Sunderland City Profile: Frontier transformation in practice
Download the SmartCitiesWorld City Profile – Sunderland Cities everywhere are facing the same pressure: modernize infrastructure, grow the economy, and improve quality of life, without widening inequality. Sunderland offers a credible path forward. Once defined by shipbuilding and coal mining, Sunderland has spent the last four decades deliberately reinventing itself. Today, it is positioning itself as the UK’s leading smart city by investing in digital infrastructure, data, and low‑carbon innovation to drive inclusive, long‑term growth. The latest City Profile from SmartCitiesWorld captures how this strategy is being executed and why it matters for city leaders globally. A digital backbone built for outcomes, not optics Sunderland’s progress starts with a clear foundation: connectivity and data designed with purpose. Full‑fibre connectivity across the city Citywide 5G and LoRaWAN coverage A secure, cloud‑based smart city data platform Together, this stack enables real‑time visibility across transport, environment, and public services. More importantly, it shifts the city from reactive decision‑making to proactive, evidence‑led operations. The impact is measurable. Data and analytics now support: Safer, more predictable event planning Smarter traffic and mobility management Earlier environmental interventions More targeted social and health services From digital health hubs that reduce exclusion to intelligent transport pilots that cut emissions and improve safety, Sunderland is applying technology where it delivers the highest public value—not where it looks most impressive on a slide. What comes next: two opportunities to scale impact The City Profile also highlights where cities like Sunderland can go further. Two opportunities stand out. Move from smart services to predictive city operations With real‑time data already in place, the next step is predictive modeling—anticipating demand across social care, transport, energy, and public safety before pressure points emerge. Done right, this enables earlier investment decisions, lower long‑term costs, and better outcomes across services. Turn digital inclusion into a workforce engine Sunderland’s digital health hubs create a foundation for something bigger: linking access and digital skills directly to workforce development. By aligning inclusion efforts with local demand in advanced manufacturing, data, and clean energy, cities can convert access into sustained economic mobility. Why Sunderland’s approach matters Sunderland’s experience reinforces a critical point: smart city transformation is not about technology in isolation. It is about aligning infrastructure, data, governance, and community priorities around a shared vision for inclusive growth. For public‑sector leaders moving from ambition to execution, the full City Profile provides practical insight into the partnerships, operating models, and decisions behind Sunderland’s approach. It’s a useful reference for anyone looking to translate a digital‑first strategy into measurable impact—for people, place, and long‑term resilience.From AI pilots to public decisions: what it really takes to close the intelligence gap
Across the public sector, the conversation about AI has shifted. The question is no longer whether AI can generate insight—most leaders have already seen impressive pilots. The harder question is whether those insights survive the realities of government: public scrutiny, auditability, cross‑department delivery, and the need to explain decisions in plain language. That challenge was recently articulated by Sadaf Mozaffarian, writing in Smart Cities World, in the context of city‑scale AI deployments. Governments don’t need more experiments. They need decision‑ready intelligence—intelligence that can be acted on safely, governed consistently, and defended when outcomes are questioned. What’s emerging now is a more operational lens on AI adoption, one that exposes two issues many pilots quietly avoid. Decision latency is the real enemy In government, decision latency is not about slow analytics, it’s the time lost between having a signal and being able to act on it with confidence. Much of the focus in AI discussions is on accuracy, bias, or model performance. But in cities, the more damaging problem is often this latency. When data is fragmented across departments, policies live in PDFs, and institutional knowledge walks out the door at 5pm, leaders may have insight but still can’t decide fast enough. AI pilots often demonstrate answers in isolation, but they don’t reduce the friction between insight, approval, and execution. Decision‑ready intelligence directly attacks this problem. It brings together: Operational data already trusted by the organization Policy and regulatory context that constrains decisions Human checkpoints that reflect how accountability actually works The result isn’t faster answers—it’s faster decisions that stick, because they align with how governments are structured to operate. Institutional memory is infrastructure Cities invest heavily in physical infrastructure—roads, pipes, facilities—but far less deliberately in institutional memory. Yet planning rationales, inspection notes, precedent cases, and prior decisions are often what make or break today’s choices. Consider a routine enforcement or permitting decision that looks reasonable on current data, but quietly contradicts a prior settlement, a regulator’s interpretation, or a lesson learned during a past inquiry. AI systems that don’t account for this history don’t just miss context, they create risk. Decision‑ready intelligence treats institutional memory as a first‑class asset. It ensures that when AI supports a decision, it does so with: Access to relevant historical records and prior outcomes Clear lineage back to source documents and policies Logging that preserves not just what was decided, but why This is what allows governments to move faster without relearning the same lessons under audit pressure. Why this matters now Public sector AI initiatives rarely fail because of a lack of ambition. They stall because trust questions—governance, records, explainability—arrive too late. By the time leaders ask, “Can we stand behind this decision?” the system was never designed to answer. Decision‑ready intelligence flips that sequence. Governance is not bolted on after the pilot; it’s built into the operating model from the start. That’s what allows agencies to scale from a single use case to repeatable patterns across departments. A practical starting point The cities making progress aren’t trying to transform everything at once. They start small but visible: Identify one cross‑department “moment of truth” Define what must be logged, retained, and explainable Connect just enough data, policy, and work context to support that decision From there, they reuse the same patterns—governed data products, policy knowledge bases, and human‑in‑the‑loop workflows—to scale responsibly. AI in government will ultimately be judged the same way every public investment is judged: by outcomes, fairness, and public confidence. Closing the intelligence gap isn’t about smarter models. It’s about designing decision systems that reflect how governments actually work—and are held accountable. Learn more by reading Sadaf's full article: Closing the intelligence gap: how cities turn AI experiments into operational impactAzure Government or Azure Commercial for CJIS 6.0: Choosing Your Compliance Path
Since 2014, United States criminal justice agencies have trusted Microsoft Azure Government to manage Criminal Justice Information (CJI). Built exclusively for regulated government data, it provides datacenters with physical, network, and logical isolation and is operated by CJIS-screened U.S. persons—the "gold standard" for compliance. However, we understand that flexibility is critical for modern agencies. As first announced with the release of CJIS Security Policy (CJISSECPOL) v5.9.1, agencies have the option to utilize Azure Commercial for CJIS workloads by leveraging advanced technical controls in place of traditional personnel screening. With the release of CJIS Security Policy 6.0, this hybrid landscape has evolved. The new policy moves beyond simple access control toward a "Zero Trust" framework which minimizes implicit trust, verifies all requests, and requires continuous monitoring. What’s New in CJIS 6.0? The 6.0 update (released late 2024) is a modernization overhaul. Key changes include: Phishing-Resistant MFA: Strict requirements for FIDO2 or certificate-based authentication for all privileged access. Continuous Monitoring: A shift from point-in-time audits to real-time threat detection and automated logging. Supply Chain Risk Management: Enhanced vetting of third-party software and vendors. The Choice: Azure Government or Azure Commercial: Criminal Justice Agencies can still choose between our two distinct offerings, but the "How" of compliance differs: Azure Government: The path of personnel screening. Microsoft executes CJIS Management Agreements with state CJIS Systems Agencies that include their screening of Microsoft personnel. This offers the broadest feature set with the simplest compliance burden. Azure Commercial: The path of technical controls. Because Azure Commercial support staff are not CJIS-screened, compliance relies on an agency implementing Customer Managed Keys (CMK) encryption. This way, Microsoft cannot access unencrypted criminal justice information, effectively removing Microsoft staff from the scope of trust. Our Commitment Whether you choose the physically secure location of Azure Government or the global scale of Azure Commercial, Microsoft provides the tools—Entra ID, Azure Key Vault, and Microsoft Sentinel—to meet the