National cloud deployments
In addition to our global network of datacenters, Microsoft cloud services are available in two separate national clouds. These national cloud versions are physical and logical network-isolated instances of Microsoft enterprise cloud services that are confined within the geographic borders of specific countries and operated by local personnel.
Current national clouds include:
- Microsoft Cloud for US Government
- Microsoft Azure and Microsoft 365 operated by 21Vianet in China
Each national cloud environment is unique and different than the Microsoft global environment. It's important to be aware of some of these key differences when you develop applications for national cloud environments; for example, registering applications, acquiring tokens, and calling the Microsoft Graph API can be different.
This article provides information about the different Microsoft Graph national cloud deployments and the capabilities that are available to developers within each.
Microsoft Graph Data Connect does not support any of the national cloud deployments.
App registration and token service root endpoints
Before calling the Microsoft Graph APIs, you should first register your application and acquire a token. The following table lists the base URLs for the endpoints to register your application and acquire tokens for each national cloud.
|National cloud||Azure portal endpoint||Microsoft Entra ID endpoint|
|Azure global service||
|Azure US Government||
|Azure China operated by 21Vianet||
Microsoft Graph and Graph Explorer service root endpoints
The following table shows the service root endpoints for Microsoft Graph and Graph Explorer for each national cloud.
|National Cloud||Microsoft Graph||Graph Explorer|
|Microsoft Graph global service||
|Microsoft Graph for US Government L4||
|Microsoft Graph for US Government L5 (DOD)||
|Microsoft Graph China operated by 21Vianet||
For an app in US Government:
- If you're working in a Microsoft 365 GCC environment, continue using the worldwide endpoints:
- If you're working in a Microsoft 365 GCC High environment, use
- If you're working in a Microsoft 365 DoD environment, use
Apps can only access organizational data through the national cloud endpoints. This means that apps can only access data in tenants that are registered in the specific national cloud. Apps that are trying to access consumer data associated with Microsoft personal accounts through Microsoft Graph should use the global service
https://graph.microsoft.com. Access tokens acquired for a national cloud deployment are not interchangeable with those acquired for the global service or any other national cloud.
The following Microsoft Graph features are generally available on the
/v1.0 endpoint across all national cloud deployments, except where noted.
|Microsoft Graph features||Microsoft Cloud for US Government||Microsoft Cloud China operated by 21Vianet|
|Applications and service principals||✔||✔|
|Change notifications (subscriptions)||✔||✔|
|Change tracking (delta query)||✔||✔|
|Open type extensions||✔||✔|
|Privileged identity management||✔||✔|
|Reports (Microsoft Entra activity reports)||✔||✔|
|Reports (Microsoft 365 reports)||➖||➖|
|Search (Microsoft Search)||✔||✔|
|Service health and communications||✔||✔|
For more information about the availability of Microsoft 365 usage reports in national clouds, see Working with Microsoft 365 usage reports in Microsoft Graph.
(*) Limited support for Exchange and OneDrive services only. Microsoft Entra services aren't supported.
Certain services and features that are in specific regions of the global service might not be available in all of the national clouds. To find out what services are available, see products available by region.
To learn more about National clouds, see the following articles:
- Microsoft National Clouds
- Microsoft 365 for US Government
- Microsoft 365 operated by 21Vianet
- Azure Government
- Azure China 21Vianet
Explore samples for authenticating and working with Azure and Microsoft 365 in National cloud deployments: