O25DA1: Understanding Data Residency and Sovereignty in Dynamics 365 F&O (ERP)

<for my reference only: O25 = October 2025; DA4 = with Data Tag;>

In this blog, I am just trying to summarize some key topics regarding the Data residency and options available with Microsoft Dynamics 365 Finance & Operations (ERP) in one place. This is considerable a big topic and I personally don't have too much experience working with On Prem implementations, myself - so including Microsoft links as much as I can. Hope this helps :) 

So, Where Does Microsoft Store Data for D365FO?

Microsoft Dynamics 365 Finance & Operations (D365FO) is a cloud-based ERP solution hosted on Microsoft Azure datacenters. When you deploy an environment, you select a region (geo), and Microsoft ensures that your customer data at rest stays within that region. For European customers, this means data is stored in EU-based Azure regions like West Europe or North Europe.
Microsoft may replicate data within the same geo for durability, but not outside it - there are always exceptions for rare cases like troubleshooting or legal compliance. But then Microsoft would take the needed approvals before doing so. 
👉 Learn more about Dynamics 365 Data Residency

How Can We Control and Contribute to This?

We influence data residency by:

  • Choosing the correct region during environment setup.
  • Choosing Lifecycle Services (LCS) geo carefully - its data residency may differ from your environment if you don't choose / update the Geo to align with your requirements.
    👉 Deployment Options by Geography
If you have worked with D365FO for a while now, you might have noticed - the change in URLs in recent times, which act as a visual representation of where the data is residing. Of course, this might not be true of older implementations. 

In D365FO, 

In LCS, 


We also could implement standard and simple data governance practices:
  • Classify personal data (of course, first try not to store personal data in F&O wherever possible).
  • Use encryption at rest and in transit (Azure SQL Database does this by default, so this means D365FO database have this enabled by default).
  • Apply cleanup routines for unnecessary logs and staging data (this is often ignored and turns out to a bigger trouble down the line).
    👉 Manage Data in Finance and Operations Apps

Why Is Data Residency Important from a GDPR Context?

GDPR gives EU citizens rights over their personal data:

  • Access, Rectify, Erase, Portability.
  • Organizations act as data controllers, while Microsoft is the processor.
    You must ensure:
  • Responding to Data Subject Requests (DSRs).
  • Maintaining audit trails.
  • Implementing security measures.
    👉 GDPR Compliance Guide for Dynamics 365

Microsoft provides tools like:

What About Telemetry Data?

Telemetry includes system logs and operational data collected for service reliability and security.
With the EU Data Boundary, Microsoft now stores and processes:

  • Customer data, pseudonymized personal data, and support data within EU/EFTA regions for Dynamics 365, Azure, and Microsoft 365.
    👉 EU Data Boundary Overview

Exceptions:
Some global services (e.g., CDN) may still process telemetry outside the EU, but:

  • Transfers are rare, encrypted, and audited. And the Excluded services list are loosely related to D365FO products and services.
  • Microsoft contests foreign government access without proper legal basis - meaning, If a foreign government (outside the EU) requests access to customer data stored in Microsoft Cloud (for example, under laws like the U.S. CLOUD Act), Microsoft does not automatically comply.
    👉 Excluded Services List

Addressing Public Sector Concerns Around Data Residency

Public sector customers often fear:

  • Foreign government access (e.g., U.S. CLOUD Act).
  • Loss of control over sensitive data.

Debatable Comparisons to Encourage Cloud Adoption, wherever possible only. 

  • Security: Microsoft invests billions in EU cybersecurity; on-prem often lacks 24/7 threat monitoring.
  • Compliance: EU Data Boundary eliminates cross-border transfers, simplifying GDPR compliance.
  • Innovation: Cloud enables AI features like Copilot with in-country processing.
  • Cost: Predictable subscription vs. heavy CAPEX for on-prem infrastructure.

