Did you know that Microsoft Azure is not just one public cloud? Most of us only interact with the Public Azure Cloud, but this isn’t the only Microsoft Azure cloud. There are actually four different Microsoft Azure clouds. Let’s take a look at how Microsoft Azure itself is actually multiple clouds offered by Microsoft!



How many clouds is Microsoft Azure?

When we think of Microsoft Azure, we generally think of it just being the single cloud offering from Microsoft. However, there are actually 4 different, hosted clouds called Microsoft Azure. There’s the Public Azure Cloud that most of us are familiar with, but there’s also separate Azure clouds for US Government, Germany, and China. Overall, Microsoft Azure consists of 61 regions across all Azure Clouds.

To get a listing of all the different clouds under the Microsoft Azure umbrella, you can run the following Azure CLI command:

az cloud list --output table

The command will output the names Microsoft gives to all of the Microsoft Azure clouds.

IsActive    Name               Profile
----------  -----------------  ---------
True        AzureCloud         latest
False       AzureChinaCloud    latest
False       AzureUSGovernment  latest
False       AzureGermanCloud   latest

The Azure cloud you currently have active is the one with the IsActive value set to True.


Public Azure Cloud

Generally, you will only have access to the Public Azure Cloud. When you create a new Azure Subscription as Pay-as-you-go, through an Enterprise Agreement (EA), or some other offer, you will have an Azure Subscription that resides in the Public Azure Cloud. It’s pretty much only special cases when you’re allows to create Azure Subscriptions in the other US Government, Germany, or China Azure clouds.

Azure US Government Cloud

The US Government Azure Cloud consists of 8 Azure Regions comprised of “US DoD”, “US Gov” and “US Secret” Azure Regions located within the United States of America. Each of the types of US Government Azure Regions in the US Government Azure Cloud is meant for different types of US Government customers of Microsoft Azure. These regions are not available for customers of other clouds to choose when provisioning resources.

Due to various compliance and security requirements of the Azure US Government Cloud, the services and features released in this cloud can be delayed. This means that features and services released in Preview or General Availability in the Azure Public Cloud may be done earlier than when they are made available in the Azure US Government cloud. This is due to extra reviews that are needed before code can be released in this cloud. For this reason, it can be important to take additional consideration as you read the documentation and plan to roll out services in the US Government Cloud, as certain newer features may not be rolled out here just yet.

Also, when considering the JEDI (Joint Enterprise Defense Infrastructure) contract from the US Department of Defense, the Azure US Government Cloud is Microsoft Azure cloud they will primarily be using for this contract.

Azure German Cloud

The Azure German Cloud is a sovereign cloud that consists of 2 Azure Regions that are located in Germany and make up the Azure German Cloud. This is for customers within Germany that have data sovereignty requirements as mandated by German laws who need to ensure their data and workloads stays in Germany. Being a sovereign cloud, the Azure German Cloud regions are not available for customers in other Azure clouds to choose when provisioning resources. Keep in mind that there are also 2 Azure Regions for the Azure Public Cloud located in Germany that are not part of the Azure German Cloud as well.

Azure China Cloud

The China Azure Cloud is a sovereign cloud that consists of 4 Azure Regions that are located in China and make up the China Azure Cloud. This is for customers within China that have data sovereignty requirements as mandated by Chinese laws who need to ensure their data and workloads stays in China. Being a sovereign cloud, the Azure China Cloud regions are not available for customers in other Azure clouds to choose when provisioning resources.


Switching Between Azure Clouds

You may need to switch between the different Azure clouds when using tools like the Azure CLI for scripting and managing Azure resources in the different Azure clouds. The same Azure CLI is used to manage resources in the different clouds, and it contains a command that enables you to switch your local context between the different Azure clouds.

To switch your active Azure cloud, you need to run this command:

az cloud set --name <cloud-name>

Simply replace the <cloud-name> placeholder with the name of the Azure cloud you need to switch to. You can get the names by running the az cloud list command.

Upon switching Azure clouds, you will need to authenticate the Azure CLI to the newly activated cloud. Authenticating into one Azure cloud will not give you access to the others.


Different Azure Cloud Endpoints

With each Azure Cloud being separate, they each have their own endpoints. They each have their own Azure Portal site, as well as other URL endpoints for the different services.

Here’s the Azure Portal URLs for the different Azure clouds:

All the endpoints for the various services within Microsoft Azure for the different Azure clouds are different, as each Azure Cloud has its own DNS endpoint for each service.

