This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Local, as officially released by Microsoft in the past two weeks.
Azure
Networking
Microsoft HTTP DDoS Ruleset for Azure WAF on Azure Front Door Premium (preview)
The Microsoft HTTP DDoS Ruleset for Azure Web Application Firewall (WAF) on Azure Front Door Premium is now available in Public Preview. This ruleset introduces automated and adaptive Layer 7 protection against HTTP-layer Distributed Denial of Service (DDoS) attacks, which remain a common cause of application downtime. Once assigned to an Azure Front Door profile, the ruleset continuously learns normal traffic patterns at both the profile and per-client level, then uses dynamic thresholds and sensitivity settings to detect attack surges and selectively block offending clients with minimal manual tuning. The ruleset includes two core protections: one targeting high-rate client anomalies and another focused on suspected bots, using Microsoft Threat Intelligence to improve detection and mitigation.
Cross-region IPAM pool association in Azure Virtual Network Manager
Cross-region IP Address Management (IPAM) pool association in Azure Virtual Network Manager is now Generally Available (GA). This capability allows customers to associate a single IPAM pool with virtual networks across multiple Azure regions, helping centralize address planning and reduce configuration complexity in global environments. Instead of creating and maintaining separate pools for each region, organizations can use one multi-region IPAM pool to apply consistent Classless Inter-Domain Routing (CIDR) allocation policies across regions, while still defining regional restrictions when needed. Existing single-region IPAM pools continue to work without required changes, preserving backward compatibility while enabling stronger governance and lower operational overhead for large-scale Azure deployments.
Storage
Azure NetApp Files advanced ransomware protection
Azure NetApp Files advanced ransomware protection (ANF ARP) is now Generally Available (GA) in all Azure NetApp Files regions. This capability is designed to help organizations proactively detect, respond to, and recover from ransomware threats affecting cloud volumes. ANF ARP monitors Azure NetApp Files volumes for suspicious activity by analyzing signals such as file extension profiling, entropy, and Input/Output Operations Per Second (IOPS) patterns. When a potential threat is detected, the system creates a point-in-time snapshot to support rapid evaluation and recovery. Notifications are sent through the Azure Activity Log, and attack reports are retained for 30 days. Microsoft notes that there is no specific additional charge for ANF ARP, although customers should review sizing considerations before enabling the feature.
Elastic SAN CRC Protection
Azure Elastic SAN now generally supports CRC-32C checksum verification, enabling stronger data integrity validation when the feature is enabled on the client side for connections to Elastic SAN volumes. Azure Elastic SAN also allows this protection to be enforced through a property configured at the volume group level, with all volumes in that group inheriting the setting. When enabled, Elastic SAN rejects any client connection to volumes in that group if CRC-32C is not configured for header or data digests on the connection. When the property is disabled, checksum verification still depends on whether CRC-32C is enabled on the client, but Elastic SAN does not reject connections. This feature can be enabled either when creating a new Elastic SAN or on an existing deployment.
Capacity Autoscaling for Elastic SAN
Capacity Autoscaling for Elastic SAN is now Generally Available (GA), allowing customers to automatically expand SAN capacity based on actual usage instead of relying on manual provisioning or static overprovisioning strategies. With autoscaling policies, organizations can define scaling increments to improve predictability and maintain greater control over costs as capacity grows. This capability is particularly valuable in scenarios involving rapid business growth or unexpected usage spikes, where storage demand can increase quickly and manual capacity management may become operationally inefficient.
Connect to Azure Elastic SAN from Windows VM via VM Extension
Azure Elastic SAN now supports volume connectivity for Windows Virtual Machines (VMs) using the Elastic SAN VM extension directly from the Azure portal. This capability allows customers to connect Elastic SAN volumes during VM deployment, simplifying the configuration process and reducing the need for manual post-deployment setup. By integrating Elastic SAN connectivity into the deployment workflow, Microsoft makes it easier to adopt Elastic SAN for workloads that require scalable block storage attached to Windows virtual machines.
Azure Local
Azure Local 2604 expands to sovereign-scale and disaggregated infrastructure
With the 2604 release, Azure Local introduces a major platform evolution for sovereign private cloud, edge, and enterprise-scale infrastructure scenarios. Identified as version 12.2604.1003.209, the April 2026 update brings general reliability improvements and bug fixes, together with significant enhancements across deployment architecture, storage integration, identity, update control, performance, virtualization, GPU acceleration, and portal management experiences.
