This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Local, as officially released by Microsoft in the past two weeks.
Azure
Compute
RHEL Software Reservations Now Available on Azure with Updated Pricing
Red Hat Enterprise Linux (RHEL) software reservations are available again on Azure with updated billing meters and pricing. The revised structure addresses issues present in previous meters and aligns with Red Hat’s current pricing model, improving accuracy and transparency. With clearer pricing visibility and alignment to the latest licensing framework, customers can more easily plan and optimize RHEL deployment costs on Azure—purchasing reservations to reduce operational expenses while retaining enterprise-grade Linux capabilities.
VM vCore customization features disabling simultaneous multi-threading (SMT/HT) and constrained cores (preview)
Azure announces public preview of Virtual Machine (VM) customization features that provide granular control over virtual CPU (vCPU) configurations to optimize performance and licensing. Customers can disable Simultaneous Multi-Threading (SMT, also known as Intel Hyper-Threading (HT)) to run with one thread per core for latency-sensitive or single-threaded workloads, and select a custom vCPU count from validated options to lower per-vCPU licensing costs while preserving full memory, storage, and I/O bandwidth. The capabilities are available across a broad set of VM sizes in select regions during preview and can be used independently or together. They are well suited for database and High-Performance Computing (HPC) scenarios, and are accessible through the Azure portal, ARM templates, Azure CLI, and PowerShell.
Sharing Capacity Reservation Groups (preview)
Azure introduces public preview support for sharing Capacity Reservation Groups (CRGs) across subscriptions, expanding beyond the previous limitation of using CRGs only within a single subscription. By enabling on-demand CRGs to be shared, organizations can centralize capacity management, promote resource reuse, scale out more cost-effectively, and separate security responsibilities from capacity planning. This enhancement simplifies governance for enterprises operating multiple subscriptions while maintaining reserved capacity for planned Virtual Machine (VM) deployments.
Networking
Enhanced cloning and Public IP retention scripts for Azure Application Gateway migration
Azure Application Gateway provides two production-ready PowerShell scripts to accelerate migration from V1 (Standard or Web Application Firewall (WAF)) to V2 (Standard_V2 or WAF_V2). The cloning script automates end-to-end configuration replication—including front-end Transport Layer Security (TLS) and trusted root certificates—and supports private-only V2 gateways, while the Public IP retention script allows the existing V1 public IP to be preserved on the V2 gateway. With V1 retirement set for April 2026, these tools reduce downtime, minimize manual steps, and de-risk large-scale cutovers.
Azure WAF CAPTCHA Challenge for Azure Front Door
Azure Front Door now offers General Availability of a CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) challenge within Azure Web Application Firewall (WAF). This feature adds an adaptive, interactive layer to existing defenses—such as IP blocking and rate limiting—to distinguish legitimate users from automated traffic in real time. By verifying human interaction before granting access, the CAPTCHA challenge strengthens bot mitigation strategies and helps organizations protect web applications from scrapers, brute-force attempts, and other automated attacks.
High Scale Private Endpoints
Microsoft has introduced High Scale Private Endpoints (HSPE) to raise Azure Private Endpoint (PE) limits within a single Azure Virtual Network (VNet). Previously, VNets were capped at 1,000 private endpoints, and attempts to exceed that threshold triggered a PrivateEndpointsPerVnetLimitReached error that required deleting endpoints or opening a support request. With HSPE enabled, organizations can deploy up to 5,000 private endpoints in one VNet. Microsoft also recommends keeping the cumulative total across peered VNets to 4,000 to avoid potential connectivity issues; upgrading to HSPE lifts the cross-peering guideline to 20,000 endpoints. In addition, Azure Virtual Network Manager (AVNM) support for HSPE in mesh (connected groups) is now generally available, allowing enterprises to scale private connectivity across large, interconnected topologies with minimal complexity.
Storage
Cloud-to-Cloud migration made simple with Azure Storage Mover
Azure Storage Mover now offers a generally available Amazon Web Services (AWS) Simple Storage Service (S3) to Azure Blob Storage migration path, enabling direct, secure, and scalable cloud-to-cloud data transfers. As a fully managed service, it removes infrastructure overhead while delivering high, parallelized throughput for large datasets across regions or storage accounts. For cloud-to-cloud scenarios, no on-premises agent is required, simplifying setup and operations. Customers can automate end-to-end migrations in the Azure portal and gain real-time visibility into job status, eliminating the need for manual pipelines or third-party tooling.
Azure Storage Mover support for NFS source to Azure File Share (NFS 4.1) target
Azure Storage Mover now supports migrating Network File System (NFS) shares directly to Azure File Shares using NFS 4.1. The fully managed service enables organizations to move on-premises files and folders to Azure Storage with minimal downtime, leveraging just-in-time permission setting and Azure Key Vault to keep data protected end-to-end. In addition to the generally available capabilities—such as migrating from an on-premises NFS share to an Azure Blob container and from Server Message Block (SMB) sources to Azure File Shares or Azure Blob containers—this update adds NFS source to Azure File Shares (NFS 4.1) as a supported target, expanding options for secure and streamlined file migrations.
