Compare Azure Government and global Azure
Microsoft Azure Government uses same underlying technologies as global Azure, which includes the core components of Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS). Both Azure and Azure Government have the same comprehensive security controls in place, as well as the same Microsoft commitment on the safeguarding of customer data. Whereas both cloud environments are assessed and authorized at the FedRAMP High impact level, Azure Government provides an additional layer of protection to customers through contractual commitments regarding storage of Customer Data in the United States and limiting potential access to systems processing Customer Data to screened US persons. These commitments may be of interest to customers using the cloud to store or process data subject to US export control regulations such as the EAR, ITAR, and DoE 10 CFR Part 810.
Export control implications
Customers are responsible for designing and deploying their applications to meet export control requirements such as those prescribed in the EAR and ITAR. In doing so, customers should not include sensitive or restricted information in Azure resource names, as explained in Considerations for Naming Azure Resources. Data stored or processed in customer VMs, storage accounts, databases, Azure Import/Export, Azure Cache for Redis, ExpressRoute, Azure Cognitive Search, App Service, API Management, and other Azure services suitable for holding, processing, or transmitting Customer Data can contain export-controlled data. However, metadata for these Azure services is not permitted to contain export-controlled data. This metadata includes all configuration data entered when creating and maintaining an Azure service, including subscription names, service names, server names, database names, tenant role names, resource groups, deployment names, resource names, resource tags, circuit name, etc. It also includes all shipping information that is used to transport media for Azure Import/Export, such as carrier name, tracking number, description, return information, drive list, package list, storage account name, container name, etc. Sensitive data should not be included in HTTP headers sent to the REST API in search/query strings as part of the API.
Guidance for developers
Azure Government services operate the same way as the corresponding services in global Azure, which is why most of the existing online Azure documentation applies equally well to Azure Government. However, there are some key differences that developers working on applications hosted in Azure Government must be aware of. For detailed information, see Guidance for developers. As a developer, you must know how to connect to Azure Government and once you connect you will mostly have the same experience as in global Azure. Table below lists URLs in Azure vs. Azure Government for accessing and managing various services.
|Service category||Service name||Azure Public||Azure Government||Notes|
|AI + Machine Learning||Azure Bot Service||*.botframework.com||*.botframework.azure.us|
|Computer Vision||See Computer Vision docs||Endpoint URL|
|Custom Vision||See Training and Prediction API references||Portal|
|Content Moderator||See Content Moderator docs||Endpoint URL|
|Face||See Face API docs||Endpoint URL|
|Language Understanding||See LUIS REST API docs||Portal|
|QnA Maker||See QnA Maker docs||QnA Maker endpoint|
|Speech Service||See STT API docs||Custom Speech Portal|
|Translator Text||See Translator API docs||Endpoint URL|
|Power BI||app.powerbi.com||app.powerbigov.us||Power BI US Gov|
|Databases||Azure Cache for Redis||*.redis.cache.windows.net||*.redis.cache.usgovcloudapi.net||See How to connect to other clouds|
|Azure Cosmos DB||*.documents.azure.com||*.documents.azure.us|
|Azure Database for MariaDB||*.mariadb.database.azure.com||*.mariadb.database.usgovcloudapi.net|
|Azure Database for MySQL||*.mysql.database.azure.com||*.mysql.database.usgovcloudapi.net|
|Azure Database for PostgreSQL||*.postgres.database.azure.com||*.postgres.database.usgovcloudapi.net|
|Azure SQL Database||*.database.windows.net||*.database.usgovcloudapi.net|
|Internet of Things||Azure Event Hubs||*.servicebus.windows.net||*.servicebus.usgovcloudapi.net|
|Azure IoT Hub||*.azure-devices.net||*.azure-devices.us|
|Management and Governance||Azure Monitor logs||mms.microsoft.com||oms.microsoft.us||Log Analytics workspace portal|
|workspaceId.ods.opinsights.azure.com||workspaceId.ods.opinsights.azure.us||Data collector API|