rigorous demands of CJIS 6.0. Step-by-Step Walkthrough for CJIS 6.0 in Azure Commercial Managing CJI in Azure Commercial requires you to bridge the gap between "standard commercial security" and "CJIS compliance" using your own configurations. Because Microsoft Commercial staff are not CJIS-screened, you must ensure they can never see unencrypted data. Phase 1: Foundation & Residency Step 1: Restrict Data Residency CJIS 6.0 mandates that CJI must not leave the United States. Action: Deploy all Azure resources (compute, storage, disks, networking, monitoring, logging, backups, etc.) exclusively in US regions (e.g., East US, West US, Central US). Policy: Use Azure Policy to deny the creation of resources in non-US regions to prevent accidental drift. o Documentation: Tutorial: Manage tag governance with Azure Policy (See the concept of "Allowed Locations" built-in policy). o Documentation: Azure Policy built-in definitions and assignment (Allowed locations) o Documentation: Details of the "Allowed locations" policy definition. Phase 2: The "Technical Control" (Encryption) This is the most critical step for Azure Commercial. Step 2: Implement Customer Managed Keys (CMK) To meet CJIS requirements in Azure Commercial, which is operated by Microsoft personnel who aren’t CJIS-screened, you must use encryption where you hold the keys, and Microsoft has no access. Action: Provision Azure Key Vault (Premium) or Managed HSM for FIPS 140-2 Level 2/3 compliance. o Documentation: About Azure Key Vault Premium and HSMs. o Documentation: Secure your Azure Managed HSM deployment. Action: Generate your encryption keys within your HSM or import them from on-premises. o Documentation: How to generate and transfer HSM-protected keys (BYOK). Action: Configure Disk Encryption Sets and Storage Account Encryption to use these keys. Do not use the default "Microsoft Managed Key" setting. o Documentation: Server-side encryption of Azure Disk Storage (CMK). o Documentation: Configure customer-managed keys for Azure Storage. o Documentation: Services that support customer-managed keys (CMKs) Step 3: Client-Side Encryption (For SaaS/PaaS) For data processing, encryption should happen before data reaches Azure. Action: Ensure applications encrypt CJI at the application layer before writing to databases (SQL Azure, Cosmos DB). This ensures that even a database admin with platform access sees only ciphertext. Step 3b (optional): Protecting CJI While In Use (Confidential Compute) CJIS Security Policy 6.0 requires that Criminal Justice Information be protected while at rest, in transit, and in use. In Azure Commercial, once CJI is decrypted for processing by an application, traditional encryption controls (including CMK) no longer protect the data from platform-level access risks such as memory inspection, diagnostics, or hypervisor operations. To address this risk, agencies may implement Azure Confidential Computing, which uses hardware-backed Trusted Execution Environments (TEEs) to cryptographically isolate data in memory and prevent access by cloud provider personnel—even at the infrastructure layer. o Documentation: Always Encrypted for Azure SQL Database. o Documentation: Client-side encryption for Azure Cosmos DB. o Documentation: Confidential Computing o Documentation: Confidential Compute Offerings Phase 3: Identity & Access (CJIS 6.0 Focus) Step 4: Phishing-Resistant MFA CJIS 6.0 raises the bar for Multi-Factor Authentication (MFA). SMS and simple push notifications may no longer suffice for privileged roles. Action: Deploy Microsoft Entra ID (formerly Azure AD). o Documentation: What is Microsoft Entra ID?. Action: Enforce FIDO2 security keys (like YubiKeys) or Certificate-Based Authentication (CBA) for all users accessing CJI. o Documentation: Enable passkeys (FIDO2) for your organization. o Documentation: How to configure Certificate-Based Authentication in Entra ID. Phase 4: Continuous Monitoring Step 5: Unified Audit Logging You must retain audit logs for at least one year (or longer depending on state rules) and review them weekly. Action: Enable Diagnostic Settings on all CJIS resources to stream logs to an Azure Log Analytics Workspace. o Documentation: Create diagnostic settings in Azure Monitor. Action: Deploy Microsoft Sentinel on top of Log Analytics. o Documentation: Quickstart: Onboard Microsoft Sentinel. Action: Configure Sentinel analytic rules to detect anomalies (e.g., "Mass download of CJI," "Access from foreign IP"). o Documentation: Detect threats out-of-the-box with Sentinel analytics rules. Phase 5: Endpoint & Mobile Step 6: Mobile Device Management (MDM) If CJI is accessed on mobile devices (MDTs, tablets), CJIS 6.0 requires remote wipe and encryption capability. Action: Enroll devices in Microsoft Intune. o Documentation: Enroll Windows devices in Intune. o Documentation: Enroll iOS/iPadOS devices in Intune. Action: Create a Compliance Policy requiring