This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Microsoft Azure Government uses same underlying technologies as global Azure, which includes the core components of Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS). Both Azure and Azure Government have the same comprehensive security controls in place and the same Microsoft commitment on the safeguarding of customer data. Whereas both cloud environments are assessed and authorized at the FedRAMP High impact level, Azure Government provides an extra layer of protection to customers through contractual commitments regarding storage of customer data in the United States and limiting potential access to systems processing customer data to screened US persons. These commitments may be of interest to customers using the cloud to store or process data subject to US export control regulations.
Note
These lists and tables do not include feature or bundle availability in the Azure Government Secret or Azure Government Top Secret clouds. For more information about specific availability for air-gapped clouds, please contact your account team.
You're responsible for designing and deploying your applications to meet US export control requirements such as the requirements prescribed in the EAR, ITAR, and DoE 10 CFR Part 810. In doing so, you shouldn't include sensitive or restricted information in Azure resource names, as explained in Considerations for naming Azure resources.
Most of the currently available technical content assumes that applications are being developed on global Azure rather than on Azure Government. For this reason, it’s important to be aware of two key differences in applications that you develop for hosting in Azure Government.
Certain services and features that are in specific regions of global Azure might not be available in Azure Government.
Feature configurations in Azure Government might differ from those in global Azure.
Therefore, it's important to review your sample code and configurations to ensure that you are building within the Azure Government cloud services environment.
For more information, see Azure Government developer guide.
Note
This article has been updated to use the new Azure PowerShell Az module. You can still use the AzureRM module, which will continue to receive bug fixes until at least December 2020. To learn more about the new Az module and AzureRM compatibility, see Introducing the new Azure PowerShell Az module. For Az module installation instructions, see Install the Azure Az PowerShell module.
You can use AzureCLI or PowerShell to obtain Azure Government endpoints for services you provisioned:
Use Azure CLI to run the az cloud show command and provide AzureUSGovernment as the name of the target cloud environment. For example,
az cloud show --name AzureUSGovernment
should get you different endpoints for Azure Government.
Use a PowerShell cmdlet such as Get-AzEnvironment to get endpoints and metadata for an instance of Azure service. For example,
Get-AzEnvironment -Name AzureUSGovernment
should get you properties for Azure Government. This cmdlet gets environments from your subscription data file.
Table below lists API endpoints in Azure vs. Azure Government for accessing and managing some of the more common services. If you provisioned a service that isn't listed in the table below, see the Azure CLI and PowerShell examples above for suggestions on how to obtain the corresponding Azure Government endpoint.
| Service category | Service name | Azure Public | Azure Government | Notes |
|---|---|---|---|---|
| AI + machine learning | Azure Bot Service | botframework.com | botframework.azure.us | |
| Azure AI Document Intelligence | cognitiveservices.azure.com | cognitiveservices.azure.us | ||
| Azure OpenAI Service | openai.azure.com | openai.azure.us | ||
| Computer Vision | cognitiveservices.azure.com | cognitiveservices.azure.us | ||
| Custom Vision | cognitiveservices.azure.com | cognitiveservices.azure.us Portal |
||
| Content Moderator | cognitiveservices.azure.com | cognitiveservices.azure.us | ||
| Face API | cognitiveservices.azure.com | cognitiveservices.azure.us | ||
| Language Understanding | cognitiveservices.azure.com | cognitiveservices.azure.us Portal |
Part of Azure AI Language | |
| Personalizer | cognitiveservices.azure.com | cognitiveservices.azure.us | ||
| QnA Maker | cognitiveservices.azure.com | cognitiveservices.azure.us | Part of Azure AI Language | |
| Speech service | See STT API docs | Speech Studio See Speech service endpoints Speech translation endpoints Virginia: https://usgovvirginia.s2s.speech.azure.usArizona: https://usgovarizona.s2s.speech.azure.us |
||
| Text Analytics | cognitiveservices.azure.com | cognitiveservices.azure.us | Part of Azure AI Language | |
| Translator | See Translator API docs | cognitiveservices.azure.us | ||