|*.ods.opinsights.azure.com||*.ods.opinsights.azure.us||Agent comms - configuring firewall settings|
|*.oms.opinsights.azure.com||*.oms.opinsights.azure.us||Agent comms - configuring firewall settings|
|*.blob.core.windows.net||*.blob.core.usgovcloudapi.net||Agent comms - configuring firewall settings|
|portal.loganalytics.io||portal.loganalytics.us||Advanced Analytics Portal - configuring firewall settings|
|api.loganalytics.io||api.loganalytics.us||Advanced Analytics Portal - configuring firewall settings|
|docs.loganalytics.io||docs.loganalytics.us||Advanced Analytics Portal - configuring firewall settings|
|*.azure-automation.net||*.azure-automation.us||Azure Automation - configuring firewall settings|
|N/A||*.usgovtrafficmanager.net||Azure Traffic Manager - configuring firewall settings|
|Migration||Azure Site Recovery||*.hypervrecoverymanager.windowsazure.com||*.hypervrecoverymanager.windowsazure.com||Site Recovery service|
|*.blob.core.windows.net/||*.blob.core.usgovcloudapi.net/||Storing VM snapshots|
|Public download MySQL||Gov download MySQL||Download MySQL|
|Security||Azure Active Directory||https://login.microsoftonline.com||https://login.microsoftonline.us|
|cfa8b339-82a2-471a-a3c9-0fc0be7a4093||7e7c393b-45d0-48b1-a35e-2905ddf8183c||Service Principal ID|
|Azure Key Vault||Azure Key Vault||Service Principal Name|
|Web||API Management Gateway||*.azure-api.net||*.azure-api.us|
|API Management Portal||*.portal.azure-api.net||*.portal.azure-api.us|
|API Management management||*.management.azure-api.net||*.management.azure-api.us|
|abfa0a7c-a6b6-4736-8310-5855508787cd||6a02c803-dafd-4136-b4c3-5a6f318b4714||Service Principal ID|
|Azure Cognitive Search||*.search.windows.net||*.search.windows.us|
Microsoft’s goal is to enable 100% parity in service availability between Azure and Azure Government. To find out which services are available in Azure Government, customers should visit the products available by region dashboard. The services available in Azure Government are listed by category, as well as whether they are Generally Available or available through Preview. If a service is available in Azure Government, that fact is not reiterated in the sections below. Instead, customers are encouraged to visit the products available by region dashboard for the latest, up-to-date information on service availability.
In general, service availability in Azure Government implies that all corresponding service features are available to customers. Variations to this approach and other applicable limitations are tracked and explained in the sections below based on the main service categories outlined in the online directory of Azure services. Additional considerations for service deployment and usage in Azure Government are also provided.
AI + Machine Learning
This section outlines variations and considerations when using Cognitive Services and the Azure Bot Service in the Azure Government environment. For service availability, see the products available by region dashboard.
The following Azure Bot Service features are not currently available in Azure Government:
- BotBuilder V3 Bot Templates
- Cortana channel
- Skype for Business Channel
- Teams Channel
- Slack Channel
- Office 365 Email Channel
- Facebook Messenger Channel
- Telegram Channel
- Kik Messenger Channel
- GroupMe Channel
- Skype Channel
- Application Insights related capabilities including the Analytics Tab
- Speech Priming Feature
- Payment Card Feature
Commonly used services in bot applications that are not currently available in Azure Government:
- Application Insights
- Speech Service
For more information, see How do I create a bot that uses US Government data center.
The following Content Moderator features are not currently available in Azure Government:
- Review UI and Review APIs.
The following Language Understanding features are not currently available in Azure Government:
- Speech Requests
- Prebuilt Domains
The following Speech Service features are not currently available in Azure Government:
- Custom Voice
- Neural voices for Text-to-Speech See details of supported locales by features in Language and region support for the Speech Services.
The following Translator Text features are not currently available in Azure Government:
- Custom Translator
- Translator Hub
This section outlines variations and considerations when using Analytics services in the Azure Government environment. For service availability, see the products available by region dashboard.
The following HDInsight features are not currently available in Azure Government:
- HDInsight on Windows.