👉 Microsoft's Trust Center

On-Premises Option and Data Handling

D365FO on-premises gives:

  • Full control over data residency.
  • Ability to enforce custom security policies.
  • Offline capabilities for remote areas.
    But it comes with:
  • High maintenance costs.
  • Limited scalability and innovation compared to cloud.
    👉 On-Premises Deployment Guide

Microsoft’s Sovereign Cloud Announcement

In June 2025, Microsoft introduced three sovereignty models for Europe:

  1. Sovereign Public Cloud – EU datacenters, EU-only staff, customer-controlled encryption keys.
  2. Sovereign Private Cloud – Azure Local + Microsoft 365 Local in your datacenter for air-gapped environments.
  3. National Partner Clouds – Operated by local companies (e.g., Bleu in France, Delos in Germany).
    👉 Read the Official Blog

What’s the Big News?

In plain terms, Microsoft is giving European organizations more control over their data in cloud, where it’s stored, and who can access it, while still using Microsoft’s cloud services like Azure and Microsoft 365.

Think of it like this:

  • Before: You rented an apartment (public cloud) where the landlord had the keys and could enter for maintenance.
  • Now: You can choose an apartment where you hold the keys, decide who enters, and even pick the neighbourhood (country) where the apartment is located.

Why Is This Important?

European governments and regulated industries (banks, healthcare, public sector) have strict rules about data privacy and sovereignty. They want:

  • Data to stay in Europe.
  • Control over encryption keys.
  • Assurance that only Europeans manage their systems.

Closing Thoughts

As Technical consultants and architects, our role is to balance compliance, security, and innovation. Microsoft’s EU Data Boundary and Sovereign Cloud offerings make it possible to achieve data sovereignty without sacrificing agility. The conversation with customers should focus on trust, transparency, and tangible benefits - because cloud isn’t just about technology; it’s about enabling organizations to serve their employees and then their customers better.

Comments

Post a Comment

Popular posts from this blog

D365FO - Copy of databases across environments

Image
When working with Dynamics 365 Finance and operations implementations, it is an obvious step to perform database movements across environments. We have been doing this in the previous version (AX2012) as well, where we had to change the environments related settings after the database copy manually. Now we D365FO , we might end up in different scenarios based on the Tier-level of the environment . So I have tried to identify the #4 major scenarios in here and share the approach I have used.  Copy of DB from Tier 1 env. to another Tier 1 env. Copy of DB from Tier 1 env. to a Tier 2 env. Copy of DB from Tier 2 env. to another Tier 2 env. Copy of DB from Tier 2 env. to a Tier 1 env. The below picture is an illustration of different types and corresponding solutions on a high level (sorry for my not-so-good-handwriting 😅) #1 Tier 1 -> Tier 1 DB copy:   This scenario can happen quite common if you have multiple tier-1 environment in your on-going project li...
Read more

Extended Data Types in Microsoft Dynamic Ax & EDT array

Image
·          An extended data type is extended from a base type or another extended data type. The difference is that an extended data type has a property sheet where information such as labels, length and left or right adjustment are stored. ·          EDT are a central part of MorphX. Whether you are adding fields to a table or declaring variables from X++, extended data types should always be used instead of using base types and the reason for that is Dynamics Ax provides powerful features to handle EDTs. ·          The best practice is to check before creating a new extended data type you should check whether in existing one will fulfill your needs. ·          If you have found an EDT which suits your needs, but another label or help text is required, you should create a new EDT with your requirements, but never mod...
Read more

Error: Field 'xxx' does not exist in D365Ops

Image
Today I encountered a weird error while working with newly created Enums and Tables in Visual Studio 2015 with a Dynamics 365 for Finance and Operations project. Error message while trying to build my project was: The underlying type 'BKA_Status ' or its base type for table 'BKA_GoalMaster' field 'GoalStatus' does not exist. The underlying type 'BKA_GoalTypes ' or its base type for table 'BKA_GoalMaster' field 'GoalType' does not exist.</Message> However, I had the 'BKA_Status' as well as 'BKA_GoalTypes' Enums already available in my project and even the project is Synchronized with the database. Root cause: To be honest, I was unable to find the root cause for sure. However, I imagine the error has something to do with the refresh of metadata because of the kind of solution which helped to resolve the error.  I have had 'Extends' property filled in with another Enum which was not existing in t...
Read more