| Analytics | Azure HDInsight | azurehdinsight.net | azurehdinsight.us | |
| Event Hubs | servicebus.windows.net | servicebus.usgovcloudapi.net | ||
| Power BI | app.powerbi.com | app.powerbigov.us | Power BI US Gov | |
| Compute | Batch | batch.azure.com | batch.usgovcloudapi.net | |
| Cloud Services | cloudapp.net | usgovcloudapp.net | ||
| Containers | Azure Service Fabric | cloudapp.azure.com | cloudapp.usgovcloudapi.net | |
| Container Registry | azurecr.io | azurecr.us | ||
| Databases | Azure Cache for Redis | redis.cache.windows.net | redis.cache.usgovcloudapi.net | See How to connect to other clouds |
| Azure Cosmos DB | documents.azure.com | documents.azure.us | ||
| Azure Database for MariaDB | mariadb.database.azure.com | mariadb.database.usgovcloudapi.net | ||
| Azure Database for MySQL | mysql.database.azure.com | mysql.database.usgovcloudapi.net | ||
| Azure Database for PostgreSQL | postgres.database.azure.com | postgres.database.usgovcloudapi.net | ||
| Azure SQL Database | database.windows.net | database.usgovcloudapi.net | ||
| Identity | Microsoft Entra ID | login.microsoftonline.com | login.microsoftonline.us | |
| certauth.login.microsoftonline.com | certauth.login.microsoftonline.us | |||
| passwordreset.microsoftonline.com | passwordreset.microsoftonline.us | |||
| Integration | Service Bus | servicebus.windows.net | servicebus.usgovcloudapi.net | |
| Internet of Things | Azure IoT Hub | azure-devices.net | azure-devices.us | |
| Azure Maps | atlas.microsoft.com | atlas.azure.us | ||
| Notification Hubs | servicebus.windows.net | servicebus.usgovcloudapi.net | ||
| Management and governance | Azure Automation | azure-automation.net | azure-automation.us | |
| Azure Monitor Application Insights |
{region}.in.applicationinsights.azure.com | {region}.in.applicationinsights.azure.us | Additional endpoints | |
| Azure Monitor Log Analytics |
mms.microsoft.com | oms.microsoft.us | Log Analytics workspace portal | |
| ods.opinsights.azure.com | ods.opinsights.azure.us | Data collector API | ||
| oms.opinsights.azure.com | oms.opinsights.azure.us | |||
| portal.loganalytics.io | portal.loganalytics.us | |||
| api.loganalytics.io | api.loganalytics.us | |||
| docs.loganalytics.io | docs.loganalytics.us | |||
| adx.monitor.azure.com | adx.monitor.azure.us | Data Explorer queries | ||
| Azure Resource Manager | management.azure.com | management.usgovcloudapi.net | ||
| Gallery URL | gallery.azure.com | gallery.azure.us | ||
| Microsoft Azure portal | portal.azure.com | portal.azure.us | ||
| Microsoft Intune | enterpriseresgistration.windows.net | enterpriseregistration.microsoftonline.us | Enterprise registration | |
| manage.microsoft.com | manage.microsoft.us | Enterprise enrollment | ||
| Migration | Azure Site Recovery | hypervrecoverymanager.windowsazure.com | hypervrecoverymanager.windowsazure.us | Site Recovery service |
| backup.windowsazure.com | backup.windowsazure.us | Protection service | ||
| blob.core.windows.net | blob.core.usgovcloudapi.net | Storing VM snapshots | ||
| Networking | Traffic Manager | trafficmanager.net | usgovtrafficmanager.net | |
| Security | Key Vault | vault.azure.net | vault.usgovcloudapi.net | |
| Managed HSM | managedhsm.azure.net | managedhsm.usgovcloudapi.net | ||
| Storage | Azure Backup | backup.windowsazure.com | backup.windowsazure.us | |
| Blob | blob.core.windows.net | blob.core.usgovcloudapi.net | ||
| Queue | queue.core.windows.net | queue.core.usgovcloudapi.net | ||
| Table | table.core.windows.net | table.core.usgovcloudapi.net | ||
| File | file.core.windows.net | file.core.usgovcloudapi.net | ||
| Virtual desktop infrastructure | Azure Virtual Desktop | See AVD docs | See AVD docs | |
| Web | API Management | management.azure.com | management.usgovcloudapi.net | |
| API Management Gateway | azure-api.net | azure-api.us | ||
| API Management management | management.azure-api.net | management.azure-api.us | ||
| API Management Portal | portal.azure-api.net | portal.azure-api.us | ||
| App Configuration | azconfig.io | azconfig.azure.us | ||
| App Service | azurewebsites.net | azurewebsites.us | ||
| Azure AI Search | search.windows.net | search.azure.us | ||
| Azure Functions | azurewebsites.net | azurewebsites.us |
Microsoft's goal for Azure Government is to match service availability in Azure. For service availability in Azure Government, see Products available by region. Services available in Azure Government are listed by category and whether they're Generally Available or available through Preview. If a service is available in Azure Government, that fact isn't reiterated in the rest of this article. Instead, you're encouraged to review Products available by region for the latest, up-to-date information on service availability.
