Once again this month, I’m back with my recurring series focused on the evolution of Azure management and security services, with a special focus on hybrid and multicloud scenarios enabled by Azure Arc and enhanced by the use of Artificial Intelligence.

This monthly series aims to:

• Provide an overview of the most relevant updates released by Microsoft;

• Share operational tips and field-proven best practices to help architects and IT leaders manage complex and distributed environments more effectively;

• Follow the evolution towards a centralized, proactive, and AI-driven management model, in line with Microsoft’s vision of AI-powered Management.

The main areas addressed in this series, together with the corresponding tools and services, are described in this article.

Hybrid and multicloud environment management

Azure Arc

Microsoft recognized as a Leader in the 2025 Gartner® Magic Quadrant™ for Distributed Hybrid Infrastructure

Microsoft has once again been recognized as a Leader in the 2025 Gartner® Magic Quadrant™ for Distributed Hybrid Infrastructure, for the third consecutive year, confirming the value delivered in running workloads across hybrid, edge, multicloud, and sovereign scenarios with Azure. At the heart of this result is Azure’s adaptive cloud approach, built on Azure Arc and Azure Local: the former extends Azure controls—through Azure Resource Manager—to on-premises, edge, and multicloud environments, enabling services such as Azure Kubernetes Service (AKS, Azure Kubernetes Service), Microsoft Defender for Cloud, Azure IoT Operations, and Azure AI Video Indexer; the latter brings Azure services and management into customer-owned environments, allowing local execution of cloud-native workloads, including virtual machines and Arc-enabled AKS clusters, and supporting the Sovereign Private Cloud strategy for isolated and compliant operations while maintaining consistency with Azure.

Firmware analysis enabled by Azure Arc

The firmware analysis capability enabled by Azure Arc is now available. The service provides deep visibility into the software powering Internet of Things (IoT, Internet of Things)/Operational Technology (OT, Operational Technology) devices and network appliances—systems often treated as “black boxes” with limited transparency into their security posture.
Users upload the device’s firmware image and receive a detailed report generated by automated security analysis, useful for identifying vulnerabilities, outdated components, and compliance risks in hybrid and multicloud environments governed with Arc.

Security posture across hybrid and multicloud infrastructures

Microsoft Defender for Cloud

New features, bug fixes, and deprecated features of Microsoft Defender for Cloud

The development of Microsoft Defender for Cloud is constantly evolving, with continuous improvements being introduced. To stay updated on the latest developments, Microsoft updates this page, which provides information on new features, bug fixes, and deprecated features. Specifically, this month’s main news includes:

• Outbound network requirements update for Microsoft Defender for Containers: Microsoft has updated the outbound network requirements for the Microsoft Defender for Containers sensor. The change affects all subscriptions using the sensor. Effective immediately, the sensor must be able to reach the Fully Qualified Domain Name (FQDN, Fully Qualified Domain Name) *.cloud.defender.microsoft.com on port 443 over the HTTPS protocol. It is recommended to add this FQDN (and related port) to your outbound restriction mechanisms—such as proxies or firewalls. If egress traffic from clusters is not blocked, no changes are required. To validate connectivity to Defender for Containers endpoints, you can run the dedicated test script from the cluster. To avoid service disruptions, any changes on Google Kubernetes Engine (GKE, Google Kubernetes Engine) and Elastic Kubernetes Service (EKS, Elastic Kubernetes Service) must be completed by September 30, 2026; otherwise, the sensor may not function as expected.
• Microsoft Defender for Cloud: new permission for the GitHub connector (October 23, 2025). Microsoft Defender for Cloud is updating its GitHub connector to require the new artifact_metadata:write permission, needed to enable artifact attestation capabilities that ensure verifiable build provenance and strengthen software supply-chain security. The permission has a limited scope, aligned with the principle of least privilege, to facilitate swift and targeted approvals.

Backup & Resilience

Azure Backup

Vaulted Backup for Azure Data Lake Storage (preview)

Public Preview is available for Vaulted Backup for Azure Data Lake Storage (ADLS, Azure Data Lake Storage), extending in-vault protection to this service as well. The solution maintains an independent copy isolated from the source account to ensure business continuity and compliance, with restores to original or alternate accounts even in cases of accidental deletions, insider threats, or ransomware.
The solution includes flexible scheduling (daily/weekly and on-demand), long-term retention up to 10 years, and a security-first design with soft delete, immutability, encryption, and multi-user authorization to protect data in the vault.

Azure Site Recovery

Azure Site Recovery: support for Ultra Disks on virtual machines

Microsoft announces General Availability of support in Azure Site Recovery (ASR, Azure Site Recovery) for virtual machines with Ultra Disks, enabling organizations of any size to replicate, fail over, and fail back across Azure regions with minimal impact on production performance. The solution offers automated recovery orchestration, cost-optimized replication, and non-disruptive testing, helping companies increase operational resilience, meet compliance requirements, and minimize downtime. With this release, teams can reliably extend enterprise-grade protection and continuity to workloads using Ultra Disks. Ultra Disks are the highest-performance block storage option for Azure VMs, with consistent sub-millisecond latency and extremely high performance; they are therefore ideal for a broad range of mission-critical workloads, such as SAP High-Performance Analytic Appliance (HANA, High-Performance Analytic Appliance), high-end databases, and highly transactional systems that demand maximum performance.

Monitoring

Azure Monitor

Retirement of legacy authentication in Azure Monitor – Container Insights (deadline: September 30, 2026)

Microsoft will retire legacy authentication in Azure Monitor – Container Insights starting September 30, 2026. The model is being replaced by authentication via Managed Identity, which is more modern and secure and also enables capabilities not previously available, such as Syslog collection and High Scale mode.
Customers must migrate to Managed Identity by the specified date: the transition can be easily performed from the Azure portal or via CLI/PowerShell, along with bulk migration scripts provided in the official guidance.

Conclusions

The October 2025 updates outline a consistent path in the maturation of Azure’s adaptive cloud, where Azure Arc and Azure Local uniformly extend control and operational consistency across datacenters, edge, and multicloud. Microsoft’s recognition as a Leader in the 2025 Gartner® Magic Quadrant™ for Distributed Hybrid Infrastructure confirms this trajectory, highlighting an ecosystem capable of uniting governance, security, and data sovereignty. Within this framework, Arc-enabled firmware analysis introduces transparency into traditionally opaque IoT/OT domains; updates to Microsoft Defender for Cloud and Defender for Containers strengthen supply-chain integrity and security posture; Vaulted Backup for Azure Data Lake Storage (preview) expands protection options with isolated copies and extended retention; ASR support for Ultra Disks extends operational continuity to the most demanding workloads; and the evolution of Azure Monitor – Container Insights toward Managed Identity marks a further step toward more robust authentication models. Overall, a platform emerges that natively and distributively integrates management, protection, and observability, promoting shared standards and reducing friction across heterogeneous environments.

Please follow and like us: