Using Azure as a cloud, not as a region
As Mark Russinovich stated in his blog post we want to empower customers and partners to build and run applications and data with the highest performance, availability, and security possible. That’s why we are growing our global footprint and also diversifying our Azure regions within each country or continent. We want to give you more choice, flexibility, and resiliency for your cloud solutions, and we encourage you to take advantage of these benefits by adopting a multi-region strategy.
In short, if you are using Azure, use it as cloud and don't just use one region. Use all capabilities that Azure as a cloud is offering to make your application more reliable, secure, faster for end users and at the end - cheaper.
Adopting a multi-region strategy can raise many questions, and it can be challenging to answer them all at the beginning. It is better to discuss this topic in the phase when you are at start, and plan activities to enable multi-region architectures to land more smoothly.
Over the last year, I worked with colleagues to help customers to help customers around the world to expand and adopt new Azure regions and we will try to summarize our learning in this blog.
Why adopt a multi-region Azure strategy?
First of all, it is important to emphasize that multi-region architecture scenarios are not just about business continuity and disaster recovery (BCDR) – they also enable additional benefits for workloads. It is also not targeting only customers that are stuck to only one Azure region - you can use two regions but again not be able to deploy application outside of those two regions and slow down your business.
Adopting a multi-region architecture lays the foundation for adding regions where needed or available.
Let's see what are key drivers that will motivate us to use multiple regions in Azure:
- Scalability: Using only one region can lead to hitting service quotas or capacity limits. Azure imposes resource quotas per region to protect the platform. If your primary region runs out of a particular resource or you face a quota delay, having workloads span multiple regions allows you to scale out in another region without waiting for approvals. For example, a batch job that needs dozens of spot VMs could be spread across regions to find more available capacity, instead of queuing in one region’s limits.
- Service availability: Not all Azure services or features are available in every region. Azure regions are launched with a core set of foundational services, while more advanced offerings (mainstream or strategic services) may only come later or upon demand in certain locations. If your solution relies on a specific preview feature or niche service, you might need to deploy in a region where it’s available. A multi-region strategy gives you the flexibility to deploy workloads in the regions that offer the services you need.
- Cost optimization: Cloud service pricing varies between regions due to factors like local operating costs and demand. One region might offer significantly lower prices for the same resource compared to another. By architecting for multi-region, you can run non-critical or cost-sensitive workloads in a cheaper region to save money (while keeping critical components in primary regions as needed). Additionally, less busy regions tend to have lower spot VM eviction rates, increasing the chances for your opportunistic workloads to run longer. And note, Azure’s savings plans and reservations generally apply across regions, so you won’t lose discounts by distributing resources geographically.
- Performance and latency: Placing all users and services in one region can degrade user experience for those far from that datacenter. Spreading applications or data across multiple regions lets you place your services closer to end-users to minimize network latency. For globally distributed user bases, a multi-region deployment (often fronted by Azure Front Door or Traffic Manager for intelligent routing) can dramatically improve responsiveness and provide a more consistent experience worldwide. Networking costs can also be optimized by routing traffic to a local region rather than backhauling to a distant one.
- Regulatory compliance: Many countries and industries have strict data residency and compliance requirements, insisting that certain data remains within specific geographic boundaries. If your primary region is in a different country from your customers or doesn’t meet a particular certification, you may need another region to comply. Adopting multiple Azure regions allows you to meet data sovereignty laws and regulatory standards by keeping data in-region (for example, using an EU region for EU customer data to address GDPR). It also helps address geo-political risks—having workloads in multiple jurisdictions can safeguard against country-specific outages or restrictions.
- Local user presence: When Microsoft launches a new Azure region in a country or locale, customers often wish to use it to benefit from improved latency or local compliance. A multi-region approach means you’re ready to take advantage of new “local” Azure regions as they become available, integrating them into your architecture with minimal friction. In practice, this means your platform team can rapidly enable a newly launched region for use in your subscriptions if it provides a business benefit.
- Business continuity and disaster recovery: While multi-region is not only about DR, it fundamentally improves resilience. If a whole region goes offline due to a rare disaster or outage, having your applications and data replicated in a second region ensures you can fail over and continue operating. For critical workloads that require high uptime, designing active-active or active-passive deployments across two or more regions can achieve extremely high SLAs. Multi-region DR plans can utilize Azure services like geo-redundant storage, Azure SQL Auto-failover groups, or Azure Site Recovery to recover in an alternate region if needed. In short, multi-region architecture is a key part of avoiding single points of failure at the regional level.
