Azure Active Directory B2C: Region availability & data residency
Azure Active Directory B2C (Azure AD B2C) stores customer data in a geographic location based on how a tenant was created and provisioned. For the Azure portal or Azure AD API, the location is defined when a customer selects a location from the pre-defined list.
Region availability and data residency are two different concepts that apply to Azure AD B2C. This article explains the differences between these two concepts, and compares how they apply to Azure versus Azure AD B2C.
Azure AD B2C is generally available worldwide with the option for data residency in the United States, Europe, Asia Pacific, or Australia.
Azure AD B2C is available worldwide via the Azure public cloud. You can see availability of this service in both Azure's Products Available By Region page and the Active Directory B2C pricing calculator. Also, Azure AD B2C service is highly available. Learn more about Service Level Agreement (SLA) for Azure Active Directory B2C.
Azure AD B2C stores customer data in the United States, Europe, the Asia Pacific region, or Australia.
Data residency is determined by the country/region you select when you create an Azure AD B2C tenant:
Data resides in the United States for the following locations:
United States (US), Canada (CA), Costa Rica (CR), Dominican Republic (DO), El Salvador (SV), Guatemala (GT), Mexico (MX), Panama (PA), Puerto Rico (PR) and Trinidad & Tobago (TT)
Data resides in Europe for the following locations:
Algeria (DZ), Austria (AT), Azerbaijan (AZ), Bahrain (BH), Belarus (BY), Belgium (BE), Bulgaria (BG), Croatia (HR), Cyprus (CY), Czech Republic (CZ), Denmark (DK), Egypt (EG), Estonia (EE), Finland (FT), France (FR), Germany (DE), Greece (GR), Hungary (HU), Iceland (IS), Ireland (IE), Israel (IL), Italy (IT), Jordan (JO), Kazakhstan (KZ), Kenya (KE), Kuwait (KW), Latvia (LV), Lebanon (LB), Liechtenstein (LI), Lithuania (LT), Luxembourg (LU), North Macedonia (ML), Malta (MT), Montenegro (ME), Morocco (MA), Netherlands (NL), Nigeria (NG), Norway (NO), Oman (OM), Pakistan (PK), Poland (PL), Portugal (PT), Qatar (QA), Romania (RO), Russia (RU), Saudi Arabia (SA), Serbia (RS), Slovakia (SK), Slovenia (ST), South Africa (ZA), Spain (ES), Sweden (SE), Switzerland (CH), Tunisia (TN), Turkey (TR), Ukraine (UA), United Arab Emirates (AE) and United Kingdom (GB)
Data resides in Asia Pacific for the following locations:
Afghanistan (AF), Hong Kong SAR (HK), India (IN), Indonesia (ID), Japan (JP), Korea (KR), Malaysia (MY), Philippines (PH), Singapore (SG), Sri Lanka (LK), Taiwan (TW), and Thailand (TH)
Data resides in Australia for the following locations:
Australia (AU) and New Zealand (NZ)
The following locations are in the process of being added to the list. For now, you can still use Azure AD B2C by picking any of the locations previously listed.
Argentina, Brazil, Chile, Colombia, Ecuador, Iraq, Paraguay, Peru, Uruguay, and Venezuela
EU Data Boundary
The EU Data Boundary is Microsoft's commitment for our public sector and commercial customers in the EU and EFTA to process and store their customer data in the EU.
Services temporarily excluded from the EU Data Boundary
Some services have work in progress to be EU Data Boundary compliant, but this work is delayed beyond January 1, 2023. The services listed will become compliant over the coming months. The following details explain the customer data that these features currently transfer out of the EU Data Boundary as part of their service operations:
- Reason for customer data egress - These features haven't completed changes to fully process admin actions and user sign-in actions within the EU Data Boundary.
- Types of customer data being egressed - User account and usage data, and service configuration such as policy.
- Customer data location at rest - In the EU Data Boundary.
- Customer data processing - Some processing may occur globally.
- Services - Administrator actions in the Azure portal or APIs, and User Sign-In Service
Remote profile solution
With Azure AD B2C custom policies, you can integrate with RESTful API services, which allow you to store and read user profiles from a remote database (such as a marketing database, CRM system, or any line-of-business application).
- During the sign-up and profile editing flows, Azure AD B2C calls a custom REST API to persist the user profile to the remote data source. The user's credentials are stored in Azure AD B2C directory.
- Upon sign-in, after credentials validation with a local or social account, Azure AD B2C invokes the REST API, which sends the user's unique identifier as a user primary key (email address or user objectId). The REST API reads the data from the remote database and returns the user profile.
After sign-up, profile editing, or sign-in is complete, Azure AD B2C includes the user profile in the access token that is returned to the application. For more information, see the Azure AD B2C Remote profile sample solution in GitHub.