoftonline.com https://login.microsoftonline.us
Key Vault *.vault.azure.net *.vault.usgovcloudapi.net Endpoint
cfa8b339-82a2-471a-a3c9-0fc0be7a4093 7e7c393b-45d0-48b1-a35e-2905ddf8183c Service Principal ID
Azure Key Vault Azure Key Vault Service Principal Name
Storage Blob *.blob.core.windows.net *.blob.core.usgovcloudapi.net
Queue *.queue.core.windows.net *.queue.core.usgovcloudapi.net
Table *.table.core.windows.net *.table.core.usgovcloudapi.net
File *.file.core.windows.net *.file.core.usgovcloudapi.net
Web API Management management.azure.com management.usgovcloudapi.net
API Management Gateway *.azure-api.net *.azure-api.us
API Management Portal *.portal.azure-api.net *.portal.azure-api.us
API Management management *.management.azure-api.net *.management.azure-api.us
App Configuration *.azconfig.io *.azconfig.azure.us Endpoint
App Service *.azurewebsites.net *.azurewebsites.us Endpoint
abfa0a7c-a6b6-4736-8310-5855508787cd 6a02c803-dafd-4136-b4c3-5a6f318b4714 Service Principal ID
Azure Cognitive Search *.search.windows.net *.search.windows.us

Service availability

Microsoft's goal for Azure Government is to match service availability in Azure. For service availability in Azure Government, see Products available by region. Services available in Azure Government are listed by category and whether they are Generally Available or available through Preview. If a service is available in Azure Government, that fact is not reiterated in the rest of this article. Instead, you are encouraged to review Products available by region for the latest, up-to-date information on service availability.

In general, service availability in Azure Government implies that all corresponding service features are available to you. Variations to this approach and other applicable limitations are tracked and explained in this article based on the main service categories outlined in the online directory of Azure services. Other considerations for service deployment and usage in Azure Government are also provided.

AI + machine learning

This section outlines variations and considerations when using Azure Bot Service, Azure Machine Learning, and Cognitive Services in the Azure Government environment. For service availability, see Products available by region.

Azure Bot Service

The following Azure Bot Service features are not currently available in Azure Government (updated 8/16/2021):

  • Bot Framework Composer integration
  • Channels (due to availability of dependent services)
    • Teams Channel
    • Direct Line Speech Channel
    • Telephony Channel (Preview)
    • Microsoft Search Channel (Preview)
    • Kik Channel (deprecated)

For more information, see How do I create a bot that uses US Government data center.

Azure Machine Learning

For feature variations and limitations, see Azure Machine Learning sovereign cloud parity.

Cognitive Services: Content Moderator

The following Content Moderator features are not currently available in Azure Government:

  • Review UI and Review APIs.

Cognitive Services: Language Understanding (LUIS)

The following Language Understanding features are not currently available in Azure Government:

  • Speech Requests
  • Prebuilt Domains

Cognitive Services: Speech

For feature variations and limitations, including API endpoints, see Speech service in sovereign clouds.

Cognitive Services: Translator

The following Translator features are not currently available in Azure Government:

  • Custom Translator
  • Translator Hub

Analytics

This section outlines variations and considerations when using Analytics services in the Azure Government environment. For service availability, see Products available by region.

Azure HDInsight

The following HDInsight features are not currently available in Azure Government:

  • HDInsight on Windows
  • Azure Data Lake Storage

Azure Blob Storage is the only available storage option currently.

For secured virtual networks, you will want to allow network security groups (NSGs) access to certain IP addresses and ports. For Azure Government, you should allow the following IP addresses (all with an Allowed port of 443):

Region Allowed IP addresses Allowed port
US DoD Central 52.180.249.174
52.180.250.239
443
US DoD East 52.181.164.168
52.181.164.151
443
US Gov Texas 52.238.116.212
52.238.112.86
443
US Gov Virginia 13.72.49.126
13.72.55.55
13.72.184.124
13.72.190.110
443
US Gov Arizona 52.127.3.176
52.127.3.178
443

You can see a demo on how to build data-centric solutions on Azure Government using HDInsight.

Power BI

For usage guidance, feature variations, and limitations, see Power BI for US government customers. You can also see a demo on how to build data-centric solutions on Azure Government using Power BI.

