In 2026, Disconnected Operations for Azure Local brings a cloud-like management plane to fully disconnected environments: an Azure‑portal‑like experience, Azure Resource Manager (ARM), RBAC, managed identity, and selected Arc-enabled services run from a local control plane . This is a pivotal capability for sovereign, regulated, and air‑gapped deployments.
Background:
Sovereign and regulated sectors often require operating without reliable access to public cloud endpoints. Microsoft’s 2026 Sovereign Cloud updates explicitly position “Azure Local disconnected operations (now available)” as a globally available capability for mission‑critical infrastructure with governance and policy control—without cloud connectivity .
Deep dive on the new capability:
Disconnected Operations is built around a local “appliance” and management cluster that hosts a local cloud surface (portal + ARM + auth). Supported services include ARM, RBAC, managed identity, Arc-enabled servers, Azure Local VMs, ACR, Key Vault, Azure Policy, and preview support for Arc-enabled Kubernetes/AKS enabled by Arc .
Architecture/workflow (Mermaid):
flowchart TB
U[Admin/Operator] –> P[Local portal]
U –> C[Azure CLI + extensions]
P –> ARM[Local ARM endpoints]
C –> ARM
ARM –> ID[Identity + RBAC]
ARM –> VM[Azure Local VMs]
ARM –> ARC[Arc-enabled services]
ARM –> ACR[ACR]
ARM –> KV[Key Vault]
ARM –> POL[Azure Policy]
Step-by-step setup via CLI (commands):
– Capacity planning: management cluster sizing is higher due to hosting a local control plane; docs list minimum node count, CPU, RAM, and storage targets .
– CLI version: supported Azure CLI version is 2.78.0 for disconnected operations, with deployment guidance for 32-bit vs 64-bit installs .
– Certificate trust and cloud registration: import root CA cert into OS trust store (or update CLI Python cert store), then generate cloudConfig.json and run:
az cloud register -n ‘azure.local’ –cloud-config ‘@cloudconfig.json’
az cloud set -n azure.local
– Extensions and version ceilings: Arc/K8s/VM management depends on specific CLI extensions and maximum supported versions listed in the docs .
Use cases:
Air‑gapped/sovereign deployments, remote sites with limited connectivity, and sovereign “full stack” patterns combining Azure Local + Microsoft 365 Local disconnected + Foundry Local .
Limitations:
Service support is selective; capacity requirements are higher; some Kubernetes components remain preview in 2026 documentation .