In summary, treat Azure as a global platform. Even if you don’t need all the benefits immediately, building with multiple regions in mind future-proofs your architecture. It is easier to design for multi-region from the start than to retrofit it under pressure later.
What is region flexibility?
Region flexibility is the ability to deploy resources across geographic locations to meet business, compliance, or performance needs without significant rework. In an ideal state, your Azure environment is prepared so that when a development team asks, “Which region should we deploy to?”, the answer could be, “Whichever makes the most sense – our platform is ready to support multiple regions.” Achieving this means establishing your Azure landing zone with the necessary networking, identity, and governance components in any target region from the get-go or being able to extend them quickly on demand.
If you’re starting fresh with Azure, the Microsoft Cloud Adoption Framework and Azure landing zone reference architecture give you a blueprint for region-agnostic design. The landing zone architecture is inherently multi-region ready – it’s designed so that core services (identity, management, networking) can be expanded to new regions as needed
Adopting a multi-region strategy: Greenfield vs. Brownfield
Strategies will differ depending on whether you’re building a new Azure environment or extending an existing one.
Greenfield: Plan for multi-region from the start
As I stated above, for a new Azure environment, don't think twice! It’s best to bake in multi-region capabilities from day one:
- Follow Azure’s best-practice frameworks: Begin with the Cloud Adoption Framework and familiarize yourself with the Azure landing zone architecture. These provide prescriptive guidance on setting up a robust, multi-subscription environment that can span regions.
- Deploy a region-agnostic foundation: Use the Azure landing zone implementation (such as ARM/Bicep or Terraform templates provided by Microsoft) to deploy your core platform resources. During this setup, choose the primary region(s) you intend to use initially based on your workload and business requirements. The landing zone deployment will configure global services (like Microsoft Entra, governance policies) and regional components (like a hub network) in those regions. Planning this early avoids costly reconfiguration later.
- Enable multi-region services: Ensure shared services like DNS, monitoring, identity, and management are configured in a way that additional regions can be added easily. For example, you might deploy a Log Analytics workspace in your primary region for now but design it such that it can ingest telemetry from any region, or consider a strategy for multiple workspaces if needed for sovereignty reasons.
- Educate and align your team: Adopting multi-region affects how teams design applications (e.g. writing stateless services that can run active-active) and operate cloud resources. Make sure your architects and developers understand the principles of distributed architecture. Similarly, have processes in place for things like region selection during deployment, failover testing, and so on.
By doing the above, a greenfield Azure environment will be prepared to fully leverage Azure’s global nature out-of-the-box. It may take extra upfront effort to set up a multi-region-capable platform (and to train teams on it), but this investment pays off as your cloud footprint grows.
Brownfield: Expanding into Additional Regions
If you are a brownfield, things can be a bit... interesting.
In an existing Azure environment, introducing a new region requires careful planning. You’ll need to assess your current setup, identify anything that is region-specific or hardcoded, and make adjustments to embrace a broader footprint.
Key areas to evaluate include:
- Network topology and connectivity: Review your network architecture. If you have a hub-and-spoke or Virtual WAN setup in a single region, decide how a new region will integrate:
- Will you deploy a new virtual network hub in the new region, or connect back to your existing hub via cross-region peering? Azure allows Global VNet Peering, but for large deployments a regional hub in each geography can reduce latency and contain failure domains.
- If you require hybrid connectivity (VPN/ExpressRoute to on-premises), plan to extend it to the new region. This might mean provisioning an ExpressRoute gateway or VPN gateway in the new region’s hub and ensuring your on-premises network can reach it.
- If you use network virtual appliances (NVAs) or Azure Firewall, consider licensing and deploying those in the additional region. Essentially, expand your hub network architecture to include the new region’s resources.
- Identity services: Ensure your identity management is multi-region ready. If applications rely on services like Active Directory Domain Services (AD DS) or Entra ID (Azure AD), check how these are accessed:
- Azure AD is a global service (no action needed for new regions). But if you use self-managed AD DS or Entra Domain Services, you may need to deploy replica domain controllers or instance nodes in the new region for local authentication.
- Verify that any region-specific configurations (like Azure AD Connect or MFA servers, if used) are addressed for the new geography.