- Azure Data Lake Store. Azure Blob Storage is the only available storage option currently.
For secured virtual networks, you will want to allow Network Security Groups (NSGs) access to certain IP addresses and ports. For Azure Government, you should allow the following IP addresses (all with an Allowed port of 443):
|Region||Allowed IP addresses||Allowed port|
|US DoD Central||220.127.116.11 18.104.22.168||443|
|US DoD East||22.214.171.124 126.96.36.199||443|
|US Gov Texas||188.8.131.52 184.108.40.206||443|
|US Gov Virginia||220.127.116.11 18.104.22.168 22.214.171.124 126.96.36.199||443|
|US Gov Arizona||188.8.131.52 184.108.40.206||443|
You can see a demo on how to build data-centric solutions on Azure Government using HDInsight.
The following Power BI features are not currently available in Azure Government:
- Portal support.
You can see a demo on how to build data-centric solutions on Azure Government using Power BI.
The content pack that typically makes activity logs and such available is not intended for use on Government tenants. The intention is to use Log Analytics for the purpose of the logs that aren't available through the content pack.
The following Power BI Embedded features are not yet available in Azure Government:
- Portal support.
This section outlines variations and considerations when using Compute services in the Azure Government environment. For service availability, see the products available by region dashboard.
The following Virtual Machines features are not currently available in Azure Government:
- Continuous delivery
- Application Insights
- Support + Troubleshooting
- Ubuntu Advantage support plan
The following Azure Functions features are not currently available in Azure Government:
This section outlines variations and considerations when using Databases services in the Azure Government environment. For service availability, see the products available by region dashboard.
The following Azure Database for MySQL features are not currently available in Azure Government:
- Advanced Threat Protection
- Private endpoint connections
The following Azure Database for PostgreSQL features are not currently available in Azure Government:
- Advanced Threat Protection
- Private endpoint connections
This section outlines variations and considerations when using Developer Tools services in the Azure Government environment. For service availability, see the products available by region dashboard.
The following Azure DevTest Labs features are not currently available in Azure Government:
- Auto shutdown feature for Azure Compute VMs; however, setting auto shutdown for Labs and Lab Virtual Machines is available.
Internet of Things
This section outlines variations and considerations when using Internet of Things services in the Azure Government environment. For service availability, see the products available by region dashboard.
If you are using the IoT Hub connection string (instead of the Event Hub-compatible settings) with the Microsoft Azure Service Bus .NET client library to receive telemetry or operations monitoring events, then be sure to use WindowsAzure.ServiceBus NuGet package version 4.1.2 or higher.
Management and Governance
This section outlines variations and considerations when using Management and Governance services in the Azure Government environment. For service availability, see the products available by region dashboard.
This article has been updated to use the new Azure PowerShell Az module. You can still use the AzureRM module, which will continue to receive bug fixes until at least December 2020. To learn more about the new Az module and AzureRM compatibility, see Introducing the new Azure PowerShell Az module. For Az module installation instructions, see Install Azure PowerShell.
This section describes the supplemental configuration that is required to use Application Insights (part of Azure Monitor) in Azure Government.
Azure Government customers can enable Application Insights with a codeless agent for their Azure App Services hosted applications or via the traditional Add Applications Insights Telemetry button in Visual Studio, which requires a small manual workaround. Customers experiencing the associated issue may see error messages like "There is no Azure subscription associated with this account or "The selected subscription does not support Application Insights even though the microsoft.insights resource provider has a status of registered for the subscription. To mitigate this issue, you must perform the following steps:
Switch Visual Studio to target the Azure Government cloud.
Create (or if already existing set) the User Environment variable for AzureGraphApiVersion as follows: (To create a User Environment variable go to Control Panel > System > Advanced system settings > Advanced > Environment Variables.)
Variable name: AzureGraphApiVersion Variable value: 2014-04-01
Snapshot Debugger Snapshot Debugger is now available for Azure Government customers. To use Snapshot Debugger the only additional prerequisite is to insure that you are using Snapshot Collector version 1.3.5 or later. Then simply follow the standard Snapshot Debugger documentation.
