This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Local, as officially released by Microsoft in the past two weeks.
Azure
General
Microsoft named a Leader in IDC MarketScape for Unified AI Governance Platforms
Microsoft has been named a Leader in the 2025–2026 IDC MarketScape: Worldwide Unified AI Governance Platforms vendor assessment (Doc #US53514825, December 2025), reflecting the growing need for centralized governance as organizations adopt generative and agentic AI across multicloud and hybrid environments. Microsoft positioned this recognition as validation of its focus on delivering enterprise-ready governance that balances innovation speed with trust, transparency, and compliance, especially as regulatory scrutiny and operational risk concerns increase. In Microsoft’s approach, governance is anchored to its Responsible AI standard and is operationalized through integrated capabilities spanning model lifecycle management, observability, security, and compliance. Microsoft highlighted Microsoft Foundry as a primary control point for model development, evaluation, deployment, and monitoring—supported by curated model catalogs, machine learning operations (MLOps), robust evaluation, and embedded content safety guardrails—while emphasizing deep security integration via Microsoft Purview for data governance and compliance, Microsoft Entra for agent identity and access controls, and Microsoft Defender for AI-specific posture management and runtime threat protection. Microsoft also noted that Microsoft Purview Compliance Manager supports automated alignment to a broad set of regulatory frameworks, reinforced by granular audit logging and automated documentation to strengthen governance and forensic readiness in regulated industries.
Networking
StandardV2 NAT Gateway with zone-redundancy and StandardV2 public IPs
The StandardV2 SKU for Azure NAT Gateway is now Generally Available (GA), providing enhanced resiliency, higher performance, and dual-stack connectivity at the same price point as the Standard SKU. Alongside this release, StandardV2 Public IP addresses and public IP prefixes are also now generally available. StandardV2 NAT Gateway requires StandardV2 public IPs and does not support Standard SKU public IPs. With StandardV2, outbound connectivity is improved through zone redundancy, which automatically preserves outbound access during a single availability zone failure in zone-enabled regions. The new SKU also doubles capacity versus Standard, delivering up to 100 Gbps throughput and 10 million packets per second, and introduces dual-stack capabilities by allowing attachment of up to 16 IPv6 and 16 IPv4 public IP addresses. In addition, flow logs provide IP-level traffic insights to support troubleshooting activities and compliance verification.
Storage
Azure File Sync now available in Israel Central
Azure File Sync is now available in the Israel Central region, bringing the service closer to organizations that require lower latency, improved performance, and support for local data residency requirements. Azure File Sync enables hybrid file services by tiering data from on-premises Windows Servers into Azure Files, supporting both migration scenarios and ongoing hybrid operations. This approach allows customers to retain the compatibility and performance characteristics of on-premises file servers while leveraging the scalability and operational model of Azure Files.
User delegation SAS for Azure Tables, Azure Files, and Azure Queues (preview)
User delegation Shared Access Signature (SAS) for Azure Tables, Azure Files, and Azure Queues is now available in Public Preview, extending a capability that is already generally available for Azure Blob Storage. User delegation SAS enables a more secure authorization approach than account SAS or service SAS by binding the SAS token to the delegating identity, enabling stronger governance and reduced key exposure. With this extension, customers can issue SAS tokens at multiple granularities—including the table, table entity, queue, queue entity, file container, and individual file level—where higher-scope tokens provide access to all entities within scope, and lower-scope tokens restrict access to the specific entity. Microsoft notes that there is no additional charge to use user delegation SAS, and billing follows the standard read/write transaction pricing for the underlying storage account type.
Azure Local
Features and improvements in 2601
Microsoft has released the January 2026 update for hyperconverged deployments of Azure Local, identified as version 12.2601.1002.38. This release includes general reliability improvements and bug fixes, and it also introduces notable enhancements across operating system alignment, portal visibility, VM operations, security posture, and lifecycle validation capabilities.
From 2601 onward, all new and existing Azure Local deployments run the updated OS version 26100.32230, which is available for download from the Azure portal. Deployments also require a driver compatible with OS version 26100.32230 (or Windows Server 2025). For Integrated System or Premier solution hardware sourced via the Azure Local Catalog, the OS is preinstalled, and Microsoft recommends working with the Original Equipment Manufacturer (OEM) to obtain a compatible OS image and driver. The build continues to use .NET 8.0.22 for both .NET Runtime and ASP.NET Core.
Operationally, the infrastructure logical network created during Azure Local deployment is now surfaced in the Azure portal, enabling administrators to review the infrastructure network configuration while also reducing the risk of accidental workload provisioning on a network reserved for Azure Local infrastructure. In addition, VM Connect for Azure Local VMs (preview) is introduced, allowing administrators to connect to Windows and Linux VMs even when network connectivity is unavailable or when the VM experiences boot failures. Disk manageability also improves with a new Unique ID property for data disks, aligning with the disk UniqueId exposed via PowerShell (Get-Disk).
On resiliency, rack aware clustering is now Generally Available (GA), enabling administrators to define local availability zones aligned to physical racks in the datacenter and improving cluster resilience against rack-level failures. Supportability is enhanced through diagnostics log collection directly from the Azure portal, removing the need to manually gather logs from individual nodes during support investigations.
For configuration control and drift management, the release adds a Drift Detection framework for Azure PowerShell modules and Azure Command-line Interface (CLI), continuously validating component-level state against an approved baseline and identifying version mismatches during deployment and runtime. Administrators can also manually trigger validation with the Invoke-AzStackHciVSRDriftDetectionValidation cmdlet to produce detailed drift reports.
Security posture also evolves in this release: Azure Local instances deployed prior to 2504 now transition from Static Root of Trust for Measurement (SRTM) to Dynamic Root of Trust for Measurement (DRTM), enabling stronger defenses against firmware-level attacks (with new deployments since 2504 already having DRTM enabled by default). Additionally, customers upgrading an existing deployment can apply the 26100.XXXX (24H2) security baseline using new cmdlets to align the post-upgrade security posture with newly deployed systems. Finally, the upgrade process includes a new pre-upgrade CredSSP validation check to ensure CredSSP is not disabled, reducing the risk of upgrade failures.
Conclusion
Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Local. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.
