Once again this month, I’m back with my recurring series focused on the evolution of Azure management and security services, with a special focus on hybrid and multicloud scenarios enabled by Azure Arc and enhanced by the use of Artificial Intelligence.
This monthly series aims to:
-
Provide an overview of the most relevant updates released by Microsoft;
-
Share operational tips and field-proven best practices to help architects and IT leaders manage complex and distributed environments more effectively;
-
Follow the evolution towards a centralized, proactive, and AI-driven management model, in line with Microsoft’s vision of AI-powered Management.
The key areas we will cover in this series, along with the corresponding tools and services, include:
🔹 Hybrid and multicloud environment management – with Azure Arc, which extends policy, security, management, and automation capabilities to on-premises and multicloud resources.
🔹 AI and intelligent automation – enabled by Microsoft Copilot in Azure, AIOps capabilities, and predictive tools to streamline operations and support smarter decision-making.
🔹 Security posture across hybrid and multicloud infrastructures – using Microsoft Defender for Cloud and other native services for vulnerability management and advanced threat protection.
🔹 Governance and policy management – leveraging tools such as Azure Policy, Azure Cost Management, and Resource Graph to ensure control, standardization, and cost/resource optimization.
🔹 Update & Patching – through Azure Update Management, Azure Automation, and native patching capabilities across Azure Arc-enabled environments.
🔹 Backup & Resilience – using Azure Backup and Azure Site Recovery to ensure business continuity, data protection, and disaster recovery.
🔹 Monitoring – with tools like Azure Monitor, Log Analytics, and Application Insights for comprehensive visibility and effective troubleshooting.
Hybrid and multicloud environment management
Azure Arc
Azure File Sync Extension for Azure Arc
The Azure File Sync Arc extension is now generally available, enabling simplified deployment and management of Azure File Sync on Azure Arc–enabled Windows Servers. With this extension, you can install the Azure File Sync agent directly from the Azure portal, via PowerShell, or CLI—supporting Windows Server starting from version 2012 R2. The extension is available in all Azure File Sync–supported regions at no additional cost, marking a significant step forward in the unified management of distributed environments.
New SQL Server Database Migration Experience in Azure Arc (Preview)
A new integrated migration experience for SQL Server databases in Azure Arc environments is now available in public preview, designed to streamline the entire migration journey to Azure SQL Managed Instance. Integrated with Azure Database Migration Service, the process is now fully manageable from a single interface within the Azure portal. This centralized, automated approach offers ongoing database assessments with cost insights, simplified target provisioning, and near real-time replication support, minimizing downtime. You can also validate migration readiness through read-only replicas and client connection reports. Microsoft Copilot is embedded at key stages of the workflow, providing AI-powered decision support that makes the entire transition faster, more informed, and more reliable.
Security posture across hybrid and multicloud infrastructures
Microsoft Defender for Cloud
New features, bug fixes, and deprecated features of Microsoft Defender for Cloud
The development of Microsoft Defender for Cloud is constantly evolving, with continuous improvements being introduced. To stay updated on the latest developments, Microsoft updates this page, which provides information on new features, bug fixes, and deprecated features. Specifically, this month’s main news includes:
- Four New Regulatory Compliance Standards (Preview): Microsoft Defender for Cloud is expanding its compliance support with the introduction of four new regulatory frameworks, now available in public preview for Azure, AWS, and GCP environments. The newly added standards include the Digital Operational Resilience Act (DORA), the European Union Artificial Intelligence Act (EU AI Act), the Korean Information Security Management System for Public Cloud (k-ISMS-P), and the CIS Microsoft Azure Foundations Benchmark v3.0. These frameworks can be enabled directly from the Regulatory Compliance dashboard in Microsoft Defender for Cloud, offering increasingly comprehensive coverage for multicloud scenarios. Their integration allows security and compliance teams to continuously monitor and align cloud environments with the most current and globally relevant regulations.
- Container Image Scanning Support for Chainguard and Wolfi: Microsoft Defender for Cloud’s vulnerability scanning engine—powered by Microsoft Defender Vulnerability Management—now extends its coverage to Chainguard container images and the Wolfi distribution. This new capability enables the detection of vulnerabilities within these container images, helping to validate the security of builds before they are deployed to production. The goal is to ensure that the images in use meet the highest security standards while supporting the adoption of modern, secure containerized environments. Note that expanding scan coverage to new image types may lead to increased costs, depending on the number and frequency of scans performed.