Power BI Embedded

To learn how to embed analytical content within your business process application, see Tutorial: Embed a Power BI content into your application for national clouds.

Compute

This section outlines variations and considerations when using Compute services in the Azure Government environment. For service availability, see Products available by region.

Virtual Machines

The following Virtual Machines features are not currently available in Azure Government:

  • Settings
    • Continuous delivery
  • Monitoring
    • Application Insights
  • Support + troubleshooting
    • Ubuntu Advantage support plan

Containers

This section outlines variations and considerations when using Container services in the Azure Government environment. For service availability, see Products available by region.

Azure Kubernetes Service

The following Azure Kubernetes Service features are not currently available in Azure Government:

Databases

This section outlines variations and considerations when using Databases services in the Azure Government environment. For service availability, see Products available by region.

Azure Database for MySQL

The following Azure Database for MySQL features are not currently available in Azure Government:

  • Advanced Threat Protection

Azure Database for PostgreSQL

The following Azure Database for PostgreSQL features are not currently available in Azure Government:

  • Hyperscale (Citus) and Flexible server deployment options
  • The following features of the Single server deployment option
    • Advanced Threat Protection
    • Backup with long-term retention

Azure SQL Managed Instance

The following Azure SQL Managed Instance features are not currently available in Azure Government:

  • Long-term retention

Identity

This section outlines variations and considerations when using Identity services in the Azure Government environment. For service availability, see Products available by region.

Azure Active Directory Premium P1 and P2

The following features have known limitations in Azure Government:

  • Limitations with B2B Collaboration in supported Azure US Government tenants:

    • B2B Collaboration is available in most Azure US Government tenants created after June 2019. Over time, more tenants will get access to this functionality. See How can I tell if B2B collaboration is available in my Azure US Government tenant?
    • B2B collaboration is supported between tenants that are both within Azure US Government cloud and that both support B2B collaboration. Azure US Government tenants that support B2B collaboration can also collaborate with social users using Microsoft, Google accounts, or email one-time passcode accounts. If you invite a user outside of these groups (for example, if the user is in a tenant that isn't part of the Azure US Government cloud or doesn't yet support B2B collaboration), the invitation will fail or the user will be unable to redeem the invitation.
    • B2B collaboration via Power BI is not supported. When you invite a guest user from within Power BI, the B2B flow is not used and the guest user won't appear in the tenant's user list. If a guest user is invited through other means, they'll appear in the Power BI user list, but any sharing request to the user will fail and display a 403 Forbidden error.
    • Microsoft 365 Groups are not supported for B2B users and can't be enabled.
  • Limitations with SQL tools:

    • Some SQL tools such as SQL Server Management Studio (SSMS) require you to set the appropriate cloud parameter. In the tool's Azure service setup options, set the cloud parameter to Azure Government.
  • Limitations with multifactor authentication:

    • Hardware OATH tokens are not available in Azure Government.
    • Trusted IPs are not supported in Azure Government. Instead, use Conditional Access policies with named locations to establish when multifactor authentication should and should not be required based off the user's current IP address.
  • Limitations with Azure AD join:

    • Enterprise state roaming for Windows 10 devices is not available

Management and governance

This section outlines variations and considerations when using Management and Governance services in the Azure Government environment. For service availability, see Products available by region.

Note

This article has been updated to use the new Azure PowerShell Az module. You can still use the AzureRM module, which will continue to receive bug fixes until at least December 2020. To learn more about the new Az module and AzureRM compatibility, see Introducing the new Azure PowerShell Az module. For Az module installation instructions, see Install Azure PowerShell.

Azure Advisor

The following Azure Advisor recommendation features are not currently available in Azure Government:

  • High Availability
    • Configure your VPN gateway to active-active for connection resilience
    • Create Azure Service Health alerts to be notified when Azure issues affect you
    • Configure Traffic Manager endpoints for resiliency
    • Use soft delete for your Azure Storage Account
  • Performance
    • Improve App Service performance and reliability
    • Reduce DNS time to live on your Traffic Manager profile to fail over to healthy endpoints faster
    • Improve Azure Synapse Analytics performance
    • Use Premium Storage
    • Migrate your Storage Account to Azure Resource Manager
  • Cost
    • Buy reserved virtual machines instances to save money over pay-as-you-go costs
    • Eliminate unprovisioned ExpressRoute circuits
    • Delete or reconfigure idle virtual network gateways

The calculation for recommending that you should right-size or shut down underutilized virtual machines in Azure Government is as follows:

  • Advisor monitors your virtual machine usage for seven days and identifies low-utilization virtual machines.
  • Virtual machines are considered low utilization if their CPU utilization is 5% or less and their network utilization is less than 2%, or if the current workload can be accommodated by a smaller virtual machine size.

