Microsoft has unveiled a sweeping architectural overhaul for Azure Local, enabling the hybrid cloud platform to scale across thousands of servers in sovereign private-cloud deployments. Announced on April 27, 2026, the update introduces support for SAN-backed disaggregated infrastructure, fully local management and identity services, and a new scale-out fabric designed for air-gapped and disconnected environments. The move positions Azure Local as a direct challenger to traditional enterprise data center stacks and niche sovereign cloud offerings, while giving governments and regulated industries a path to run Azure services entirely on-premises—without ever touching the public internet.

From Hyperconverged to Hyperscale: What Changed

Azure Local, formerly known as Azure Stack HCI, originally shipped as a hyperconverged infrastructure (HCI) solution limited to a handful of nodes per cluster. Early versions maxed out at 16 servers, suitable for branch offices and edge locations. Microsoft later increased that to 64 nodes with the introduction of stretched clusters and disaggregated storage previews, but the platform remained fundamentally a mid-scale solution.

The April 2026 release dismantles those barriers. Azure Local clusters can now span up to 4,000 physical servers, managed as a single logical fabric. This is not simply a cluster-size bump—Microsoft has re-architected the control plane to run on a lightweight, Kubernetes-based orchestrator that can propagate management commands across a massive fleet without the overhead of traditional Windows Server Failover Clustering.

Behind this new scale is a fully disaggregated architecture that decouples compute from storage. Instead of requiring every server to contribute internal disks to a Storage Spaces Direct pool, Azure Local now supports external SAN (Storage Area Network) arrays. Organizations can connect existing Fibre Channel or iSCSI storage systems and use them as shared block storage for virtual machines and containers. This allows compute-only nodes to be added or removed without impacting data placement, making compute scaling truly elastic.

SAN-Backed Disaggregated Infrastructure

The headline feature for enterprise customers is native SAN integration. Until now, Azure Local demanded “converged” hardware where each node carried its own NVMe or SSD drives. That model works well for smaller deployments but becomes cost-prohibitive at scale. With SAN-backed infrastructure, storage can be provisioned from a centralized array, decoupled from server lifecycle management.

Key capabilities in the SAN support include:
- Multi-path I/O (MPIO) for high availability and load balancing across SAN paths.
- Storage replication between SANs for disaster recovery, integrated with Azure Site Recovery.
- Dynamic capacity pools: Administrators can carve LUNs (Logical Unit Numbers) on demand and assign them to Azure Local volumes without rebooting nodes.
- Thin provisioning and deduplication at the SAN level, passed through to Azure Local’s storage stack.

Microsoft has certified SAN arrays from Dell, HPE, NetApp, and Pure Storage for use with Azure Local. Support for NVMe-over-Fabrics is also included, giving low-latency access to all-flash arrays for performance-intensive workloads like SQL Server and AI inferencing.

This shift makes Azure Local competitive with VMware vSAN’s traditional ability to consume external storage, while preserving the Azure-consistent management plane. For organizations that already own SAN investments, the new capability removes a major barrier to adoption.

Local Management and Identity for Disconnected Scenarios

Sovereign clouds demand ironclad data residency and operational autonomy. The update introduces an entirely local management stack that does not require connectivity to Azure public cloud. This includes:
- Local Azure Resource Manager (ARM): A self-contained instance of the Azure control plane that runs fully on premises, enabling tenant self-service portals, role-based access control, and policy enforcement without any dependency on the internet.
- Local Entra ID (formerly Azure AD): A lightweight, on-premises deployment of Microsoft’s identity platform that synchronizes with on-premises Active Directory. Users, groups, and service principals can be managed entirely within the air-gapped environment, with multi-factor authentication supported via local RADIUS or smartcard systems.
- Offline updates and secure supply chain: Administrators can download signed update packages to a portable storage device and inject them into the cluster using a local update service, with full cryptographic verification of the supply chain. No Cloud Build service calls are required.
- Local monitoring and diagnostics: A hardened instance of Azure Monitor and Log Analytics runs on the cluster itself, storing telemetry locally and providing dashboarding through a locally hosted portal. Intelligent anomaly detection runs via on-cluster machine learning models that do not send data off-site.