BitLocker/FileVault encryption and complex PINs. o Documentation: Create a compliance policy in Microsoft Intune. o Documentation: Manage BitLocker policy for Windows devices with Intune. Action: Configure "App Protection Policies" to ensure CJI cannot be copied/pasted into unmanaged apps (like personal email). o Documentation: App protection policies overview. Phase 6: Personnel & Documentation Step 7: Update your SEIP/SSP Since you are using Azure Commercial, your System Security Plan (SSP) must explicitly state that you are using encryption as the compensating control for the lack of vendor personnel screening. Action: Document the CMK architecture in your CJIS audit packet. Action: Ensure your agency's "CJI Administrators" (who manage the Azure keys) have met the policy’s personnel screening requirements o Documentation: Microsoft CJIS Audit Scope & Personnel Screening (Reference).From SOP Overload to Simple Answers: Building Q&A Agents With SharePoint Online + Agent Builder
Government teams run on Standard Operating Procedures, manuals, handbooks, review instructions, HR policies, and proposal workflows. They’re essential—and everywhere. But during every Government Prompt‑a‑thon we've run this year, one theme kept repeating: "Our policies are many and finding the right answer quickly is nearly impossible." Turning SOPs into Simple Q&A Agents with M365 Copilot's Agent Builder or SharePoint Agents is possibly one of the fastest wins for public‑sector teams.Advancing Microsoft 365 Government: New Capabilities and Pricing Update
Public sector organizations are navigating increasingly complex security challenges, evolving technology needs, and the imperative to modernize for an AI-driven future. To support these priorities, Microsoft is expanding availability of security, management, and AI features to a wider range of Microsoft 365 Government offerings in 2026. We will also update our pricing for Microsoft 365 Government suite subscriptions effective July 1, 2026. In accordance with local regulations, this price change will roll out in a phased manner. We're sharing these updates now to give customers ample time to plan. Continued progress for Government suites Meeting the evolving needs of government agencies means continuously delivering the latest advancements while maintaining the highest standards of security and compliance. To help public sector organizations stay ahead of emerging threats and regulatory demands, we're enhancing our Microsoft 365 Government offerings with additional security and management capabilities empowered by AI. Bringing the power of AI to everyone in your organization. We brought Microsoft 365 Copilot Chat to GCC, GCC-High, and DoD (Department of Defense) and recently expanded web-grounded Copilot Chat to Word, PowerPoint, and OneNote 1 . Copilot Chat’s context-aware intelligence understands your open document, enabling you to summarize, draft, and refine content without switching between apps. At Ignite, we announced that Copilot Chat will include access to Agent Mode in chat, Word, Excel, and PowerPoint to help you create and edit files by describing what you need. IT administrators now have integrated controls to secure, manage, and measure Copilot Chat. Strengthening protection against advanced threats across email and Microsoft Teams. We’re adding the enhanced email security features of Microsoft Defender for Office Plan 1 to Office 365 G3/E3 and Microsoft 365 G3 to help more organizations detect and protect against phishing, malware, and malicious links across email and collaboration platforms. In addition, we are including URL checks in Office 365 G1/E1, which help protect against known malicious websites when users click on links in email and Office apps. Empowering IT teams with integrated endpoint management. We are bringing additional endpoint management features to Microsoft 365 G3 and Microsoft 365 G5 by adding capabilities that empower IT to solve issues faster, preemptively detect exposures, and keep devices productive. These features include Intune Plan 2, Intune Advanced Analytics, and Intune Remote Help. For Microsoft 365 G5 customers, Intune Endpoint Privilege Management, Intune Enterprise Application Management, and Microsoft Cloud PKI will enable IT teams to safeguard AI productivity and strengthen security by mitigating risk, maintaining compliance, and delivering more secure user experiences. Note: Every feature mentioned is expected to be available in at least one Government cloud environment within the listed Government suites rolling out throughout 2026. For features that do not yet meet inclusion requirements for specific environments, we are working to complete the necessary engineering, certification, and approval processes to ensure they adhere to strict regulatory standards. These features will be added to other environments within the listed Government suites over time as they pass