Backup & Resilience
Azure Backup
Standard Backup Policy Support for Trusted Launch Virtual Machines
Standard backup policy support for Trusted Launch–enabled virtual machines is now generally available. Trusted Launch is a key security feature for enhancing VM protection in Azure, and this update simplifies backup configuration for VMs using it—now the default setting in major VM creation flows. It ensures full operational continuity for automated processes via PowerShell, CLI, or REST API. Existing scripts require no policy changes, reducing potential errors and enhancing the resilience of backup workflows. This marks a significant step toward a secure, automated approach to backup management across cloud and hybrid environments.
Migration of Azure VM Backups from Standard to Enhanced Policy
Azure Backup now allows the migration of virtual machine backups from standard policies to enhanced policies, offering more advanced and flexible data protection. With this capability, you can schedule backups up to every 4 hours and retain snapshot-based recovery points for longer periods. Recovery points created with the enhanced policy reside in the snapshot tier and are zone-resilient, increasing reliability. Additionally, multi-disk crash consistency is supported. Migrating to an enhanced policy also enables VMs to be upgraded to Trusted Launch and to adopt Premium SSD v2 or Ultra Disk storage—without disrupting or compromising existing protection. This evolution supports a modern, scalable, and mission-critical–ready data protection strategy.
Agentless Crash-Consistent Backup for Multi-Disk Azure VMs
Azure Backup now supports agentless crash-consistent backups for multi-disk Azure virtual machines. This feature enables backups without the need to install additional software such as the VM agent or snapshot extension inside the VM. It is particularly beneficial for performance-sensitive workloads that can tolerate crash-consistent backups, minimizing downtime during backup operations. It’s also useful for systems with OS versions that do not support application-consistent or file-system–consistent backups. You can enable this functionality by specifying the desired consistency type within the backup policy.
Azure Backup: Advanced Protection for VMs with Premium SSD v2 Now Available in Norway and Japan
Azure Backup continues to enhance protection for critical workloads in hybrid cloud environments with the general availability of Geo-Redundant Storage (GRS) and Cross-Region Restore (CRR) for virtual machines using Premium SSD v2. These features provide geographically redundant backups and on-demand restores in secondary regions, ideal for audit scenarios or disaster recovery plans. Availability has now been extended to Norway West, Norway East, Japan West, and Japan East, enabling even greater resilience for performance-sensitive, distributed architectures.
Monitoring
Azure Monitor
Log Analytics Summary Rules: Efficient Analysis for High-Volume Data Streams
Microsoft has announced the general availability of Summary Rules in Log Analytics—a powerful tool designed to optimize the management of high-ingestion data streams. Summary Rules enable aggregation and summarization of data from Analytics, Basic, or Auxiliary plans, allowing for robust analysis, high-performance dashboard creation, and long-term reporting based on summarized Analytics tables. With the GA release, Microsoft has also increased the configurable rule limit per workspace to 100, a key improvement for teams managing complex and distributed environments.
Log Analytics: Enhanced Search Jobs for More Flexible Data Management
Several major enhancements to Search Jobs in Log Analytics are now generally available. Search Jobs allow asynchronous queries across all data within a workspace, including data stored in long-term retention. New improvements include a more intuitive and streamlined user interface, cost estimation prior to execution, and increased concurrency—enabling multiple jobs to run simultaneously without additional limits. Support for up to 100 million results is also coming soon, along with expanded KQL capabilities and other anticipated enhancements.
Conclusions
Once again this month, the evolution of Azure services in the areas of management and security confirms the ongoing shift toward increasingly integrated, intelligent, and proactive management of hybrid and multicloud IT environments. The latest updates—from the enhancement of Azure Arc to the increased resilience provided by Azure Backup, the continuous enrichment of Microsoft Defender for Cloud, and the new advanced monitoring capabilities—demonstrate Microsoft’s commitment to delivering practical tools to address the challenges of complexity and security. In a context where the adoption of AI and automation is becoming ever more strategic, it is essential for architects and IT leaders to stay informed and ready to seize the opportunities these innovations offer. Stay tuned for next month’s updates, as we continue to explore the developments shaping the future of IT management.