If you want to be more aggressive at identifying underutilized virtual machines, you can adjust the CPU utilization rule on a per subscription basis.

Azure Cost Management and Billing

The following Azure Cost Management + Billing features are not currently available in Azure Government:

  • Cost Management + Billing for cloud solution providers (CSPs)

Azure Lighthouse

The following Azure Lighthouse features are not currently available in Azure Government:

  • Managed Service offers published to Azure Marketplace

Azure Monitor

The following Azure Monitor features are not currently available in Azure Government:

  • Solutions that are in preview in Microsoft Azure, including:
    • Windows 10 Upgrade Analytics solution
    • Application Insights solution
    • Azure Networking Security Group Analytics solution
    • Azure Automation Analytics solution
    • Key Vault Analytics solution
  • Solutions and features that require updates to on-premises software, including:
    • Surface Hub solution
  • Features that are in preview in global Azure, including:
    • Export of data to Power BI
  • Azure metrics and Azure diagnostics

The following Azure Monitor features behave differently in Azure Government:

Frequently asked questions

  • Can I migrate data from Azure Monitor logs in Azure to Azure Government?
    • No. It is not possible to move data or your workspace from Azure to Azure Government.
  • Can I switch between Azure and Azure Government workspaces from the Operations Management Suite portal?
    • No. The portals for Azure and Azure Government are separate and do not share information.

Application Insights

This section describes the supplemental configuration that is required to use Application Insights (part of Azure Monitor) in Azure Government.

Enable Application Insights for ASP.NET & ASP.NET Core with Visual Studio

In Azure Government, you can enable Application Insights with a codeless agent for your Azure App Services hosted applications or via the traditional Add Applications Insights Telemetry button in Visual Studio, which requires a small manual workaround. If you are experiencing the associated issue, you may see error messages like "There is no Azure subscription associated with this account" or "The selected subscription does not support Application Insights" even though the microsoft.insights resource provider has a status of registered for the subscription. To mitigate this issue, you must perform the following steps:

  1. Switch Visual Studio to target the Azure Government cloud.

  2. Create (or if already existing, set) the User Environment variable for AzureGraphApiVersion as follows:

    • Variable name: AzureGraphApiVersion
    • Variable value: 2014-04-01

    To create a User Environment variable, go to Control Panel > System > Advanced system settings > Advanced > Environment Variables.

  3. Make the appropriate Application Insights SDK endpoint modifications for either ASP.NET or ASP.NET Core depending on your project type.

Snapshot Debugger is now available for Azure Government customers. To use Snapshot Debugger, the only other prerequisite is to ensure that you are using Snapshot Collector version 1.3.5 or later. Then follow the standard Snapshot Debugger documentation.

SDK endpoint modifications - In order to send data from Application Insights to the Azure Government region, you will need to modify the default endpoint addresses that are used by the Application Insights SDKs. Each SDK requires slightly different modifications, as described in Application Insights overriding default endpoints.

Note

Connection strings are the new preferred method of setting custom endpoints within Application Insights.

Firewall exceptions - Application Insights uses several IP addresses. You might need to know these addresses if the app that you are monitoring is hosted behind a firewall.

Note

Although these addresses are static, it's possible that we will need to change them from time to time. All Application Insights traffic represents outbound traffic except for availability monitoring and webhooks, which require inbound firewall rules.

You need to open some outgoing ports in your server's firewall to allow the Application Insights SDK and/or Status Monitor to send data to the portal:

Purpose URL IP address Ports
Telemetry dc.applicationinsights.us 23.97.4.113 443

Media

This section outlines variations and considerations when using Media services in the Azure Government environment. For service availability, see Products available by region. For Azure Media Services v3 availability, see Azure clouds and regions in which Media Services v3 exists.

