Microsoft 365 Local is Now Generally Available

One of the most anticipated features for sovereign cloud environments is finally here! Microsoft has officially announced the general availability of Microsoft 365 Local, directly addressing years of expectations across government, defense, and highly regulated environments.

Microsoft 365 Local brings productivity workloads into a private cloud that runs inside your country, instead of using a global cloud. Microsoft initially introduced this capability in Europe, starting with France and Germany, before extending availability more broadly later in the year. Let’s break down what it is, why it matters, and what’s actually new.

Before understanding Microsoft 365 Local, it is essential to know what Azure Local is. Azure Local is a sovereign cloud platform by Microsoft designed to run inside your country or inside your organization’s own data center. It offers Azure-consistent services in environments that require strict data residency, regulatory compliance, or complete operational control.

This foundation matters because many organizations operate in regulated environments where traditional cloud adoption isn’t always possible. In the past, they either maintained complex on-prem servers or couldn’t adopt Microsoft 365 cloud services due to strict regulations. But with the Microsoft 365 Local GA announcement, the long-time void is finally filled!

Microsoft 365 Local now bridges that gap by offering cloud-consistent operations within a fully controlled, in-country environment.

Let’s look at the technical aspects of Microsoft 365 Local:

Microsoft 365 Local builds on this foundation. It is a partner-delivered, Azure Local–based deployment framework that brings core Microsoft collaboration workloads into a sovereign private cloud fully owned and controlled by the customer.

• Runs entirely on Azure Local, Microsoft’s sovereign/private cloud platform built on Azure Arc–enabled infrastructure (such as Azure Stack HCI).
• Uses Azure Arc as the unified control plane for monitoring, policy, configuration, and updates.
• Provides a validated, full-stack reference architecture that ensures predictable performance, resilience, and compliance.
• Delivers Microsoft’s server-based productivity workloads in a cloud-consistent, cloud-managed operational model.
• Azure Local applies 300+ hardened security controls across network isolation, identity & privileged access, host & VM hardening, encryption, and micro-segmentation.

Currently, the workloads included in Microsoft 365 Local are:

• Exchange Server
• SharePoint Server
• Skype for Business Server

Notice the keyword ‘Server’. This is the server-based productivity stack delivered on top of Azure Local, giving you private isolation with cloud-style management. Although Microsoft Teams never existed in an on-prem form, its exclusion still leaves many wishing for a more complete solution.

Many ask what’s different here, since Active Directory and other servers can already be hosted on-prem. The key is that Microsoft 365 Local is not an on-prem product, nor is it a public cloud service. It belongs to an entirely separate class: the sovereign cloud.

In the on-prem model, you buy servers, install Windows, install Exchange/SharePoint/Skype for Business, and maintain everything manually. But Microsoft 365 Local provides an Azure-managed full-stack environment where workloads run as part of a sovereign private cloud, not just as random on-prem server deployments.

It’s like the difference between: “Here are the ingredients, cook your meal” vs. “Here is a fully equipped kitchen with recipes, automation, monitoring, pre-tested appliances, and a chef assistant.”

Microsoft 365 Local targets organizations that need strict jurisdictional control over their collaboration workloads, such as:

• National or sub-national governments that require local control over data and processing.
• Critical infrastructure (defense, energy, health, finance) with jurisdictional controls and air-gap requirements.
• Enterprises subject to strict data locality, privacy laws, or contractual/regulatory mandates that prohibit the usage of public cloud regions.

Microsoft published a baseline, enterprise-scale reference architecture designed for resiliency and performance.

Server Role Architecture

You must use a nine-server architecture, allocated as follows, to support Microsoft 365 workloads.

• Four servers run as individual single-node Azure Local clusters, dedicated to the Exchange Server mailbox roles.
• Two servers also run as single-node Azure Local clusters to handle the Exchange Server edge transport roles.
• Three servers operate together as a three-node Azure Local cluster to support the SharePoint Server and SQL Server workloads.

Minimum Per-Server Hardware Specifications

Each of the nine physical servers must meet the following minimum specifications:

• Chassis: 2U form factor, NVMe enabled (24 × 2.5″ drive slots)
• CPU: Dual socket, Intel Xeon Gold 5418Y 2G, 24 cores (or equivalent)
• Memory: 512 GB RAM
• Boot Storage: 2 × 960 GB NVMe drives configured in RAID-1
• Capacity Storage: 24 × 4TB NVMe Read Intensive drives
• Networking: 2 × Nvidia ConnectX-6 10/25 GbE dual-port adapters
• Power Supplies: Dual, redundant, hot-swappable units
• Platform Security: TPM 2.0

Since Microsoft 365 Local uses Azure Arc as its control plane, you can manage the entire environment through the Azure Portal. Azure-based management is available only when you deploy Microsoft 365 Local in Connected Mode, one of its operational modes.

• The Azure Portal provides complete visibility into your Microsoft 365 Local deployment across servers and clusters. This includes insights into connectivity, health, updates, security alerts, and recommendations.
  
• You can also get a seamless cloud-based management experience, including Azure services like Azure Monitor and Microsoft Defender for Cloud.
• Azure Local applies more than 300 security settings to both the host infrastructure and the VMs as part of its secure-by-default strategy. These baselines align with best practices for network security, identity, privileged access, and data protection, helping organizations meet compliance requirements.
  

Microsoft 365 Local supports two operational modes. Refer to the following table for details.

Mode	Availability	Details	Ideal For
Connected Mode	December 2025	Allows centralized management through Azure services, including monitoring, updates, and policy enforcement.	Organizations that want cloud-style oversight while keeping data in-country, supported by Azure Monitor, Defender for Cloud, and Azure Arc.
Disconnected Mode	Early 2026	Provides complete isolation with no outbound connectivity.	Defense, government, critical infrastructure, or entities that require strict jurisdictional control.

Deployments must be performed by Microsoft-authorized solution partners. To support the lifecycle of the product and ensure correct configuration, Microsoft recommends working with a certified partner. Partners will help with hardware procurement, on-site installation, integration with local identity and networking, and ongoing support channels.

To engage a certified partner, visit: https://aka.ms/M365LocalSignup

Microsoft 365 Local sovereign cloud solution comes with tradeoffs:

• Scale and cost: The nine-server minimum architecture and validated hardware increase upfront and ongoing costs compared to public Microsoft 365.
• Feature parity: Microsoft 365 Local focuses on Exchange Server, SharePoint Server, and Skype for Business Server. Cloud-native Microsoft 365 services like MS Teams, Exchange Online, etc., weren’t operational through Microsoft 365 Local.

In summary, Microsoft 365 Local runs Exchange, SharePoint, and Skype Server directly on Azure Local. It gives organizations a sovereign, fully local version of Microsoft 365 that Azure Arc manages.

What do you think about this update?

• Does the lack of Teams and other cloud-native capabilities make it less useful?
• Why is Skype for Business included when it is already EOL?
• And will this setup actually be more reliable than traditional on-prem servers?

Leave your thoughts below and stay tuned for more insights!