- Policies and governance: Audit your Azure Policy assignments and role definitions. Remove or update any policies that restrict resources to certain regions. Common examples are policies that only allow a specific set of regions for deployments – these will need to include the new region. Also consider tagging and naming policies: will new region names break any naming convention enforcement? Update your governance documentation to include the new region in approved location lists.
- Monitoring and logging: Determine how you will collect and store logs/metrics from multiple regions. You might route all telemetry to a central Log Analytics workspace, or you might deploy separate workspaces per region or per geography. There are trade-offs each way (a single workspace simplifies aggregated view and management, but cross-region data ingestion can incur egress costs and might violate data residency rules). Moreover, ensure your monitoring alerts and dashboards cover the new region’s resources once they come online.
- Service readiness and external dependencies: Make a list of all services and resources your platform relies on (the “core platform” components as well as key workload services) and verify their availability in the target region. Most Azure services are widely available, but check if any critical component (perhaps a specific VM SKU, or an external marketplace service/appliance) is missing in the new region. Additionally, if you integrate with external systems (like a SaaS identity provider, payment gateway, etc.), confirm those integrations work from the new region or have endpoints in that geography. Essentially, perform a thorough environment discovery to uncover any hidden region-specific constraints before you expand.
- We should also pay attention to BCDR and how we currently handle disaster recovery. Focus specially on services that are using cross-region replication.
- In the end, try to do as deep a service discovery as possible and list all Azure services/resources currently used in core platform environment + Identify external services that are regionally dependent. You can try this script (still in development) that we are building to support this process.
After we collect all those things, add additional requirements (the ones that we can get from deployed environment + that we collect application needs) we will make a plan that will include:
- Changes that need to be done so we can spin up application in new region - This article can help with planning Landing zone regions - Cloud Adoption Framework | Microsoft Learn
- What are new regions that we will adopt?
Once gaps are identified and remediation planned, execute the steps to extend your platform to the new region. For example, deploy a new resource group and network infrastructure in the region, peer networks, adjust global services configurations, and so on, as determined in the previous steps. Microsoft’s guidance suggests using your existing landing zone subscriptions (e.g., the connectivity subscription) to host new regional components rather than creating duplicate silos. This keeps management simpler. After platform readiness, you can start deploying or shifting workloads into the added region.
We also recommend one small but important step: select or propose the regions where the customer will expand. Let’s see which factors can help with this.
How to select regions?
Selecting an Azure region for application deployment may sound simple, and it was not so hard before when Azure did not had this number of regions across world, so we target the biggest in our geography. But when you are dealing with complex workload that is using different types of Azure services, and you need to be able to easy scale up per need, or you want to be able to utilize the newest services that Microsoft is landing in Azure, it can be tricky to decide what would be best regions to land your workload.
This is our official guide Select Azure regions - Cloud Adoption Framework | Microsoft Learn that should be starting reading point.
Let's us share also some experience that we gather during work that we done with our customers and review some important factors that you should consider when you are selecting region.
|
Consideration |
Details |
|
Service availability |
This is important part that needs to be evaluated carefully. Not all Azure services (and specific features) are available in every region, which can impact where workloads can be deployed. While foundational services like virtual machines are broadly supported, more advanced or strategic services and even specific features within a service may be limited to certain regions. Taking the time to assess service and feature availability ensures the selected region can fully support your workload requirements. You can use Product Availability by Region page to do first triage, but this will not cover all details. If you are already running workload in Azure and would like to see where you can also deploy it, toolkit that our team is building can also provide valuable help - Azure2AzureTK/2-AvailabilityCheck at main · Azure/Azure2AzureTK - once more, it is in development. Ensure your chosen region can fully support your workload’s tech stack. |
|
Cost differences |
Pricing varies by region. The same VM or database might cost more (or less) in another region due to local costs and demand. Always compare Azure pricing across candidate regions – you may find opportunities to reduce TCO by running in a lower-cost region without impacting quality. Keep an eye on data transfer costs between regions if your architecture spans them. |
|
Latency & performance |
Choose regions that minimize latency for your users and integrated systems. A region closer to your user base will generally provide better responsiveness. Also consider the network infrastructure: some regions have better connectivity (e.g., more Internet egress points or ExpressRoute locations). Use Azure’s latency tools and perhaps pilot tests to gauge performance from various regions. |