Instant Access Snapshots for Azure Premium SSD v2 and Ultra Disks (preview)
Microsoft has announced Public Preview of Instant Access Snapshots for Premium SSD v2 (Pv2) and Ultra Disks, enabling new disks to be restored immediately after a snapshot is created. Restored disks deliver full performance instantly while data hydration completes rapidly in the background. This capability accelerates common workflows such as taking instant backups before software updates for quick rollback, rapidly scaling stateful applications by cloning primary data for new instances (for example, adding read-only Microsoft SQL Server replicas), and performing fast, recurring refreshes of training or testing environments from production.
Azure Local
General
Microsoft named a Leader in the 2025 Gartner® Magic Quadrant™ for Distributed Hybrid Infrastructure
Microsoft has been recognized as a Leader in the 2025 Gartner Magic Quadrant for Distributed Hybrid Infrastructure for the third consecutive year. The recognition reflects Azure’s adaptive cloud approach, centered on Azure Arc and Azure Local, which brings the cloud operating model to datacenters, edge, multicloud, and sovereign environments. Azure Arc extends Azure management and governance—via Azure Resource Manager—to any infrastructure and enables services such as Azure Kubernetes Service (AKS), Microsoft Defender for Cloud, Azure IoT Operations, and Azure AI Video Indexer. Azure Local builds on Azure Arc to run cloud-native workloads, including virtual machines and Arc-enabled AKS, in customer-owned environments while supporting Microsoft’s Sovereign Private Cloud strategy. Together, these capabilities provide unified governance, security, and management across distributed estates, helping organizations innovate, remain secure, and scale with confidence.
Azure Local 2510 release
Microsoft has released Azure Local 2510, a milestone update that resolves 437 bugs and delivers multiple features aimed at improving performance, resilience, and operational efficiency. The release expands upgrade eligibility (11.2510/23H2 to 12.2510/24H2) for all customers without opt-in, and advances partner lifecycle consistency through SBE 5.0 support in the 2-Tier Program, raising the bar on capabilities like download, health checks, threat modeling, and custom Cluster-Aware Updating (CAU) plugins.
Ability to inject Hotfix during Deploy
The 2510 release adds the ability to inject hotfixes into deployment packages, allowing post-release fixes to be applied as part of a fresh deploy. This shortens time-to-resolution, reduces repeat incidents across customers, and lowers support overhead. Microsoft has already scheduled two hotfix waves for 2510 to improve reliability across deployment and upgrade paths.
Deployment using Local Identity (preview)
Azure Local now supports “AD-less” deployment using local identities. This approach reduces external dependencies for edge scenarios by using local accounts to set up the cluster. Node-to-node communications authenticate via certificates, while sensitive node secrets such as BitLocker keys are stored securely in Azure Key Vault, simplifying initial rollout without sacrificing security.
Enable upgrade to 12.2510 (24H2)
Beginning with this release, customers running solution version 11.2510 (23H2) can upgrade directly to 12.2510 (24H2). The broadened availability removes prior opt-in requirements, streamlining planning and enabling faster access to new capabilities.
SBE 5.0 support for 2-Tier Program
Azure Local 2510 introduces support for SBE 5.0 packages across both tiers of the program. By requiring all tiers—not only premier solutions—to meet key SBE capabilities (download, health checks, threat modeling, and custom CAU plugins), the release standardizes and strengthens lifecycle management, delivering a consistent, secure, and scalable experience.
Compute
Rack Aware Cluster (preview)
Rack-aware clustering enables customers to define local availability zones that map to physical racks within their datacenter. By spreading roles and data across rack boundaries, the feature increases fault tolerance and reduces the risk of downtime or data loss from a single rack failure.
Trusted Virtual Machine Guest Attestation (preview)
Trusted VM Guest Attestation allows customers to verify that a VM boots into a known-good state by validating the integrity of the full boot chain—including firmware, boot loader, and drivers. This preview enhances supply-chain and platform trust by detecting unexpected changes before workloads run.
KMSv2 encryption for AKS-HCI clusters
KMS v2 replaces the deprecated KMS v1 (in Kubernetes v1.28) and is enabled by default for new AKS-HCI clusters. The change improves security posture and operational continuity for edge environments with no workload disruption during cluster creation, while providing automatic key rotation and stronger compliance readiness.
Kubernetes v1.32 support on AKS Arc
Azure Local 2510 enables deployment of AKS Arc clusters running Kubernetes v1.32. The update delivers the latest upstream capabilities and performance improvements, helping customers maintain feature parity and modern security baselines across Arc-managed Kubernetes estates.
Networking
Software Defined Network with Network Security Groups
Software Defined Network (SDN) with Network Security Groups (NSGs) is now generally available for Azure Local. Customers can create and manage NSGs and granular security rules for Azure Local virtual machines, enabling improved segmentation, consistent policy enforcement, and defense-in-depth across on-premises deployments.
Conclusion
Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Local. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.