The local identity capability is particularly significant. Many sovereign environments rely on legacy Active Directory forests with strict domain isolation. Local Entra ID bridges the gap by providing modern OAuth2 and OpenID Connect support while syncing with on-premises domains. Applications built for Azure’s identity model can run unchanged, even in a fully disconnected bunker.

Built for Sovereign and Regulated Workloads

Governments, defense agencies, and critical infrastructure operators face a dilemma: they need the innovation velocity of cloud-native services but cannot accept the risk of external connectivity. Microsoft is directly targeting these customers with the latest Azure Local-as-a-Sovereign-Cloud offering.

The platform now complies with strict data sovereignty frameworks including:
- GDPR (General Data Protection Regulation) – all data processing and storage remains within the jurisdiction.
- ITAR (International Traffic in Arms Regulations) – the system can be deployed in a completely offline mode with no telemetry or data egress.
- FedRAMP High – running Azure government-certified services on-premises with local compliance dashboards.

Moreover, the scale-out fabric supports multi-tenant isolation akin to public Azure regions, allowing multiple government agencies or departments to share the same physical hardware while maintaining logical separation. Each tenant gets its own Local ARM instance, network boundaries, and encryption keys.

How It Compares to Alternatives

Azure Local’s new capabilities sharpen its competition with both VMware and Nutanix in the private cloud space.

VMware vSphere Foundation can scale to thousands of hosts but relies on vCenter and a complex licensing model. VMware’s SAN support is mature, but the management plane is not designed for fully disconnected operation without additional products. Azure Local offers an integrated local portal that mirrors Azure’s public console, providing a more consistent experience for teams already familiar with Azure.

Nutanix pioneered HCI and has an air-gapped solution (Nutanix Dark Site), but it does not provide a native Azure-consistent API layer. Azure Local runs first-party Azure services like AKS (Azure Kubernetes Service) on-premises, giving developers a genuine hybrid Azure experience. Nutanix does offer a similar Kubernetes service, but it lacks deep integration with Azure Arc.

Google Distributed Cloud (air-gapped) and AWS Outposts both offer disconnected options, but Outposts must still connect to an AWS region periodically for billing and health checks. Azure Local’s fully local management model removes that tether entirely, making it more suitable for extreme sovereignty requirements.

Challenges and Considerations

Despite the ambitious feature set, customers should weigh several factors. First, the new scale-out architecture requires specialized hardware: a certified SAN array, high-speed networking (100 Gb/s or faster), and servers verified through the Azure Local Hardware Program. Transitioning from an existing HCI deployment to a disaggregated SAN model is not a simple software update—it involves a forklift migration.

Second, local management adds operational overhead. Patching and securing the local ARM, local Entra ID, and monitoring stack becomes the organization’s responsibility. Microsoft provides automated tooling, but IT teams accustomed to public Azure’s managed services will need new skilling.

Third, the pricing model has not been fully disclosed. Microsoft generally charges per physical core for Azure Local, with additional costs for guest operating systems and Azure services. The SAN-backed edition may introduce storage-based licensing tiers. Early adopter programs will be crucial for fine-tuning costs.

What’s Next for Azure Local

Microsoft plans to roll out the new scale-out capability in waves. The first general availability release will support up to 1,000 nodes with SAN storage, targeting mid-sized government data centers. A subsequent release later in 2026 will unlock the full 4,000-node limit and add support for GPU-centric compute pools for AI workloads. An early preview for Azure Local with Sovereign Landing Zones—a set of Azure Policy initiatives tailored to 35 government compliance frameworks—is expected within weeks.

For organizations considering a migration, Microsoft is offering a pre-built “sovereign blueprint” deployment package through select partners beginning May 2026. This includes hardware configuration guides, network architecture references, and a fully automated bootstrapping process that turns bare-metal servers into an operational sovereign cloud in under four hours.

The April 2026 announcement marks Azure Local’s transition from a niche edge product to a credible foundation for national-scale private clouds. By decoupling storage, adding massive scale, and cutting the cord to the public internet, Microsoft bets that sovereignty-conscious enterprises will finally bring the Azure experience home—on their own terms, and on their own hardware.