|
Compliance & data residency |
Ensure the region meets any regulatory or data sovereignty requirements relevant to your industry. For example, if you must keep data within the EU, Azure offers EU regions to satisfy that. Check the region’s certifications (ISO, HIPAA, etc.) and whether it’s part of a specific Azure geography that aligns with your compliance needs. Data residency is crucial – choosing the wrong region could violate laws if data is stored abroad, so map your datasets to regions accordingly. |
|
Resilience & DR options |
Evaluate the region’s reliability features. Does it support Availability Zones (for high availability within the region)? Regions with AZs offer an extra layer of resilience against datacenter failures. Also, consider regional pairing: Azure pairs certain regions within the same geography for cross-region replication and recovery. Using a region’s designated pair can be advantageous for services that automatically replicate to the pair. However, pairing is no longer a strict requirement – you can design DR between any two regions, but ensure the combination covers your needs (e.g., avoid two regions in the exact same locality). Check this site that summarize replication between non paired regions - Multi-Region Solutions in Nonpaired Regions | Microsoft Learn |
|
Quotas |
Especially for large-scale deployments, consider the current quotas for a region. We don't want that you encounter “quota full” situations. While you can request quota increases, that can take time. A multi-region strategy lets you deploy into a less saturated region if needed. If your application is very demanding (e.g., hundreds of GPU VMs), engage with Microsoft to plan capacity or diversify across regions to mitigate constraints. |
|
Sustainability goals |
If your organization has carbon footprint or sustainability targets, you might factor in the energy profile of Azure regions. Microsoft continues to open new sustainable datacenters, and some regions are powered with a higher mix of renewable energy. A multi-region approach allows prioritizing deployments in locations with greener infrastructure to help reduce environmental impact. While this may not override other factors like compliance or performance, it’s an emerging consideration for many enterprises. |
In short, choose your regions deliberately. It’s often a balance: for instance, one region might be closest to users, but another offers a service you need or a lower cost. Your strategy might involve a primary region complemented by one or two secondary regions to cover all bases. And as noted earlier, don’t feel constrained to only a single pair of regions; use as many as make sense for your scenario.
Lessons learned and key takeaways
Designing and implementing a multi-region architecture in Azure yields significant benefits but also requires planning and foresight. Here are some final lessons learned from real-world projects:
- Design for global scale from day one. If possible, build your cloud environment with multiple regions in mind from the start. It is far easier to include region flexibility upfront (through proper network and landing zone design) than to add it later under duress.
- Multi-region is about more than DR. The classic motive is disaster recovery, but the business gains of multi-region go further – from scaling out and performance improvements to cost savings and compliance adherence. Even if high availability is your main driver, you’ll likely realize side benefits in these other areas.
- Greenfield deployments: integrate multi-region early. New Azure projects should leverage Microsoft’s guidance (Cloud Adoption Framework, landing zones) to get a multi-region-capable foundation. This avoids the trap of being region-bound and having to re-architect later. An early investment in an agile, globally ready platform sets you up for long-term success.
- Brownfield expansions: assess and adapt your platform. For existing Azure environments, successfully going multi-region means identifying and removing any single-region assumptions. Tackle networking, identity, policies, and data replication systematically. With careful planning, even a previously single-region estate can evolve to use multiple regions without chaos – but it requires cross-team coordination and testing.
- Weigh region choices carefully. Not all regions are equal. Evaluate each candidate region against your workload’s needs – feature support, proximity to users, regulations, cost, etc. The optimal solution may be a mix (e.g. primary region X for most things, secondary region Y for backup or specific services). Periodically re-assess as Azure adds new regions and capabilities.
- Prepare for added complexity (and cost). Running in multiple regions does introduce more complexity in operations – monitoring, data synchronization, DevOps, and governance will all need to cover a broader scope. There can also be cost overhead to maintain duplicate environments or network traffic between regions. These challenges are manageable with the right tools and planning (for example, using infrastructure-as-code and robust monitoring that spans regions), but they should be acknowledged. Ensure your team is ready to handle the multi-region cloud in terms of skillset and processes.
By treating Azure as the truly global platform that it is, you can architect solutions that gracefully handle growth, meet users wherever they are, and stay resilient in the face of disruptions. The lessons above underscore a simple message: don’t limit yourself to one region when the cloud offers you the world. Embracing a multi-region strategy in Azure will pay dividends in performance, reliability and agility for your organization’s cloud journey.
Enjoy!
Microsoft