The most significant infrastructure enhancement is the General Availability (GA) of disaggregated Azure Local deployments with Storage Area Network (SAN) storage. This enables compute and storage to be deployed and scaled independently, extending Azure Local beyond single-node and traditional hyperconverged architectures while preserving an Azure-consistent management and operational experience. Customers can adopt SAN-only or hybrid architectures, attach external SAN devices via Fibre Channel (FC), and reuse existing enterprise storage investments without replacing their storage estates. iSCSI support is planned for a future release. This architecture allows Azure Local clusters to scale from single-node edge deployments to multi-rack environments beyond 16 nodes, addressing sovereign private cloud, government, defense, regulated industries, and other large-scale infrastructure scenarios. It also supports workloads with massive storage requirements, including virtual machines, Kubernetes environments, and Azure Virtual Desktop. Azure Local can now coexist with both Storage Spaces Direct volumes and external SAN volumes, with ecosystem support from partners such as DataON, Dell Technologies, Everpure, HPE, Hitachi Vantara, Lenovo, and NetApp.
From version 2604 onward, all new and existing Azure Local deployments run the updated OS version 26100.32690, available from the Azure portal. Customers must use drivers compatible with OS version 26100.32690 or Windows Server 2025. For Integrated System or Premier solution hardware from the Azure Local Catalog, the OS remains preinstalled, and Microsoft recommends working with the Original Equipment Manufacturer (OEM) to obtain compatible OS images and drivers. This build also uses .NET 8.0.26 and .NET 10.0.6 for both .NET Runtime and ASP.NET Core.
For Azure Kubernetes Service (AKS) enabled by Azure Arc, Azure Local 2604 continues to support Kubernetes versions 1.31.12, 1.31.13, 1.32.8, 1.32.9, 1.33.4, and 1.33.5, while Kubernetes 1.30 is no longer supported. Microsoft also notes that Key Management Service (KMS) v1 will be deprecated soon and that KMS v2 is included in this Azure Local release. Customers should therefore plan cluster redeployment using KMS v2 and ensure AKS clusters are running a supported Kubernetes version before upgrading Azure Local.
Another important enhancement is the General Availability of Local Identity with Azure Key Vault, which allows Azure Local to be provisioned without infrastructure dependencies on Microsoft Active Directory. This simplifies deployments in disconnected, air-gapped, edge, and regulated environments by reducing the need for additional domain controller infrastructure and complex firewall configurations. The release also adds support for domain join prior to deployment and introduces new controls to manage how updates are applied to Azure Local.
Deployment and lifecycle operations have been optimized as well. Validation time is reduced by up to 50%, validation can resume from the point of failure within a three-hour window, and deployment duration is now more consistent for clusters of up to eight nodes, with an overall deployment time reduction of up to 40%. These improvements help accelerate both initial deployment and ongoing update workflows.
On the resiliency and virtualization side, rack-aware clustering now supports deployments that use Local Identity with Azure Key Vault, combining simplified identity requirements with the high availability needed in industries such as manufacturing, energy, and other distributed environments. GPU acceleration for Azure Local virtual machines is now Generally Available, enabling administrators to attach or detach full Graphics Processing Units (GPUs) through Discrete Device Assignment (DDA) or GPU partitions (GPU-P) during VM creation or as a Day-2 operation through the Azure CLI or Azure portal. VM restart operations have also been improved with graceful restart by default, meaning Azure Local VM restart operations now perform a graceful shutdown unless explicitly bypassed.
The Azure portal experience has also been enhanced. Administrators can now create new data disks at the cluster level with a richer disk overview experience, benefit from usability improvements across disk management workflows, and attach existing disks directly from the Azure Local VM view. Azure Marketplace image navigation has been improved by moving image selection to a full-page experience when creating a new VM image. Finally, Azure Local now supports enabling or disabling Software Defined Networking (SDN) management per network interface, giving administrators more granular control over network interface behavior.
Microsoft also notes that pricing for multi-rack and sovereign-scale deployments is being introduced as part of this release. Customers interested in large-scale or sovereign Azure Local scenarios should work with their Microsoft account team to understand pricing, configuration options, and early access programs.
Conclusion
Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Local. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.