In general, service availability in Azure Government implies that all corresponding service features are available to you. Variations to this approach and other applicable limitations are tracked and explained in this article based on the main service categories outlined in the online directory of Azure services. Other considerations for service deployment and usage in Azure Government are also provided.
This section outlines variations and considerations when using Azure Bot Service, Azure Machine Learning, and Cognitive Services in the Azure Government environment. For service availability, see Products available by region.
The following Azure Bot Service features aren't currently available in Azure Government:
For information on how to deploy Bot Framework and Azure Bot Service bots to Azure Government, see Configure Bot Framework bots for US Government customers.
For feature variations and limitations, see Azure Machine Learning feature availability across cloud regions.
The following Content Moderator features aren't currently available in Azure Government:
The following Language Understanding features aren't currently available in Azure Government:
Azure AI Language Understanding (LUIS) is part of Azure AI Language.
For feature variations and limitations, including API endpoints, see Speech service in sovereign clouds.
For feature variations and limitations see Azure OpenAI in Azure Gov.
For feature variations and limitations, including API endpoints, see Translator in sovereign clouds.
This section outlines variations and considerations when using Analytics services in the Azure Government environment. For service availability, see Products available by region.
For secured virtual networks, you'll want to allow network security groups (NSGs) access to certain IP addresses and ports. For Azure Government, you should allow the following IP addresses (all with an Allowed port of 443):
| Region | Allowed IP addresses | Allowed port |
|---|---|---|
| US DoD Central | 52.180.249.174 52.180.250.239 |
443 |
| US DoD East | 52.181.164.168 52.181.164.151 |
443 |
| US Gov Texas | 52.238.116.212 52.238.112.86 |
443 |
| US Gov Virginia | 13.72.49.126 13.72.55.55 13.72.184.124 13.72.190.110 |
443 |
| US Gov Arizona | 52.127.3.176 52.127.3.178 |
443 |
For a demo on how to build data-centric solutions on Azure Government using HDInsight, see Azure AI services, HDInsight, and Power BI on Azure Government.
For usage guidance, feature variations, and limitations, see Power BI for US government customers. For a demo on how to build data-centric solutions on Azure Government using Power BI, see Azure AI services, HDInsight, and Power BI on Azure Government.
To learn how to embed analytical content within your business process application, see Tutorial: Embed a Power BI content into your application for national clouds.
This section outlines variations and considerations when using Databases services in the Azure Government environment. For service availability, see Products available by region.
The following Azure Database for MySQL features aren't currently available in Azure Government:
For Flexible Server availability in Azure Government regions, see Azure Database for PostgreSQL – Flexible Server.
The following Azure Database for PostgreSQL features aren't currently available in Azure Government:
This section outlines variations and considerations when using Developer tools in the Azure Government environment. For service availability, see Products available by region.
This section outlines variations and considerations when using Identity services in the Azure Government environment. For service availability, see Products available by region.
For feature variations and limitations, see Cloud feature availability.
For information on how to use Power BI capabilities for collaboration between Azure and Azure Government, see Cross-cloud B2B.
The following features have known limitations in Azure Government:
Limitations with B2B Collaboration in supported Azure US Government tenants:
Limitations with multi-factor authentication:
Azure Active Directory B2C is not available in Azure Government.
The Microsoft Authentication Library (MSAL) enables developers to acquire security tokens from the Microsoft identity platform to authenticate users and access secured web APIs. For feature variations and limitations, see National clouds and MSAL.
This section outlines variations and considerations when using Management and Governance services in the Azure Government environment. For service availability, see Products available by region.
The following Automation features aren't currently available in Azure Government:
For feature variations and limitations, see Azure Advisor in sovereign clouds.
The following Azure Lighthouse features aren't currently available in Azure Government:
The following document contains information about Azure Managed Grafana feature availability in Azure Government: Azure Managed Grafana: Feature availability in sovereign clouds.
Azure Monitor enables the same features in both Azure and Azure Government.
The following options are available for previous versions of System Center Operations Manager:
For more information, see Connect Operations Manager to Azure Monitor.
Frequently asked questions
Application Insights (part of Azure Monitor) enables the same features in both Azure and Azure Government. This section describes the supplemental configuration that is required to use Application Insights in Azure Government.