SDK endpoint modifications In order to send data from Application Insights to the Azure Government region, you will need to modify the default endpoint addresses that are used by the Application Insights SDKs. Each SDK requires slightly different modifications, as described in Application Insights overriding default endpoints.
Connection strings are the new preferred method of setting custom endpoints within Application Insights.
Firewall exceptions Application Insights uses a number of IP addresses. You might need to know these addresses if the app that you are monitoring is hosted behind a firewall.
Although these addresses are static, it's possible that we will need to change them from time to time. All Application Insights traffic represents outbound traffic except for availability monitoring and webhooks, which require inbound firewall rules.
You need to open some outgoing ports in your server’s firewall to allow the Application insights SDK and/or Status Monitor to send data to the portal:
This article was recently updated to use the term Azure Monitor logs instead of Log Analytics. Log data is still stored in a Log Analytics workspace and is still collected and analyzed by the same Log Analytics service. We are updating the terminology to better reflect the role of logs in Azure Monitor. See Azure Monitor terminology changes for details.
The following Azure Monitor logs features are not currently available in Azure Government:
- Solutions that are in preview in Microsoft Azure, including:
- Service Map
- Windows 10 Upgrade Analytics solution
- Application Insights solution
- Azure Networking Security Group Analytics solution
- Azure Automation Analytics solution
- Key Vault Analytics solution
- Solutions and features that require updates to on-premises software, including:
- Surface Hub solution
- Features that are in preview in global Azure, including:
- Export of data to Power BI
- Azure metrics and Azure diagnostics
The following Azure Monitor logs features behave differently in Azure Government:
- To connect your System Center Operations Manager management group to Azure Monitor logs, you need to download and import updated management packs.
- System Center Operations Manager 2016
- Install Update Rollup 2 for System Center Operations Manager 2016.
- Import the management packs included as part of Update Rollup 2 into Operations Manager. For information about how to import a management pack from a disk, see How to Import an Operations Manager Management Pack.
- To connect Operations Manager to Azure Monitor logs, follow the steps in Connect Operations Manager to Azure Monitor logs.
- System Center Operations Manager 2012 R2 UR3 (or later) / Operations Manager 2012 SP1 UR7 (or later)
- Download and save the updated management packs.
- Unzip the file that you downloaded.
- Import the management packs into Operations Manager. For information about how to import a management pack from a disk, see How to Import an Operations Manager Management Pack.
- To connect Operations Manager to Azure Monitor logs, follow the steps in Connect Operations Manager to Azure Monitor logs.
- System Center Operations Manager 2016
- For more information about using computer groups from Configuration Manager, see Connect Configuration Manager to Azure Monitor.
Frequently asked questions
- Can I migrate data from Azure Monitor logs in Microsoft Azure to Azure Government?
- No. It is not possible to move data or your workspace from Microsoft Azure to Azure Government.
- Can I switch between Microsoft Azure and Azure Government workspaces from the Operations Management Suite portal?
- No. The portals for Microsoft Azure and Azure Government are separate and do not share information.
The following Azure Advisor recommendation features are not currently available in Azure Government:
- High Availability
- Configure your VPN gateway to active-active for connection resilience
- Create Azure Service Health alerts to be notified when Azure issues affect you
- Configure Traffic Manager endpoints for resiliency
- Use soft delete for your Azure Storage Account
- Improve App Service performance and reliability
- Reduce DNS time to live on your Traffic Manager profile to fail over to healthy endpoints faster
- Improve SQL Data Warehouse performance
- Use Premium Storage
- Migrate your Storage Account to Azure Resource Manager
- Buy reserved virtual machines instances to save money over pay-as-you-go costs
- Eliminate unprovisioned ExpressRoute circuits
- Delete or reconfigure idle virtual network gateways
The calculation used to recommend that you should right-size or shut down underutilized virtual machines is as follows in Azure Government:
Advisor monitors your virtual machine usage for 7 days and identifies low-utilization virtual machines. Virtual machines are considered low utilization if their CPU utilization is 5% or less and their network utilization is less than 2% or if the current workload can be accommodated by a smaller virtual machine size. If you want to be more aggressive at identifying underutilized virtual machines, you can adjust the CPU utilization rule on a per subscription basis.