validation and become eligible for inclusion. Updated pricing Alongside this expansion of features and capabilities, we are also making changes to our pricing, which will go into effect on July 1, 2026. At that time, we will update our list pricing for the following Microsoft 365 Government products: Microsoft 365 G3 (GCC, GCC-H, DoD), Microsoft 365 G5 (GCC, GCC-H, DoD), Office 365 G3 (GCC), and Office 365 E3 (GCC-H, DoD). *In accordance with federal regulations, for suites with total increases exceeding 10%, the increase will be phased over multiple years, with no more than 10% applied annually until the full adjustment is complete. Learn more about the updates coming to the commercial suites. Nonprofit pricing will be adjusted in line with commercial pricing, as it is tied to commercial rates through a fixed percentage discount. Our ongoing commitment to Government innovation Our dedication to Microsoft 365 Government goes beyond individual feature releases. We are focused on delivering the latest commercial capabilities to the public sector, anchored in the compliance and security certifications essential for government workloads. Through landmark initiatives like the OneGov offer, we’re accelerating the digitization of federal workloads and delivering unified access to advanced productivity, cloud, and AI services at significant cost savings. Within the last year, we’ve expanded Microsoft 365 Copilot to GCC, GCC-High, and DoD to enable agencies to harness secure generative AI for their most critical missions. Over the past four years, we’ve also brought advanced commercial grade security features, like integration of threat intelligence, to government clouds. This ensures agencies can confidently modernize while meeting the highest standards for compliance and certification. Looking ahead Microsoft remains dedicated to supporting government agencies with secure, compliant, and innovative solutions. We appreciate your continued trust and partnership as we work together to unlock new possibilities for public service. 1 - Off by default for Government environments.A CISO's Guide to Securing AI - Securing AI for Federal, DIB, and DoW Entities
Artificial Intelligence (AI) is rapidly reshaping federal missions, defense operations, and critical infrastructure. From intelligence analysis to logistics and cyber defense, AI’s transformative power is undeniable. Yet, with great power comes great responsibility and risk.Level Up Your Productivity: Join Our 2026 Copilot in Action Series this January and February
Unlock the full power of Microsoft Copilot with a series of fast, hands-on sessions designed to elevate your productivity. From building your first agent to transforming data in minutes, these webinars show you exactly how to work smarter in 2026. Reserve your spot now and start mastering the AI tools already at your fingertips.Microsoft 365 Copilot is now available in GCC-High
Update December 2, 2025: This post has been revised to clarify the availability timeline for Copilot Search in the Microsoft 365 Copilot App. It will be rolling out as part of Wave 2, in the first half of 2026. We’re excited to announce that Microsoft 365 Copilot is now available for customers in GCC-High, bringing powerful work-ready AI capabilities to organizations with the highest security and compliance requirements. This announcement builds on previous launches in the GCC and DoD cloud environments over the last year. Trusted AI, built for confidence Microsoft 365 Copilot combines the capabilities of large language models with Work IQ—the intelligence layer that helps Copilot understand you, your job, and your company—and weaves this understanding into familiar Microsoft 365 apps like Word, Excel, PowerPoint, and Outlook to help you work smarter and faster. With Microsoft 365 Copilot, agencies can streamline citizen services by drafting responses and summarizing case files in minutes. They can empower staff to manage budgets effectively by analyzing spending trends and generating compliance-ready reports, all within the Microsoft 365 apps where they already work today. Copilot for GCC-High is built to meet the strict regulatory frameworks many agencies and adjacent organizations operate under, adhering to FedRAMP High, DFARS, ITAR, CMMC, and other critical compliance requirements. Key protections include: Data Residency and Isolation: All data remains within U.S.