This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Local, as officially released by Microsoft in the past two weeks.
Azure
General
Multiparty private offers in Microsoft Marketplace expand to 30 countries in Europe
Multiparty private offers in Microsoft Marketplace have expanded to 30 countries in Europe, giving Microsoft partners a broader way to procure third-party cloud and Artificial Intelligence (AI) solutions for customers through Marketplace. This capability allows software companies to expand into new markets by collaborating with partners that already have established customer relationships, while customers can continue working through their trusted partners for software and services procurement.
Networking
Application Gateway for Containers service mesh integration with Istio
Application Gateway for Containers service mesh integration with Istio is now Generally Available (GA). This capability simplifies secure north-south traffic into workloads running in an Istio service mesh by automating mutual Transport Layer Security (mTLS) connectivity between Application Gateway for Containers and mesh-enabled services. With this release, customers can use the integration with both upstream open-source Istio and the Istio-based service mesh add-on for Azure Kubernetes Service (AKS), giving teams flexibility to adopt a managed AKS experience while using Application Gateway for Containers as a single ingress path for services inside and outside the mesh. The integration also helps reduce operational overhead by simplifying ingress configuration, avoiding repetitive mTLS definitions, and automating certificate trust and rotation for secure communication with mesh workloads.
User Groups and IP address pools for P2S connections
User Groups and IP address pools for Point-to-Site (P2S) connections in Azure VPN Gateway are now Generally Available (GA). This capability allows customers to assign distinct IP address pools to remote users based on their credentials, enabling more granular segmentation and access control for Azure workloads. User groups within a VPN Gateway can be defined based on Microsoft Entra ID group membership, certificate common name domains, or custom RADIUS attributes. By assigning unique IP address ranges to different user groups, organizations can strengthen security, apply more targeted policies, and simplify access segmentation for remote users.
Summarized advertised gateway prefixes for route advertisement (preview)
Summarized advertised gateway prefixes for route advertisement are now available in Public Preview, allowing customers to define summarized prefixes that Azure gateways—such as ExpressRoute and VPN Gateway—advertise to on-premises networks instead of advertising all individual virtual network and spoke prefixes. This capability helps reduce the number of routes advertised to on-premises environments, simplifies route management in large hub-and-spoke architectures, and improves scalability for hybrid networking scenarios.
Site-to-site VPN connections with certificate authentication
Azure Site-to-Site VPN with digital certificate authentication is now Generally Available (GA). This capability provides an alternative to traditional pre-shared key (PSK) authentication by allowing Azure VPN Gateway and the on-premises VPN device to authenticate each other using certificates. Certificate-based authentication helps improve security and reduce operational risk compared with shared secrets, making site-to-site VPN connectivity easier to secure and govern.
Azure Virtual Network updates: default limits increased for NSGs and route tables
Azure Virtual Network has increased the default platform limits for Network Security Groups (NSGs) and route tables. The new defaults are 2,000 security rules per NSG, 6,000 addresses or ports per NSG rule, 1,000 routes per route table, and 600 route tables per subscription. These higher default limits help customers operate larger and more complex network environments with fewer limit-related constraints, especially in enterprise-scale hub-and-spoke architectures and heavily segmented deployments.
Network Watcher rule impact analyzer
Azure Network Watcher rule impact analyzer is now Generally Available (GA), enabling customers to assess the potential impact of Network Security Group (NSG) or security admin rule changes on live network traffic before applying them. This capability helps validate planned network security changes, reduce configuration risk, and avoid unintended disruptions caused by rule updates.
Azure Front Door WebSocket
Azure Front Door Standard and Premium now support WebSocket in Generally Available (GA). WebSocket is enabled by default and requires no additional configuration on Azure Front Door. This capability enables full-duplex communication between a server and a client over a long-running connection, supporting real-time application scenarios such as live dashboards, collaboration tools, messaging platforms, and interactive web applications.
Azure Virtual Network Manager integration with Virtual WAN (preview)
Azure Virtual Network Manager integration with Azure Virtual WAN is now available in Public Preview, enabling customers to use an Azure Virtual WAN hub as the hub in Azure Virtual Network Manager hub-and-spoke connectivity configurations. This integration combines Azure Virtual Network Manager’s at-scale network management capabilities with Virtual WAN’s managed routing, security, and hybrid connectivity. With this capability, organizations can automatically connect hundreds of spoke virtual networks to a Virtual WAN hub using network groups and connectivity configurations, reducing the need to manually create and manage individual Virtual WAN virtual network connections. Customers can also apply consistent routing configuration through Virtual WAN connection policies, use dynamic group membership to onboard new spokes automatically, and optionally enable direct connectivity mesh between spokes for low-latency east-west traffic while preserving existing Virtual WAN routing intent, firewall integration, and on-premises connectivity.
