This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Local, as officially released by Microsoft in the past two weeks.
Azure
General
Microsoft Sovereign Cloud adds governance, productivity, and support for large AI models in fully disconnected environments
Microsoft has expanded Microsoft Sovereign Cloud capabilities to help organizations meet digital sovereignty requirements while maintaining governance, productivity, and AI innovation even in fully disconnected scenarios. The update introduces a “Sovereign Private Cloud” stack that unifies Azure Local, Microsoft 365 Local, and Foundry Local across connected, intermittently connected, and air-gapped environments, enabling consistent policy enforcement and operational continuity within strict sovereign boundaries. Key additions include Azure Local disconnected operations (now available) to run and govern mission-critical infrastructure without cloud connectivity, Microsoft 365 Local disconnected (now available) to keep core productivity services—such as Exchange Server, SharePoint Server, and Skype for Business Server—running entirely inside the customer’s boundary, and Foundry Local enhancements that add modern infrastructure support and enable large, multimodal AI models to run locally on customer-owned hardware (including partner platforms such as NVIDIA) for in-boundary inferencing and APIs without external dependencies.
Compute
DCesv6, DCedsv6, ECesv6, and ECedsv6 confidential VMs
The DCesv6, DCedsv6, ECesv6, and ECedsv6 series are Azure’s next generation of confidential virtual machines (VMs), built on 5th Gen Intel® Xeon® processors with Intel® Trust Domain Extensions (Intel® TDX). Available now for production deployments, these VM families target both general-purpose scenarios (DCesv6, DCedsv6) and memory-optimized workloads (ECesv6, ECedsv6), helping organizations move highly sensitive workloads to the cloud with hardware-enforced isolation and without requiring application code changes. Microsoft positions this release as combining improved performance and scalability with confidential computing protections designed for security-critical enterprise workloads.
Networking
Draft & Deploy on Azure Firewall
Azure Firewall Policy now includes Draft & Deploy, a new capability that introduces a two-phase workflow to reduce deployment time and minimize disruption when updating firewall policies. Previously, any policy change could trigger a full deployment of both the policy and the attached firewall, often taking 2–4 minutes per update. With Draft & Deploy, users can collaboratively prepare multiple edits in a draft version cloned from the current policy without impacting the live environment, and then apply all changes in a single deployment, replacing the existing policy once the draft is finalized.
WAF Insights for Application Gateway (preview)
Application Gateway WAF Insights is now available in Public Preview, providing an interactive experience for exploring Web Application Firewall (WAF) logs and metrics directly within Azure Application Gateway. WAF Insights helps security and operations teams investigate blocked requests more quickly, analyze attack patterns, and drill into key details such as rule IDs and client IPs. With enhanced filters and visualizations, the capability is intended to improve troubleshooting efficiency, support faster identification of false positives, and streamline WAF policy tuning.
Conclusion
Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Local. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.