-based data centers managed by screened U.S. personnel, ensuring compliance with government mandates. Encryption and Access Controls: Data is encrypted in transit and at rest, with Microsoft Entra ID enforcing role-based access. Responsible AI by Design: Copilot incorporates Microsoft’s Responsible AI principles, including safeguards against prompt injection and misuse. To ensure sensitive government data does not leave the GCC-High compliance boundary, Microsoft 365 Copilot is delivered to GCC-High with web grounding OFF by default. Shifting this setting to ON where appropriate will improve the quality of Copilot responses. For more details, visit Data, Privacy, and Security for Microsoft 365 Copilot. Capabilities in GCC-High today – and beyond Microsoft 365 Copilot customers in GCC-High will gain access to a powerful suite of features immediately, with more to come in Wave 2. As of today, the following capabilities are available or have begun rolling out in Microsoft 365 Copilot for GCC-High: Copilot in Microsoft 365 Apps: Integrated AI experiences in Word, Excel, PowerPoint, Outlook, and Teams, enabling users to draft, analyze, and collaborate securely within familiar productivity tools. These capabilities are designed to meet the strict compliance and data residency requirements of GCC-High, with all data stored in U.S.-based data centers and managed by screened U.S. personnel. Premium features in Copilot Chat: Copilot Chat with web grounding (default OFF) and the ability to reason over uploaded files is included with eligible Microsoft 365 plans (rolling out now). Adding a Microsoft 365 Copilot license unlocks full work data reasoning with Work IQ, deeper integration with Microsoft 365 apps, and extensive customization options[1] for secure integration with external data sources and custom workflows, with administrative controls to ensure security and compliance. Learn more about the relationship between Microsoft 365 Copilot and Copilot Chat. Compliance-Ready AI and Security Controls: Copilot for GCC-High is built to meet strict regulatory frameworks, including FedRAMP High, DFARS, ITAR, and CMMC. Data is encrypted in transit and at rest, with role-based access enforced by Microsoft Entra ID. Microsoft Purview and Enterprise Data Protection (EDP) are natively integrated for security, governance, and policy enforcement. Copilot Control System: Provides IT management controls, license management, and compliance monitoring. Administrators can configure and monitor Copilot usage to ensure alignment with organizational policies. Controls are conveniently centralized within the Microsoft 365 admin center. Notebooks and Pages in the Microsoft 365 Copilot App: Use Notebooks and Pages for collaborative work within the dedicated app. Wave 2 features are expected to ship to GCC-High in the first half of 2026. These include: GPT-5: Delivers faster, more accurate, and context-aware responses for advanced analysis and problem solving, while maintaining strict compliance within GCC-High boundaries. Image Generation: Enables users to create custom visuals from text prompts directly in chat and Microsoft 365 apps, with built-in compliance controls for secure usage and sharing. Code Interpreter: Allows secure Python code execution for data analysis, visualization, and automation, supporting advanced analytics and repetitive task automation. Researcher Agent: Provides deep research capabilities, synthesizing insights from organizational content and the web (where permitted), with source-cited, well-organized reports. Analyst Agent: Acts as a virtual data scientist, analyzing structured and unstructured data, visualizing trends, and supporting strategic decision-making. Microsoft 365 Copilot Connectors: Enable integration with third-party and line-of-business data sources, enabling secure, compliant workflows that extend Copilot’s reach beyond Microsoft 365. Copilot Search in the Microsoft 365 Copilot App: Harness Copilot Search for intelligent and context-aware information retrieval within the dedicated app. All of these features will be tailored to meet the strict security, compliance, and data residency requirements of GCC-High. For the latest roadmap and availability updates, refer to the official Microsoft 365 Roadmap and Microsoft 365 Copilot Service Description. Next steps For federal agencies in GCC-High who purchase through the GSA, significant discounts are currently available under the OneGov agreement announced in September, including the opportunity to use Microsoft 365 Copilot at no additional cost for up to 12 months with Microsoft 365 G5. Additional resources are listed below. Reach out to your account team or partner to learn more, request a demo, or get started with Microsoft 365 Copilot in GCC-High today. Resources Documentation and Admin Controls: Microsoft 365 Copilot overview Copilot Control System Overview Microsoft 365 Copilot Service Description Data, Privacy, and Security for Microsoft 365 Copilot Microsoft Purview data security and compliance protections for generative AI apps Apply principles of Zero Trust to Microsoft 365 Copilot Adoption Resources for Public Sector Customers: Copilot Readiness and Adoption Guide for Public Sector Customers Copilot Government Scenarios [1] Not all customization options are currently available in GCC-High. For up-to-date feature availability information refer to the Microsoft 365 Copilot Service Description.