Visual Studio – In Azure Government, you can enable monitoring on your ASP.NET, ASP.NET Core, Java, and Node.js based applications running on Azure App Service. For more information, see Application monitoring for Azure App Service overview. In Visual Studio, go to Tools|Options|Accounts|Registered Azure Clouds|Add New Azure Cloud and select Azure US Government as the Discovery endpoint. After that, adding an account in File|Account Settings will prompt you for which cloud you want to add from.
SDK endpoint modifications – In order to send data from Application Insights to an Azure Government region, you'll need to modify the default endpoint addresses that are used by the Application Insights SDKs. Each SDK requires slightly different modifications, as described in Application Insights overriding default endpoints.
Firewall exceptions – Application Insights uses several IP addresses. You might need to know these addresses if the app that you're monitoring is hosted behind a firewall. For more information, see IP addresses used by Azure Monitor from where you can download Azure Government IP addresses.
Note
Although these addresses are static, it's possible that we'll need to change them from time to time. All Application Insights traffic represents outbound traffic except for availability monitoring and webhooks, which require inbound firewall rules.
To allow the Application Insights SDK/agent to send data to the Application Insights resource, you need to allow access to the regional endpoint defined in your connection string and open the outgoing port 443 in your firewall. To learn more about the endpoint suffix, see Connection strings in Application Insights.
The following Azure Cost Management + Billing features aren't currently available in Azure Government:
This section outlines variations and considerations when using Media services in the Azure Government environment. For service availability, see Products available by region.
For Azure Media Services v3 feature variations in Azure Government, see Azure Media Services v3 clouds and regions availability.
This section outlines variations and considerations when using Migration services in the Azure Government environment. For service availability, see Products available by region.
The following Azure Migrate features aren't currently available in Azure Government:
For more information, see Azure Migrate support matrix. For a list of Azure Government URLs needed by the Azure Migrate appliance when connecting to the internet, see Azure Migrate appliance URL access.
This section outlines variations and considerations when using Networking services in the Azure Government environment. For service availability, see Products available by region.
For an overview of ExpressRoute, see What is Azure ExpressRoute?. For an overview of how BGP communities are used with ExpressRoute in Azure Government, see BGP community support in National Clouds.
Azure Front Door (AFD) Standard and Premium tiers are available in general availability in Azure Government regions US Gov Arizona and US Gov Texas.
Traffic Manager health checks can originate from certain IP addresses for Azure Government. Review the IP addresses in the JSON file to ensure that incoming connections from these IP addresses are allowed at the endpoints to check its health status.
This section outlines variations and considerations when using Security services in the Azure Government environment. For service availability, see Products available by region.
For feature variations and limitations, see Microsoft Defender for Endpoint for US Government customers.
For feature variations and limitations, see Cloud feature availability for US Government customers.
Azure Information Protection Premium is part of the Enterprise Mobility + Security suite. For details on this service and how to use it, see Azure Information Protection Premium Government Service Description.
For feature variations and limitations, see Cloud feature availability for US Government customers.
For feature variations and limitations, see Cloud feature availability for US Government customers.
This section outlines variations and considerations when using Storage services in the Azure Government environment. For service availability, see Products available by region.
For Azure NetApp Files feature availability in Azure Government and how to access the Azure NetApp Files service within Azure Government, see Azure NetApp Files for Azure Government.
With Import/Export jobs for US Gov Arizona or US Gov Texas, the mailing address is for US Gov Virginia. The data is loaded into selected storage accounts from the US Gov Virginia region. For all jobs, we recommend that you rotate your storage account keys after the job is complete to remove any access granted during the process. For more information, see Manage storage account access keys.
This section outlines variations and considerations when using Web services in the Azure Government environment. For service availability, see Products available by region.
The following API Management features aren't currently available in Azure Government:
The following App Service resources aren't currently available in Azure Government:
The following App Service features aren't currently available in Azure Government:
When connecting your Functions app to Application Insights in Azure Government, make sure you use APPLICATIONINSIGHTS_CONNECTION_STRING, which lets you customize the Application Insights endpoint.
Learn more about Azure Government:
Start using Azure Government:
Documentation
Azure Government Overview - Azure Government
Overview of Azure Government capabilities
Connect to Azure Government using portal - Azure Government
This quickstart shows how to connect to Azure Government and create a web app using portal
Azure Government developer guide - Azure Government
Provides guidance on developing applications for Azure Government
Training
Learning path
Use advance techniques in canvas apps to perform custom updates and optimization - Training
Use advance techniques in canvas apps to perform custom updates and optimization
Certification
Microsoft Certified: Azure Developer Associate - Certifications
Build end-to-end solutions in Microsoft Azure to create Azure Functions, implement and manage web apps, develop solutions utilizing Azure storage, and more.