This section outlines variations and considerations when using Media services in the Azure Government environment. For service availability, see the products available by region dashboard. For Azure Media Services v3 availability, see Azure clouds and regions in which Media Services v3 exists.
For information on how to connect to Media Services v2, see Access the Azure Media Services API with Azure AD authentication. The following Media Services features are not currently available in Azure Government:
- Analyzing – the Azure Media Indexer 2 Preview Azure Media Analytics media processor is not available in Azure Government.
- CDN integration – there is no CDN integration with streaming endpoints in Azure Government data centers.
This section outlines variations and considerations when using Migration services in the Azure Government environment. For service availability, see the products available by region dashboard.
The following Azure Migrate features are not currently available in Azure Government:
- Dependency visualization functionality as Azure Migrate depends on Service Map for dependency visualization which is currently unavailable in Azure Government.
- You can only create assessments for Azure Government as target regions and using Azure Government offers.
The following Azure Site Recovery features are not currently available in Azure Government:
- Email notification
This section outlines variations and considerations when using Networking services in the Azure Government environment. For service availability, see the products available by region dashboard.
Azure ExpressRoute is used to create private connections between Azure Government datacenters and customer’s on-premises infrastructure or a colocation facility. ExpressRoute connections do not go over the public Internet—they offer optimized pathways (shortest hops, lowest latency, highest performance, etc.) for customers and Azure Government geo-redundant regions.
- By default, all Azure Government ExpressRoute connectivity is configured active-active redundant with support for bursting, and it delivers up to 10 G circuit capacity (smallest is 50 MB).
- Microsoft owns and operates all fiber infrastructure between Azure Government regions and Azure Government ExpressRoute Meet-Me locations.
- Azure Government ExpressRoute provides connectivity to Microsoft Azure, Office 365, and Dynamics 365 cloud services.
Aside from ExpressRoute, customers can also use an IPSec protected VPN (site-to-site for a typical organization) to connect securely from their on-premises infrastructure to Azure Government. For network services to support Azure Government customer applications and solutions, it is strongly recommended that ExpressRoute (private connectivity) is implemented to connect to Azure Government. If VPN connections are used, the following should be considered:
- Customers should contact their authorizing official/agency to determine whether private connectivity or other secure connection mechanism is required and to identify any additional restrictions to consider.
- Customers should decide whether to mandate that the site-to-site VPN is routed through a private connectivity zone.
- Customers should obtain either a Multi-Protocol Label Switching (MPLS) circuit or VPN with a licensed private connectivity access provider.
All customers who utilize a private connectivity architecture should validate that an appropriate implementation is established and maintained for the customer connection to the Gateway Network/Internet (GN/I) edge router demarcation point for Azure Government. Similarly, your organization must establish network connectivity between your on-premises environment and Gateway Network/Customer (GN/C) edge router demarcation point for Azure Government.
This section provides an overview of how BGP communities are used with ExpressRoute in Azure Government. Microsoft advertises routes in the public and Microsoft peering paths with routes tagged with appropriate community values. The rationale for doing so and the details on community values are described below.
If you are connecting to Microsoft through ExpressRoute at any one peering location within the Azure Government region, you will have access to all Microsoft cloud services across all regions within the government boundary. For example, if you connected to Microsoft in Washington D.C. through ExpressRoute, you would have access to all Microsoft cloud services hosted in Azure Government. ExpressRoute overview provides details on locations and partners, as well as a list of peering locations for Azure Government.
You can purchase more than one ExpressRoute circuit. Having multiple connections offers you significant benefits on high availability due to geo-redundancy. In cases where you have multiple ExpressRoute circuits, you will receive the same set of prefixes advertised from Microsoft on the public peering and Microsoft peering paths. This means you will have multiple paths from your network into Microsoft. This can potentially cause sub-optimal routing decisions to be made within your network. As a result, you may experience sub-optimal connectivity experiences to different services.
