This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Local, as officially released by Microsoft in the past two weeks.
Azure
Compute
Retirement: Azure VMware Solution AV36P and AV52 node retirement on June 30, 2029
Microsoft has announced the retirement of Azure VMware Solution (AVS) AV36P and AV52 nodes effective June 30, 2029. The company stated that existing Reserved Instance (RI) terms for AV36P and AV52 are not affected by this announcement, but customers should review their RI expiration timelines and plan the transition to newer AVS node types. To support this migration, Microsoft will offer AV36P and AV52 VMware Cloud Foundation (VCF) Bring Your Own License (BYOL) 3-year Reserved Instances until June 30, 2026, and 1-year Reserved Instances until June 30, 2028. All migrations away from AV36P and AV52—including Pay-As-You-Go subscriptions—must be completed by June 30, 2029. Microsoft also clarified that this change affects only AV36P and AV52 nodes, while AV48 and AV64 remain available with AVS VCF BYOL options. Customers are advised to move to a supported AVS node type before the end of their current AV36P or AV52 RI term and to use available AVS documentation and HCX migration guidance to plan the transition.
Networking
Default Rule Set 2.2 and updates to ruleset support policy
Microsoft is updating the managed ruleset support policy for Azure Web Application Firewall (WAF) following the general availability of Default Rule Set (DRS) 2.2 on Azure Application Gateway and Azure Front Door. Starting with DRS 2.2, Azure WAF will support the latest three managed ruleset versions at any given time (N, N-1, and N-2). When a new ruleset version is released, the version that becomes N-3 will enter a final one-year support period, during which it may receive only critical security updates if necessary. With the release of DRS 2.2, CRS 3.1 and CRS 3.0 in Azure Application Gateway, as well as DRS 1.2, DRS 1.1, and DRS 1.0 in Azure Front Door, have entered their final support year, which ends on February 26, 2027. Microsoft recommends that customers upgrade to a supported ruleset version to continue receiving full protection coverage, enhanced detections, and improvements aimed at reducing false positives.
Storage
Azure Storage Mover enables private data transfers from AWS S3 to Azure Blob (preview)
Azure Storage Mover now supports direct, private data transfers from Amazon Web Services (AWS) Simple Storage Service (S3) in a Virtual Private Cloud (VPC) to Azure Blob Storage in Public Preview. This capability enables organizations to migrate data securely without relying on manual pipelines or third-party tools, while also supporting automation through the Azure portal and providing real-time monitoring of migration jobs. Following the earlier general availability announcement for AWS-to-Azure transfers over public networks, this update extends Azure Storage Mover with private networking support to address stricter security and compliance requirements. Microsoft highlights automated and scalable workflows through centralized job orchestration and dashboards, secure and compliant transfers aligned with Azure governance frameworks, and faster modernization by making data available in Azure for analytics, AI, and other cloud innovation scenarios as soon as it arrives.
Entra ID-based access for Azure Blob Storage SFTP (preview)
Microsoft Entra ID-based access for Azure Blob Storage SFTP is now available in Public Preview, enabling users to connect securely to Azure Blob Storage over Secure File Transfer Protocol (SFTP) by using Microsoft Entra identities instead of creating and managing local user accounts. This capability also supports guest users through Entra External Identities, allowing organizations to collaborate more securely with partners and vendors. The new model introduces Single Sign-On (SSO) and Multi-Factor Authentication (MFA) support, enables the use of Conditional Access policies based on context such as location, device compliance, and risk, and aligns SFTP access with existing identity lifecycle processes so permissions can be updated or revoked automatically when users change roles or leave the organization. In addition, SFTP authorization integrates natively with Azure Role-Based Access Control (RBAC), Attribute-Based Access Control (ABAC), and Access Control Lists (ACLs), ensuring consistent permissions across SFTP, REST APIs, Azure CLI, and other Azure access methods.
Azure Local
Azure Local: Features and improvements in 2603
Microsoft has released the March 2026 update for hyperconverged deployments of Azure Local, identified as version 12.2603.1002.15. This release includes general reliability improvements and bug fixes, while also introducing updates across the operating system, Kubernetes support, GPU enablement, security readiness, and provisioning workflows. From 2603 onward, all new and existing Azure Local deployments run the updated OS version 26100.32522, available from the Azure portal, and customers must ensure they use a driver compatible with OS version 26100.32522 or Windows Server 2025. For Integrated System or Premier solution hardware purchased through the Azure Local Catalog, the OS remains preinstalled, and Microsoft recommends working with the Original Equipment Manufacturer (OEM) to obtain compatible OS images and drivers. The build also updates both .NET Runtime and ASP.NET Core to version 8.0.25.
For Azure Kubernetes Service (AKS) enabled by Azure Arc, this release supports Kubernetes versions 1.31.12, 1.31.13, 1.32.8, 1.32.9, 1.33.4, and 1.33.5, while Kubernetes 1.30 is no longer supported. Microsoft also notes that KMS v1 will be deprecated soon and that KMS v2 is included in this Azure Local release, so customers should plan to redeploy clusters by using KMS v2. In addition, support for the Windows Server 2019 SKU for node pools ends in March 2026, and administrators should verify that AKS clusters are on a supported Kubernetes version before upgrading Azure Local.
This release also introduces support for the NVIDIA RTX PRO 6000 Blackwell Server Edition GPU on Azure Local VMs and on AKS enabled by Azure Arc, enabling GPU-accelerated workloads on Azure Local with this new NVIDIA platform. On the security side, Microsoft has improved Secure Boot certificate readiness by adding built-in orchestration to deploy the new Secure Boot 2023 certificates, helping customers prepare for upcoming Secure Boot changes while reducing update risk. Finally, simplified machine provisioning is now available, allowing customers to install the operating system and register Azure Local machines together through a single streamlined workflow.
Conclusion
Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Local. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.