Virtual network flow logs connector with Microsoft Sentinel
The Virtual Network flow logs connector with Microsoft Sentinel is now Generally Available (GA). This integration enables customers to export and analyze Azure virtual network traffic data directly within Microsoft Sentinel, bringing network-level visibility into security operations workflows. By ingesting virtual network flow logs into Sentinel, security teams can correlate traffic insights with other security signals, improve investigation capabilities, and strengthen detection and response scenarios across Azure network environments.
Storage
Entra-only identities with Azure Files
Azure Files now generally supports Microsoft Entra-only identities for SMB access, enabling organizations to access file shares using cloud-native identities without requiring Active Directory or hybrid identity infrastructure. With Microsoft Entra ID as the authentication authority, users can access Azure Files through Kerberos-based authentication backed entirely by cloud identities, eliminating dependency on domain controllers and simplifying storage and identity architecture. This capability includes cloud-native authentication with Entra ID, granular NTFS Access Control List (ACL) configuration for Entra users and groups through the Azure portal, share-level Role-Based Access Control (RBAC), identity-based access over the internet without Virtual Private Network (VPN) dependencies, and support for modern scenarios such as Azure Virtual Desktop, general-purpose file sharing, and distributed collaboration.
Azure NetApp Files Object REST API
The Object REST API for Azure NetApp Files is now Generally Available (GA), providing an S3-compatible REST API that bridges traditional file-based storage with modern cloud services. This capability allows customers to integrate Azure NetApp Files data with services such as Microsoft Fabric, Azure AI services, and other Azure offerings without moving or replicating data. By enabling native S3-compatible read and write access, modern applications can interact directly with data stored in Azure NetApp Files, unlocking scenarios such as advanced analytics, machine learning, and real-time business intelligence. The feature helps organizations accelerate innovation while keeping data in place, reducing duplication, and maintaining the security controls provided by Azure NetApp Files.
Azure Storage Mover Blob-to-Blob migration
Azure Storage Mover now generally supports Blob container-to-Blob container data transfers, enabling customers to move data across Azure regions, subscriptions, and storage accounts through a fully managed migration experience. This capability provides agentless transfers with no infrastructure deployment required, supports large-scale parallel data movement optimized for high-throughput migrations, and includes integrated job management with progress tracking, resumability, and reliability controls. It also supports both flat namespace (FNS) and hierarchical namespace (HNS) accounts, making it suitable for enterprise-grade migrations involving large object counts, deep directory structures, and multi-GB/s transfer scenarios depending on workload and regional topology.
Schedule one-time or recurring migrations with Azure Storage Mover
Azure Storage Mover now supports built-in job scheduling, giving customers more control over when migrations run and making it easier to automate repeatable data transfers into Azure. Customers can configure jobs to start automatically at a specific date and time or schedule recurring runs to keep target storage synchronized with data from on-premises environments. In the Azure portal, schedules can be configured as no schedule, one-time, or recurring, with recurring options available for daily, weekly, and monthly frequencies. Scheduling helps reduce manual intervention and improve operational consistency for scenarios such as off-hours data movement, staged cutovers, and incremental synchronizations before final migration.
Azure NetApp Files cache volumes
Azure NetApp Files cache volumes are now Generally Available (GA). Cache volumes provide cloud-based caches of external origin volumes and contain only the most actively accessed data, bringing data and files closer to users for faster throughput with a smaller storage footprint. This capability simplifies file distribution, reduces Wide Area Network (WAN) latency, and can lower WAN or ExpressRoute bandwidth costs, making it useful for distributed environments and workloads that require faster access to frequently used data.
Mock runs for Azure Storage Actions
Azure Storage Actions now supports mock runs in Generally Available (GA), allowing customers to simulate task execution at full scale without modifying production data. Azure Storage Actions is a fully managed platform for automating data management tasks across Azure Blob Storage and Azure Data Lake Storage. With mock runs, organizations can validate task configurations, estimate the impact of planned actions, and identify potential issues before applying changes to production storage data.
Azure Local
Features and improvements in 2605
Microsoft has released the May 2026 update for hyperconverged deployments of Azure Local, identified as version 12.2605.1003.210. This release includes general reliability improvements and bug fixes, together with updates to the underlying operating system and runtime components. In the 2605 release, all new and existing Azure Local deployments run the updated OS version 26100.32860, available for download from the Azure portal, and customers must ensure that they use a driver compatible with OS version 26100.32860 or Windows Server 2025. For Integrated System or Premier solution hardware from the Azure Local Catalog, the OS remains preinstalled, and Microsoft recommends working with the Original Equipment Manufacturer (OEM) to obtain a compatible OS image and driver. This build also uses .NET 8.0.27 and .NET 10.0.8 for both .NET Runtime and ASP.NET Core. In addition, Azure Local now supports monitoring GPU metrics for GPUs configured using GPU Partitioning (GPU-P), improving visibility into GPU resource usage and supporting better operational monitoring for GPU-accelerated workloads on Azure Local.
Conclusion
Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Local. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.