Here are a few Azure PaaS services that illustrate the difference in endpoints for each Azure Cloud: These Azure Clouds are isolated from one another, and as such do have all their own DNS endpoints for all the various Microsoft Azure services.

Azure Service Azure Cloud Endpoint
App Service Public *.azurewebsites.net
US Gov *.azurewebites.us
China *.chinacloudsites.cn
German *.azurewebsites.de
Blob Storage Public *.blob.core.windows.net
US Gov *.blob.core.usgovcloudapi.net
China *.blob.core.chinacloudapi.cn
German *.blob.core.cloudapi.de
Cosmos DB Public *.documents.azure.com
US Gov *.documents.azure.us
China *.documents.azure.cn
German *.documents.cloudapi.de

If you’re interested in finding out some of the different endpoints for each of the Azure Clouds, you can run the following command:

az cloud show --name <cloud-name>

Be sure to replace the <cloud-name> placeholder with the name of the Azure Cloud you wish to show the information for.

For reference, here’s the command output with information about the Azure US Government Cloud:

{
  "endpoints": {
    "activeDirectory": "https://login.microsoftonline.us",
    "activeDirectoryDataLakeResourceId": null,
    "activeDirectoryGraphResourceId": "https://graph.windows.net/",
    "activeDirectoryResourceId": "https://management.core.usgovcloudapi.net/",
    "appInsightsResourceId": "https://api.applicationinsights.us",
    "appInsightsTelemetryChannelResourceId": "https://dc.applicationinsights.us/v2/track",
    "attestationResourceId": null,
    "batchResourceId": "https://batch.core.usgovcloudapi.net/",
    "gallery": "https://gallery.usgovcloudapi.net/",
    "logAnalyticsResourceId": "https://api.loganalytics.us",
    "management": "https://management.core.usgovcloudapi.net/",
    "mediaResourceId": "https://rest.media.usgovcloudapi.net",
    "microsoftGraphResourceId": "https://graph.microsoft.us/",
    "ossrdbmsResourceId": "https://ossrdbms-aad.database.usgovcloudapi.net",
    "resourceManager": "https://management.usgovcloudapi.net/",
    "sqlManagement": "https://management.core.usgovcloudapi.net:8443/",
    "synapseAnalyticsResourceId": null,
    "vmImageAliasDoc": "https://raw.githubusercontent.com/Azure/azure-rest-api-specs/master/arm-compute/quickstart-templates/aliases.json"
  },
  "isActive": false,
  "name": "AzureUSGovernment",
  "profile": "latest",
  "suffixes": {
    "acrLoginServerEndpoint": ".azurecr.us",
    "attestationEndpoint": null,
    "azureDatalakeAnalyticsCatalogAndJobEndpoint": null,
    "azureDatalakeStoreFileSystemEndpoint": null,
    "keyvaultDns": ".vault.usgovcloudapi.net",
    "mariadbServerEndpoint": ".mariadb.database.usgovcloudapi.net",
    "mhsmDns": ".managedhsm.usgovcloudapi.net",
    "mysqlServerEndpoint": ".mysql.database.usgovcloudapi.net",
    "postgresqlServerEndpoint": ".postgres.database.usgovcloudapi.net",
    "sqlServerHostname": ".database.usgovcloudapi.net",
    "storageEndpoint": "core.usgovcloudapi.net",
    "storageSyncEndpoint": "afs.azure.us",
    "synapseAnalyticsEndpoint": null
  }
}

Wrap Up

The fact that Microsoft Azure consists of multiple different Azure clouds isn’t the most widely known. Most of us only connect to and use the Public Azure Cloud. However, many customers do interact with one of the other Azure Clouds and need to switch context to manage resources in those other Azure Clouds, or even switch between to manage resources across multiple Azure clouds.

Hopefully you found this article useful if you are someone who needs to switch Azure Clouds. And, if not, I hope you found this article just as informative! Thanks for reading, and don’t forget to subscribe to the Build5Nines Weekly Newsletter!


Microsoft MVP

Chris is the Founder of Build5Nines.com and a Microsoft MVP in Azure & IoT with 20 years of experience designing and building Cloud & Enterprise systems. He is also a Microsoft Certified: Azure Solutions Architect, developer, Microsoft Certified Trainer (MCT), and Cloud Advocate. He has a passion for technology and sharing what he learns with others to help enable them to learn faster and be more productive.