Microsoft tags prefixes advertised through public peering and Microsoft peering with appropriate BGP community values indicating the region the prefixes are hosted in. You can rely on the community values to make appropriate routing decisions to offer optimal routing to customers. For additional details, see Optimize ExpressRoute Routing.
|Azure Government region||BGP community value|
|US Gov Arizona||12076:51106|
|US Gov Virginia||12076:51105|
|US Gov Texas||12076:51108|
|US DoD Central||12076:51209|
|US DoD East||12076:51205|
All routes advertised from Microsoft are tagged with the appropriate community value.
In addition to the above, Microsoft also tags prefixes based on the service they belong to. This applies only to the Microsoft peering. The table below provides a mapping of service to BGP community value.
|Service in national clouds||BGP community value|
|Skype for Business Online||12076:5130|
|Other Office 365 Online services||12076:5200|
Microsoft does not honor any BGP community values that you set on the routes advertised to Microsoft.
Traffic Manager health checks can originate from certain IP addresses for Azure Government. Review the IP addresses in the JSON file to ensure that incoming connections from these IP addresses are allowed at the endpoints to check its health status.
This section outlines variations and considerations when using Security services in the Azure Government environment. For service availability, see the products available by region dashboard.
The following features have known limitations in Azure Government:
Limitations with B2B Collaboration in supported Azure US Government tenants:
- B2B Collaboration is available in Azure US Government tenants created after June, 2019. Over time, more tenants will get access to this functionality. See How can I tell if B2B collaboration is available in my Azure US Government tenant?.
- B2B collaboration is currently only supported between tenants that are both within Azure US Government cloud and that both support B2B collaboration. If you invite a user in a tenant that isn't part of the Azure US Government cloud or that doesn't yet support B2B collaboration, the invitation will fail or the user will be unable to redeem the invitation.
- B2B collaboration via Power BI is not supported. When you invite a guest user from within Power BI, the B2B flow is not used and the guest user won't appear in the tenant's user list. If a guest user is invited through other means, they'll appear in the Power BI user list, but any sharing request to the user will fail and display a 403 Forbidden error.
- Office 365 Groups are not supported for B2B users and can't be enabled.
- Some SQL tools such as SSMS require you to set the appropriate cloud parameter. In the tool's Azure Service setup options, set the cloud parameter to Azure US Government.
Limitations with Multi-factor Authentication:
- Hardware OATH tokens are not available in Azure Government.
- Trusted IPs are not supported in Azure Government. Instead, use Conditional Access policies with named locations to establish when Multi-Factor Authentication should and should not be required based off the user's current IP address.
Limitations with Azure AD Join:
- Enterprise state roaming for Windows 10 devices is not available
Azure Information Protection Premium is part of the Enterprise Mobility + Security suite. For details on this service and how to use it, see the Azure Information Protection Premium Government Service Description.
The following Azure Security Center features are not currently available in Azure Government:
1st and 3rd party integrations
- The Qualys Vulnerability Assessment agent.
Security Center internal assessments are provided to discover security misconfigurations, based on Common Configuration Enumeration such as password policy, windows FW rules, local machine audit and security policy, and additional OS hardening settings.
- Specific detections: Detections based on VM log periodic batches, Azure core router network logs, threat intelligence reports, and detections for App Service.
Near real-time alerts generated based on security events and raw data collected from the VMs are captured and displayed.
- Security incidents: The aggregation of alerts for a resource, known as a security incident.
- Threat intelligence enrichment: Geo-enrichment and the threat intelligence option.
- UEBA for Azure resources: Integration with Microsoft Cloud App Security for user and entity behavior analytics on Azure resources.
- Advanced threat detection: Azure Security Center standard tier in Azure Government does not support threat detection for App Service.
Threat detection for storage accounts is available in US government clouds, but no other sovereign or Azure government cloud regions.
- OS Security Configuration: Vulnerability specific metadata, such as the potential impact and countermeasures for OS security configuration vulnerabilities.
