I don't have much experience with Azure but I was amazed at how many things in AWS GovCloud don't meet FedRAMP encryption requirements. For example, none of the lambda runtimes have FIPS certified encryption libraries available, and you have to bring you own, which is rather complicated to do.