Data residency in Azure

Azure has more global regions than any other cloud provider—offering the scale and data residency options you need to bring your apps closer to your users around the world.

Most Azure services enable you to specify the region where your customer data will be stored. Microsoft may replicate to other regions for data resiliency, but Microsoft will not replicate or move customer data outside the geo (see Additional information on this page). You and your users may move, copy, or access your customer data from any location globally.

Additional information

Data storage for regional services

Most Azure services are deployed regionally and enable the customer to specify the region into which the service will be deployed. Examples of such Azure services include virtual machines, storage, and SQL Database. For a complete list of regional services, see Products available by region.

Microsoft may copy customer data between regions within a given geo for data redundancy or other operational purposes. For example, geo-redundant storage replicates blob and table data between two regions within the same geo for enhanced data durability in case of a major datacenter disaster.

Microsoft will not store customer data outside the customer-specified geo except for the following regional services:

  • Azure Cloud Services, which backs up web- and worker-role software deployment packages to the United States regardless of the deployment region.
  • Language Understanding, which may store active learning data in the United States, Europe, or Australia based on the authoring regions which the customer uses. Learn more about Language Understanding.
  • Azure Databricks, which stores authentication data in the United States.
  • Azure Machine Learning, which may store freeform text that the customer provides (e.g. names for workspaces, resource groups, experiments, files, and images) and experiment parameters in the United States.
  • Azure Sentinel, which generates new security data—such as incidents, alert rules, and bookmarks—that may contain customer data from the customer’s instances of Azure Monitor Logs. Such security data generated by Azure Sentinel will be stored at rest in Europe (for security data generated from the customer’s Monitor Logs workspaces located in Europe) or in the United States (for security data generated from the customer’s Monitor Logs workspaces located elsewhere).
  • Preview, beta, or other prerelease services, which typically store customer data in the United States but may store it globally.

Customers may configure certain Azure services, tiers, or plans to store customer data only in a single region. These include:

Locally redundant storage (LRS)

Zone-redundant storage (ZRS)

Virtual Machines

Azure App Service Environment

Azure API Management

Azure Backup

Azure Bastion

Azure Cache for Redis

Azure Databricks

Azure Data Explorer

Azure Data Factory

Azure Data Lake

Azure DDoS Protection

Azure Event Hubs

Azure Firewall

Azure Functions

Azure HDInsight

Azure Kubernetes Service (AKS)

Azure Load Balancer

Azure Monitor (Application Insights and Azure Monitor Logs)

Azure Red Hat OpenShift

Azure Service Bus (Premium)

Azure Service Fabric

Azure SignalR Service

Azure Site Recovery

Azure SQL Database

Azure Database for MariaDB

Azure SQL Database for MySQL

Azure Database for PostgreSQL

Azure SQL Managed Instance

Azure Stream Analytics

Azure Container Instances

Azure Network Watcher

Data storage for non-regional services

Certain Azure services do not enable the customer to specify the region where the service will be deployed. These services may store customer data in any Microsoft datacenter unless otherwise specified.

  • Azure Content Delivery Network, which provides a global caching service and stores customer data at edge locations around the world.
  • Azure Active Directory (Azure AD), which may store Azure AD data globally. This does not apply to Azure AD deployments in the United States (where Azure AD data is stored solely in the United States) and in Europe (where Azure AD data is stored in Europe or the United States). Learn more about identity storage for Europe customers in Azure AD.
  • Azure Multi-Factor Authentication, which stores authentication data in the United States. Learn more about Multi-Factor Authentication.
  • Azure Security Center, which may store a copy of security-related customer data, collected from or associated with a customer resource (e.g. virtual machine or Azure AD tenant):

    In the same geo as that resource, except in those geos where Microsoft has yet to deploy Security Center, in which case a copy of such data will be stored in the United States;

    Where Security Center uses another online service to process such data, it may store such data in accordance with the geolocation rules of that other online service.

  • Services that provide global routing functions and do not themselves process or store customer data. This includes Azure Traffic Manager—which provides load balancing between different regions—and Azure DNS—which provides domain name services that route to different regions.

For a complete list of non-regional services, see Products available by region and select Non-regional.