Media Services

For information on how to connect to Media Services v2, see Access the Azure Media Services API with Azure AD authentication. The following Media Services features are not currently available in Azure Government:

  • Analyzing – the Azure Media Indexer 2 Preview Azure Media Analytics media processor is not available in Azure Government.
  • CDN integration – there is no CDN integration with streaming endpoints in Azure Government data centers.

Migration

This section outlines variations and considerations when using Migration services in the Azure Government environment. For service availability, see Products available by region.

Azure Migrate

The following Azure Migrate features are not currently available in Azure Government:

  • Dependency visualization functionality as Azure Migrate depends on Service Map for dependency visualization, which is currently unavailable in Azure Government.
  • You can only create assessments for Azure Government as target regions and using Azure Government offers.

Networking

This section outlines variations and considerations when using Networking services in the Azure Government environment. For service availability, see Products available by region.

Azure ExpressRoute

Azure ExpressRoute is used to create private connections between Azure Government datacenters and your on-premises infrastructure or a colocation facility. ExpressRoute connections do not go over the public Internet—they offer optimized pathways (shortest hops, lowest latency, highest performance, and so on) to Azure Government geo-redundant regions.

  • By default, all Azure Government ExpressRoute connectivity is configured active-active redundant with support for bursting, and it delivers up to 10 G circuit capacity (smallest is 50 MB).
  • Microsoft owns and operates all fiber infrastructure between Azure Government regions and Azure Government ExpressRoute Meet-Me locations.
  • Azure Government ExpressRoute provides connectivity to Microsoft Azure, Microsoft 365, and Dynamics 365 cloud services.

Aside from ExpressRoute, you can also use an IPSec protected VPN (site-to-site for a typical organization) to connect securely from your on-premises infrastructure to Azure Government. For network services to support Azure Government customer applications and solutions, it is recommended that ExpressRoute (private connectivity) is implemented to connect to Azure Government. If you use VPN connections, you should consider the following recommendations:

  • You should contact your authorizing official/agency to determine whether private connectivity or other secure connection mechanism is required and to identify any extra restrictions to consider.
  • You should decide whether to mandate that the site-to-site VPN is routed through a private connectivity zone.
  • You should obtain either a Multi-Protocol Label Switching (MPLS) circuit or VPN with a licensed private connectivity access provider.

If you utilize a private connectivity architecture, you should validate that an appropriate implementation is established and maintained for your connection to the Gateway Network/Internet (GN/I) edge router demarcation point for Azure Government. Similarly, your organization must establish network connectivity between your on-premises environment and Gateway Network/Customer (GN/C) edge router demarcation point for Azure Government.

BGP communities

This section provides an overview of how BGP communities are used with ExpressRoute in Azure Government. Microsoft advertises routes in the public peering and Microsoft peering paths, with routes tagged with appropriate community values. The rationale for doing so and the details on community values are described below.

If you are connecting to Microsoft through ExpressRoute at any one peering location within the Azure Government region, you will have access to all Microsoft cloud services across all regions within the government boundary. For example, if you connected to Microsoft in Washington D.C. through ExpressRoute, you would have access to all Microsoft cloud services hosted in Azure Government. ExpressRoute overview provides details on locations and partners and a list of peering locations for Azure Government.

You can purchase more than one ExpressRoute circuit. Having multiple connections offers you significant benefits on high availability due to geo-redundancy. In cases where you have multiple ExpressRoute circuits, you will receive the same set of prefixes advertised from Microsoft on the public peering and Microsoft peering paths. This arrangement means you will have multiple paths from your network into Microsoft, which can potentially cause suboptimal routing decisions to be made within your network. As a result, you may experience suboptimal connectivity experiences to different services.

Microsoft tags prefixes advertised through public peering and Microsoft peering with appropriate BGP community values indicating the region the prefixes are hosted in. You can rely on the community values to make appropriate routing decisions to offer optimal routing to customers. For more information, see Optimize ExpressRoute routing.

Azure Government region BGP community value
US Gov Arizona 12076:51106
US Gov Virginia 12076:51105
US Gov Texas 12076:51108
US DoD Central 12076:51209
US DoD East 12076:51205

All routes advertised from Microsoft are tagged with the appropriate community value.

