A quick recap: What Azure Storage Mover does

Azure Storage Mover is Microsoft’s fully managed migration service, purpose-built for moving data at scale into Azure. Since launching in 2023, it’s handled on-premises migrations. NAS devices, SMB and NFS file shares, the classic lift-and-shift scenarios. Then, earlier in 2025, Microsoft added cloud-to-cloud migration: direct, agentless transfers from AWS S3 to Azure Blob Storage.

No agents. No custom scripts. No third-party tooling. Just point it at your S3 bucket, define a target Blob container, and let the service handle it. During public preview, customers transferred petabytes of data this way, validating the approach at serious enterprise scale.

That feature reached General Availability in December 2025. It was a meaningful milestone. But it had one significant limitation that quietly blocked a whole category of customers from using it.

The missing piece: private networking

The GA release transferred data over public networks, specifically, using trusted Azure IP ranges with encryption in transit. That’s a reasonable security posture for many workloads. But “encrypted over public internet” and “compliant” are not synonyms in regulated industries.

The GA release was essentially off the table for production workloads for some organizations. They’d either continue with manual pipelines cobbled together with AWS Direct Connect, Azure ExpressRoute, and self-hosted tooling, or they’d wait. Today, they can stop waiting.

What the Private Preview Adds

The new capability enables Azure Storage Mover to transfer data from AWS S3 buckets inside a Virtual Private Cloud (VPC) to Azure Blob Storage, entirely over private networking. Data never touches the public internet.

The rest of the experience stays the same: orchestration through the Azure portal or CLI, automated job scheduling, real-time monitoring, metadata preservation, and integration with Azure’s governance and compliance frameworks including Microsoft Entra ID and RBAC.

What changes is the network path, and that change unlocks everything.

Why This Matters More Than It Might Seem

It’s easy to frame this as a niche networking feature. It’s not. Here’s the bigger picture:

It targets the highest-value migration candidates. The organizations with the strictest private networking requirements are typically the ones with the largest, most sensitive data estates. These are the customers with hundreds of terabytes, or petabytes, of data sitting in AWS that they’d like to move to Azure. Until now, the tooling hadn’t caught up to their requirements.

It removes the last major blocker for regulated workloads. The combination of agentless architecture, fully managed orchestration, and now private networking means Storage Mover can credibly handle migrations that previously required bespoke infrastructure, specialist knowledge, and significant engineering effort.

It reflects a broader competitive reality. Microsoft is actively positioning Azure as a migration destination for AWS customers. A fully managed, private, agentless S3→Blob pathway is a meaningful part of that story, particularly as more organizations reassess their multicloud strategies.

Current Limitations Worth Knowing

This is a private preview, and a few constraints apply. There’s a default cap of 10 concurrent migration jobs per subscription (though higher limits are available via support). Objects in AWS deep archive or Glacier tiers need to be restored before migration, that’s an AWS-side constraint, but worth planning for. And as with any preview, the feature may evolve before GA.

None of these are blockers for most migration projects, but they’re worth factoring into planning, especially for large parallel workloads.

What to Do Now

If your organization has been deferring an AWS-to-Azure migration specifically because of data sovereignty or private networking requirements, this private preview is worth getting on the radar now. Private preview means you’ll need to request access through Microsoft , but given that both preview windows are dated March 2026, a public preview and subsequent GA are likely not far behind.

Getting familiar with the feature early also means you can shape your migration approach before it hardens into a production pattern.

Start with the Azure Storage Mover documentation for configuration steps, and review your AWS VPC and Azure networking setup to ensure the private connectivity path is in place before kicking off a job.