Cloud Computing

Controlling Data Movement Using Azure Region Pairs

In this post, I will explain how Microsoft replicates data in very predictable ways, assuming that you want that data to be replicated.



Sponsored Content

What is “Inside Microsoft Teams”?

“Inside Microsoft Teams” is a webcast series, now in Season 4 for IT pros hosted by Microsoft Product Manager, Stephen Rose. Stephen & his guests comprised of customers, partners, and real-world experts share best practices of planning, deploying, adopting, managing, and securing Teams. You can watch any episode at your convenience, find resources, blogs, reviews of accessories certified for Teams, bonus clips, and information regarding upcoming live broadcasts. Our next episode, “Polaris Inc., and Microsoft Teams- Reinventing how we work and play” will be airing on Oct. 28th from 10-11am PST.


There are a lot of myths out there about Azure, such as Microsoft will replicate my virtual machines to a second region so that if there’s a problem in my region, all of my machines will stay online.

Sorry, that’s not true. If you want disaster recovery, you need to implement it yourself.

My personal favorite is this oldie: Why would I put my servers in the cloud where everyone can see them?

If you don’t understand the basic concepts of WAN, VPN, and firewall rules, then maybe IT isn’t for you!

The myth that inspired this post is: Microsoft moved my Azure data from Europe to the USA.

Actually, it didn’t. While running Azure training classes, I’ve noticed that newbies to Azure are quite sloppy about picking regions, often selecting the default, so I suspect that’s to blame.

How Microsoft Replicates Data

In Azure, data is replicated only if:

  • You leave replication enabled by default: As with a site recovery vault where the resiliency is set to GRS instead of LRS by default. You can change this, but only before you start using the vault.
  • You enable replication: You might switch a storage account from LRS to GRS to force replication of the contained data to another region, which by the way, is not a disaster recovery solution for virtual machines.

But where does Microsoft replicate your data to? Azure uses a system of paired regions, which is very clearly documented by Microsoft. Every region is exclusively paired with another region. For example, UK West is paired with UK South. This means that if I store something in one of those regions, and enable replication, I know that the replica will be in the other region, and not in US East where the NSA can poke around.

Microsoft is aware that there are situations where we do not like data to leave certain geographies. For example, customers in the European Union would not want their data replicated to the US and vice versa. Microsoft ensures, with one exception, that every region is in the same geography as its paired region. For example, North Europe and West Europe are paired and are both in the European Union where common data protection laws apply. There is one exception to this pairing; Brazil South must be replicated to South Central US because there is only one region in Brazil or South America.

How regions are paired in Azure [Image Credit: Microsoft]
How regions are paired in Azure [Image Credit: Microsoft]
You can find a full listing of the paired regions in Microsoft’s documentation. You can learn more about regulatory compliance in Azure at the Azure Trust Center.


Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

Aidan Finn, Microsoft Most Valuable Professional (MVP), has been working in IT since 1996. He has worked as a consultant and administrator for the likes of Innofactor Norway, Amdahl DMR, Fujitsu, Barclays and Hypo Real Estate Bank International where he dealt with large and complex IT infrastructures and MicroWarehouse Ltd. where he worked with Microsoft partners in the small/medium business space.
External Sharing and Guest User Access in Microsoft 365 and Teams

This eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

You will learn:

  • Who should be allowed to be invited as a guest?
  • What type of guests should be able to access files in SharePoint and OneDrive?
  • How should guests be offboarded?
  • How should you determine who has access to sensitive information in your environment?

Sponsored by: