Azure Geographies: Data residency
This article describes how Azure Geographies manage data residency when processing customer content for features known as Designated Services. For more information and a list of Azure data center regions in each Geography, see Data residency in Azure.
How does Databricks manage data residency when processing customer content?
In Azure Databricks architecture, there is a “control plane”, a “classic compute plane” and a “serverless compute plane” that are provided on a region-specific basis.
Designated Services, including those that power Generative AI workloads, are available on a Azure Geographies basis. Designated Services are always managed by Databricks on the customer’s behalf.
Customer content is only processed in the same Geo as your workspace, except for certain Designated Services. If a Designated Service is not available in your workspace Geo, an account admin may be able to use the feature by explicitly giving permission to process relevant data in another Geo.
Designated Services offered on a Geo basis
For Designated Services, such as those that depend on GPUs or other advanced processing, customer content is processed in the workspace Azure Geographies. For more information see Databricks Designated Services
Will my data be sent out of a Geo?
Customer content is processed in Geos similar to how the classic compute plane processes data within a specific region.
Customer content is only processed within the same Geo as your workspace, unless you give Azure Databricks permission to send data to another Geo.
Enable cross-Geo processing
Account admins can enable cross-Geo processing that allows data for Designated Services to be processed outside of their workspace Geo. If a designated service is not available in your workspace Geo, you may be able to use the feature by giving permission to process relevant data in another Geo.
To enable cross-Geo processing:
As an account admin, go to the account console.
In the sidebar, click Workspaces.
To find the workspace you want to control Geo settings for, use the search box.
Click the workspace name, and click the Security and compliance tab.
Disable Enforce data processing within workspace Geography for AI features.
Will my existing compute planes be moved to a different region in the same Geo?
No. In both the serverless and classic compute planes, regional compute planes remain in their region for all existing services. The classic compute plane operates in an account under your control, and you must specify the region in which it operates. Serverless compute plane resources, such as serverless SQL warehouses, are offered on a regional basis and do not process data outside of your selected region.
How do Geos affect Preview features?
Preview features may involve processing data across Geos unless otherwise noted in the documentation.
Additional resources
See Data residency in Azure for more information and a list of Azure data center regions in each Geography.
See DatabricksIQ trust and safety for how data is used and protected for DatabricksIQ.