In addition to the above, Microsoft also tags prefixes based on the service they belong to. This tagging applies only to the Microsoft peering. The table below provides a mapping of service to BGP community value.

Service in national clouds BGP community value
Exchange Online 12076:5110
SharePoint Online 12076:5120
Skype for Business Online 12076:5130
Dynamics 365 12076:5140
Other Office 365 Online services 12076:5200

Note

Microsoft does not honor any BGP community values that you set on the routes advertised to Microsoft.

For Private Link services availability, see Azure Private Link availability.

Traffic Manager

Traffic Manager health checks can originate from certain IP addresses for Azure Government. Review the IP addresses in the JSON file to ensure that incoming connections from these IP addresses are allowed at the endpoints to check its health status.

Security

This section outlines variations and considerations when using Security services in the Azure Government environment. For service availability, see Products available by region.

Azure Defender for IoT

For feature variations and limitations, see Cloud feature availability for US Government customers.

Azure Information Protection

Azure Information Protection Premium is part of the Enterprise Mobility + Security suite. For details on this service and how to use it, see the Azure Information Protection Premium Government Service Description.

Azure Security Center

For feature variations and limitations, see Cloud feature availability for US Government customers.

Azure Sentinel

For feature variations and limitations, see Cloud feature availability for US Government customers.

Storage

This section outlines variations and considerations when using Storage services in the Azure Government environment. For service availability, see Products available by region.

Azure Backup

The following Azure Backup features are not currently available in Azure Government:

Azure managed disks

The following Azure managed disks features are not currently available in Azure Government:

  • Zone-redundant storage (ZRS)

Azure Storage

For a Quickstart that will help you get started with Storage in Azure Government, see Develop with Storage API on Azure Government.

Storage pairing in Azure Government
Azure relies on paired regions to deliver geo-redundant storage. The following table shows the primary and secondary region pairings in Azure Government.

Geography Regional Pair A Regional Pair B
US Government US Gov Arizona US Gov Texas
US Government US Gov Virginia US Gov Texas

Table in Guidance for developers section shows URL endpoints for main Azure Storage services.

Note

All your scripts and code need to account for the appropriate endpoints. See Configure Azure Storage Connection Strings.

For more information on APIs, see Cloud Storage Account Constructor.

The endpoint suffix to use in these overloads is core.usgovcloudapi.net.

Note

If error 53 ("The network path was not found") is returned while you're mounting the file share, a firewall might be blocking the outbound port. Try mounting the file share on VM that's in the same Azure subscription as the storage account.

When you're deploying the StorSimple Manager service, use the https://portal.azure.us/ URL for the Azure Government portal. For deployment instructions for StorSimple Virtual Array, see StorSimple Virtual Array system requirements. For the StorSimple 8000 series, see StorSimple software, high availability, and networking requirements and go to the Deploy section from the left menu. For more information on StorSimple, see the StorSimple documentation.

Azure Import/Export

With Import/Export jobs for US Gov Arizona or US Gov Texas, the mailing address is for US Gov Virginia. The data is loaded into selected storage accounts from the US Gov Virginia region.

For all jobs, we recommend that you rotate your storage account keys after the job is complete to remove any access granted during the process. For more information, see Manage storage account access keys.

Web

This section outlines variations and considerations when using Web services in the Azure Government environment. For service availability, see Products available by region.

API Management

The following API Management features are not currently available in Azure Government:

  • Azure AD B2C integration

App Service

The following App Service resources are not currently available in Azure Government:

  • App Service Certificate
  • App Service Managed Certificate
  • App Service Domain

The following App Service features are not currently available in Azure Government:

  • Deployment
    • Deployment options: only Local Git Repository and External Repository are available
  • Development tools
    • Resource explorer
  • Azure Government portal
    • Private endpoints for Web Apps cannot be configured in the UI; however, private endpoints are enabled in Azure Government and you can use the Private Link Center if you need the UI.

Azure Functions

The following Functions features are not currently available in Azure Government:

  • Running .NET 5 apps

When connecting your Functions app to Application Insights in Azure Government, make sure you use APPLICATIONINSIGHTS_CONNECTION_STRING, which lets you customize the Application Insights endpoint.

Next steps

Learn more about Azure Government:

Start using Azure Government: