Sign in to my dashboard Create an account

Microsoft Azure and DoD IL5 support with Azure NetApp Files

person working on a laptop at a kitchen table
Table Of Contents

Share this page

Richard Crofford
Richard Crofford

In today’s digital landscape, the security and defense of data have become vital for the U.S. federal government. The increased threat and sophistication of bad actors in the world have made it difficult for the federal government to take advantage of the offerings that are available in Microsoft Azure. The federal government requires the same performance and enterprise-grade services that private industry does, but it also has some extra security requirements added in. Sometimes these extra security needs make it a bit more difficult for the U.S. government to Azure’s public cloud services.

Enter Microsoft Azure Government. U.S. government agencies and their partners who are interested in cloud services that meet government security and compliance requirements can be confident that Microsoft Azure Government provides world-class security and compliance. Azure Government delivers a dedicated cloud, enabling government agencies and their partners to migrate mission-critical workloads to the cloud. Azure Government services can accommodate data that is subject to various U.S. government regulations and requirements.

Azure Government uses physically isolated data centers and networks that are in the United States only. This location restriction provides the highest level of security and compliance for customer deployments. Compared with global Azure, Azure Government provides an extra layer of protection for customers. Contractual commitments restrict storage of customer data to the United States, and potential access to systems that process customer data is limited to screened workers in the United States.

If you are deploying Department of Defense (DoD) Impact Level 5 (IL5) workloads in the Azure Government regions US Gov Arizona, US Gov Texas, and/or Us Gov Virginia, review the Isolation guidelines for Impact Level 5 workloads

For extra customer assistance, Microsoft provides the Azure Policy regulatory compliance built-in initiative for Azure Government, which maps to DoD IL5 compliance domains and controls:  

Microsoft also maintains the following authorizations for Azure Government regions: 

  • Federal Risk and Authorization Management Program (FedRAMP) High Provisional Authority to Operate (P-ATO), issued by the FedRAMP Joint Authorization Board (JAB)
  • DoD IL2 Provisional Authorization (PA)
  • DoD IL4 PA
  • DoD IL5 PA    

Azure Government supports applications that use IL5 data in all available regions. IL5 requirements are defined in the U.S. DoD Cloud Computing Security Requirements Guide (SRG). IL5 workloads have a higher degree of impact to the DoD and must be secured to a higher standard. When you deploy these workloads on Azure Government, you can meet their isolation requirements in various ways. 

Three key services available to support the stringent data security and storage isolation requirements of the U.S. federal government are Azure NetApp Files, customer-managed keys, and Azure Key vault. Using all three services not only achieves IL5 compliance but allows customers to gain access to high performance and enterprise-class storage to migrate their mission-critical workloads to Azure.

What is Azure NetApp Files?

Azure NetApp Files is an Azure-native, first-party, enterprise-class, high-performance file storage service. It provides NAS volumes as a service, for which you can create NetApp® accounts and capacity pools, select service and performance levels, create volumes, and manage data protection. It enables you to create and to manage high-performance, highly available, and scalable file shares, using the same familiar protocols and tools that enterprise applications use in on-premises deployments. 

By virtue of NetApp’s deep and extensive experience in delivering enterprise, on-premises NAS solutions, Azure NetApp Files comes with a complete range of supporting features, such as: 

  • Linux file environments, including connections over both NFSv3 and NFSv4.1 
  • Windows applications through SMB with Active Directory integration 
  • Export and security policy support 
  • Advanced enterprise management features such as fast, highly efficient NetApp Snapshot™ copies and instant dataset cloning 
  • Together with NetApp data replication services, ease in getting your data in and out of your Azure NetApp Files environment 

These features save you time and money in deploying and running applications in the cloud that require file services. From both a performance and an efficiency standpoint, Azure NetApp Files lets your organization focus your technical resources on innovation rather than on administration, delivering more value to your organization.

Get extreme file performance  

Azure NetApp Files has three service levels, so you can choose the performance that best matches your application requirements. Performance for each volume scales with the amount of allocated capacity, so performance is not limited as your dataset grows. Unlike any other cloud storage, Azure NetApp Files reduces your risk by offering on-demand performance changes without requiring a time-consuming data copy.  

You get bare-metal performance, sub-millisecond latency, and integrated management for your complex enterprise workloads. SAP HANA - certified, high-performance computing (HPC), and line-of business applications are prime candidates for Azure NetApp Files, and so are high-performance file shares, databases, Azure Virtual Desktop (AVD), and Citrix workloads.

Simplify storage management  

You can set up in minutes and manage seamlessly, as with any other Azure service, by using the familiar Azure portal experience, CLI, Windows PowerShell, or REST API. Support for multiple file storage protocols in a single service, including NFSv3, NFSv4.1, and SMB 3.1.x, enables a wide range of application lift-and-shift scenarios, with no need for code changes.  

What are customer-managed keys? 

Customer-managed keys (CMK) for Azure NetApp Files volume encryption are encryption keys that you as the customer create and manage instead of being managed by Azure. With CMK, you can have more control over your data and ensure that your data is encrypted with your own keys. You can use CMK to encrypt Azure NetApp Files and other Azure services.  

What is Azure Key Vault?

Azure Key Vault is a cloud service that provides a secure store for keys, secrets, and certificates. It enables you to store and to manage cryptographic keys that you use for data encryption. Azure Key Vault provides a highly available and scalable service that you can access from anywhere in the world over HTTPS. It also offers granular access control to ensure that only authorized users can access the keys.  


With the Azure NetApp Files enterprise-grade cloud storage service, your organization can secure data by using various features, such as encryption, access control, and CMK.   

When you deploy CMK for Azure NetApp Files volume encryption, you gain greater control over your data and ensure that your data is encrypted with your own keys.

You can deploy the Azure Key Vault cloud service as a secure store for your organization’s keys, secrets, and certificates.

By using CMK for Azure NetApp Files volume encryption with Azure Key Vault, you can isolate your storage service and ensure that your data in Azure Government is encrypted and compliant with the IL5 requirements.

Start your secure journey toward DoD IL5-level data security and isolation today. To learn more, check out Azure NetApp Files.

Richard Crofford

Rich is a cloud solutions architect with over 20 years of experience in federal government and datacenter/cloud architecture, design, and implementation. He is focused on Azure NetApp Files, working to enable customers to deliver business outcomes for all IT workloads in their Azure cloud environments. Rich enjoys working on cars and loves to be outdoors.

View all Posts by Richard Crofford

Next Steps

Drift chat loading