Azure Security Center FAQ
For Azure Security Center FAQ, see Azure Security Center frequently asked questions public documentation. Additional FAQ for Azure Security Center in Azure Government are listed below.
What will customers be charged for Azure Security Center in Azure Government? The standard tier of Azure Security Center is free for the first 30 days. Should you choose to continue to use public preview or generally available standard features beyond 30 days, we automatically start to charge for the service.
What features are available for Azure Security Center government customers? A detailed list of feature variations in the Azure Security Center government offering can found in the variations section of this article. All other Azure Security Center capabilities can be referenced in the Azure Security Center public documentation.
What is the compliance commitment for Azure Security Center in Azure Government? Azure Security Center in Azure Government has achieved FedRAMP High authorization.
Is Azure Security Center available for DoD customers? Azure Security Center is deployed on Azure Government regions but not DoD regions. Azure resources created in DoD regions can still utilize Security Center capabilities. However, using it will result in Security Center collected data being moved out from DoD regions and stored in Azure Government regions. By default, all Security Center features which collect and store data are disabled for resources hosted in DoD regions. The type of data collected and stored varies depending on the selected feature. Customers who want to enable Azure Security Center features for DoD resources are recommended to consider data residency before doing so.
The following features have known limitations in Azure Government:
- Office 365 data connector
- The Office 365 data connector can be used only for Office 365 GCC High.
- AWS CloudTrail data connector
- The AWS CloudTrail data connector can be used only for AWS in the Public Sector.
For information about EMS suite capabilities in Azure Government, see the Enterprise Mobility + Security for US Government Service Description.
This section outlines variations and considerations when using Storage services in the Azure Government environment. For service availability, see the products available by region dashboard.
For a Quickstart that will help you get started with Storage in Azure Government, see Develop with Storage API on Azure Government.
|Geography||Regional Pair A||Regional Pair B|
|US Government||US Gov Arizona||US Gov Texas|
|US Government||US Gov Virginia||US Gov Texas|
Table in Guidance for developers section shows URL endpoints for main Azure Storage services.
All your scripts and code need to account for the appropriate endpoints. See Configure Azure Storage Connection Strings.
For more information on APIs, see the Cloud Storage Account Constructor.
The endpoint suffix to use in these overloads is core.usgovcloudapi.net.
If error 53 ("The network path was not found") is returned while you're mounting the file share, a firewall might be blocking the outbound port. Try mounting the file share on VM that's in the same Azure subscription as the storage account.
When you're deploying the StorSimple Manager service, use the https://portal.azure.us/ URL for the Azure Government portal. For deployment instructions for StorSimple Virtual Array, see StorSimple Virtual Array system requirements. For the StorSimple 8000 series, see StorSimple software, high availability, and networking requirements and go to the Deploy section from the left menu. For more information on StorSimple, see the StorSimple documentation.
With Import/Export jobs for US Gov Arizona or US Gov Texas, the mailing address is for US Gov Virginia. The data is loaded into selected storage accounts from the US Gov Virginia region.
For DoD L5 data, use a DoD region storage account to ensure that data is loaded directly into the DoD regions.
For all jobs, we recommend that you rotate your storage account keys after the job is complete to remove any access granted during the process. For more information, see Manage storage account access keys.
This section outlines variations and considerations when using Web services in the Azure Government environment. For service availability, see the products available by region dashboard.
The following API Management features are not currently available in Azure Government:
- Azure AD B2C Integration
The following App Service features are not currently available in Azure Government:
- Deployment Options: only Local Git Repository and External Repository are available
- Development Tools
- Resource explorer
For a self-directed exploration of search functionality using public government data, visit the Content Search and Intelligence web site, select the dataset "US Court of Appeals District 1", and then choose one of the demo options.
Search features that have been widely adopted in government search applications include cognitive skills, useful for extracting structure and information from large undifferentiated text documents.
Basic query syntax, formulating queries to search over large amounts of content, is also relevant to application developers. Azure Cognitive Search supports two syntaxes: simple and full. You can review query expression examples for an orientation.
Learn more about Azure Government:
Start using Azure Government: