Microsoft Azure cloud gets OK to handle sensitive Veterans Affairs data

The Department of Veterans Affairs approved Microsoft Azure Government to handle its most sensitive data, the company announced Wednesday.
(Getty Images)

Microsoft Azure Government cloud is approved to handle the Department of Veterans Affairs’ most sensitive data, the company announced Wednesday.

The cloud service provider received a high authority to operate for the department under the Federal Risk and Authorization Management Program — designating that it meets the security requirements necessary to handle the department’s “sensitive data including PII and PHI.” This follows Azure Government’s announcement last month that it had been granted a high P-ATO from the FedRAMP Joint Authorization Board for 12 additional services, bringing its high provisionally authorized services to 32.

“We are proud that VA has chosen Microsoft to help them with initiatives to modernize and consolidate their data centers,” Susie Adams, chief technology officer for Microsoft Federal, said in a statement. “With the acceptance of the Azure Government FedRAMP High ATO, this demonstrates VA’s leadership in embracing the cloud beyond moderate data systems and allows VA to serve veterans around the world with innovative solutions powered by the cloud.”

The department’s electronic health record system, VistA, is an example of a system the department could host in Azure Government Cloud, Adams told FedScoop.


Members of the Open Source Electronic Health Record Alliance “are presently bringing up pilot instances of VistA in the Microsoft Azure Government cloud,” the announcement notes.

“If you were to host [VistA] in the cloud, it would more than likely have to be in a FedRAMP high-approved system,” Adams said of the electronic health record system, noting the ATO “really opens the door for mission apps like a VistA, if the VA were to do that.”

Adams explained, however, that Microsoft is not saying the VA has said that it would do so.

What makes Azure Government different, Adams said, is that the company isn’t just offering infrastructure-as-a-service, but it is also looking at things from a platform-as-a-service perspective.

“It’s not just a lift-and-shift infrastructure-as-a-service — our certification actually has platform-as-a-service capabilities as well in it, which gives them a lot of flexibility on the solutions they can build at VA, and host in the cloud,” Adams said.

Samantha Ehlinger

Written by Samantha Ehlinger

Samantha Ehlinger is a technology reporter for FedScoop. Her work has appeared in the Houston Chronicle, Fort Worth Star-Telegram, and several McClatchy papers, including Miami Herald and The State. She was a part of a McClatchy investigative team for the “Irradiated” project on nuclear worker conditions, which won a McClatchy President’s Award. She is a graduate of Texas Christian University. Contact Samantha via email at, or follow her on Twitter at @samehlinger. Subscribe to the Daily Scoop for stories like this in your inbox every morning by signing up here:

Latest Podcasts