Archivi categoria: Azure Hybrid Management & Security – 2025-2026

Azure Hybrid Management & Security: What’s New and Insights from the Field – May 2025

Once again this month, I’m back with my recurring series focused on the evolution of Azure management and security services, with a special focus on hybrid and multicloud scenarios enabled by Azure Arc and enhanced by the use of Artificial Intelligence.

This monthly series aims to:

  • Provide an overview of the most relevant updates released by Microsoft;

  • Share operational tips and field-proven best practices to help architects and IT leaders manage complex and distributed environments more effectively;

  • Follow the evolution towards a centralized, proactive, and AI-driven management model, in line with Microsoft’s vision of AI-powered Management.

The key areas we will cover in this series, along with the corresponding tools and services, include:

🔹 Hybrid and multicloud environment management – with Azure Arc, which extends policy, security, management, and automation capabilities to on-premises and multicloud resources.

🔹 AI and intelligent automation – enabled by Microsoft Copilot in Azure, AIOps capabilities, and predictive tools to streamline operations and support smarter decision-making.

🔹 Security posture across hybrid and multicloud infrastructures – using Microsoft Defender for Cloud and other native services for vulnerability management and advanced threat protection.

🔹 Governance and policy management – leveraging tools such as Azure Policy, Azure Cost Management, and Resource Graph to ensure control, standardization, and cost/resource optimization.

🔹 Update & Patching – through Azure Update Management, Azure Automation, and native patching capabilities across Azure Arc-enabled environments.

🔹 Backup & Resilience – using Azure Backup and Azure Site Recovery to ensure business continuity, data protection, and disaster recovery.

🔹 Monitoring – with tools like Azure Monitor, Log Analytics, and Application Insights for comprehensive visibility and effective troubleshooting.

Hybrid and multicloud environment management

Measure, manage, and reduce carbon emissions in Azure

Microsoft has announced the general availability of the carbon optimization feature in Azure, a native solution designed to help organizations measure, manage, and reduce the carbon emissions generated by their cloud workloads. Integrated directly into the Azure portal, this feature provides preconfigured dashboards and KPIs to monitor environmental impact over time. Emission data is available at the individual resource level, offering a high level of detail and the ability to identify concrete optimization opportunities. Role-Based Access Control (RBAC) ensures that only authorized users can view relevant information. Additionally, operational recommendations are provided to support both emission reduction and cost savings. This announcement reaffirms Microsoft’s commitment to supporting customers in achieving more sustainable cloud management by offering integrated tools for more environmentally conscious IT decisions. A significant step forward for organizations that prioritize these aspects.

AI and intelligent automation

Microsoft Copilot in Azure

GitHub Copilot for Azure: smarter, more integrated cloud development

GitHub Copilot for Azure is now generally available—a solution that revolutionizes cloud development through an AI assistant seamlessly integrated with Azure resources. Designed to simplify and accelerate developers’ work, this tool supports Infrastructure as Code (IaC) using languages such as Bicep and Terraform, helps proactively identify and resolve issues, and provides contextual recommendations to improve code quality in real time. Copilot proves to be a valuable ally for those designing resilient and modern architectures, transforming how code is written, distributed environments are managed, and new cloud skills are acquired. Its availability marks a concrete step toward adopting an AI-enhanced cloud management model.

AI-powered Investigation for troubleshooting in Azure Monitor (preview)

The AI-powered Investigation feature is now available in Public Preview in Azure Monitor, aimed at improving the troubleshooting experience and speeding up the detection and resolution of issues in applications and infrastructure. Artificial intelligence deeply analyzes telemetry collected by Azure Monitor—including metrics, logs, resource status, alerts, and application topology—to identify anomalies and suggest potential root causes and solutions. Analyses are personalized through direct interaction with the AI, making results more accurate and relevant. A new entity, called an “issue,” aggregates all information related to a problem, seamlessly integrating these capabilities into the alert management workflow. Currently available for Application Insights, this feature will soon expand to other resources.

Copilot in SQL Server Management Studio (preview)

The new Copilot integration in SQL Server Management Studio (SSMS) is also now in Public Preview. This AI assistant is designed to help developers and administrators write, modify, and troubleshoot T-SQL queries using natural language. Copilot leverages the database context to provide personalized responses based on the specific environment, covering areas such as maintenance, configuration, and database management—whether in the cloud or on-premises. This innovation is part of Microsoft’s broader journey toward increasingly intelligent and proactive management tools, powered by AI to boost productivity and reduce the complexity of day-to-day operations.

Security posture across hybrid and multicloud infrastructures

Microsoft Defender for Cloud

New features, bug fixes, and deprecated features of Microsoft Defender for Cloud

The development of Microsoft Defender for Cloud is constantly evolving, with continuous improvements being introduced. To stay updated on the latest developments, Microsoft updates this page, which provides information on new features, bug fixes, and deprecated features. Specifically, this month’s main news includes:

  • Active User (Public Preview): a new feature designed to help administrators quickly identify the most relevant users for each recommendation, based on recent control plane activity. For each recommendation, up to three active users are suggested at the resource, resource group, or subscription level. You can assign the recommendation, set a due date, and directly notify the assigned user, streamlining remediation workflows and reducing investigation time.
  • General Availability of Defender for AI Services: runtime protection is now available for Azure AI services, previously known as threat protection for AI workloads. This protection covers specific AI-related scenarios such as jailbreak attempts, wallet abuse, data exposure, and suspicious access patterns, leveraging signals from Microsoft Threat Intelligence and Azure AI Prompt Shields.
  • Security Copilot now GA in Defender for Cloud: the general availability of Microsoft Security Copilot enables faster risk response through AI-generated summaries, remediation suggestions, and automated notifications. Administrators can quickly summarize recommendations, generate remediation scripts, and delegate tasks via email, boosting the operational efficiency of security teams.
  • Data and AI Security Dashboard: the new dashboard provides a unified and centralized view for monitoring the security posture of data and AI resources. It includes capabilities such as sensitive data discovery, identification of active AI resources (including containers, datasets, and models), and highlighting critical issues based on high-severity recommendations, alerts, and attack paths.
  • Defender CSPM: Billing for MySQL and PostgreSQL Flexible Server starting June 2025: starting June 1, 2025, Microsoft will begin billing for Azure Database for MySQL Flexible Server and PostgreSQL Flexible Server workloads protected by Defender CSPM. No action is required from users, but monthly billing may change depending on the protected resources.
  • Customizable filters for malware scanning on upload in Defender for Storage: Microsoft Defender for Storage now officially supports customizable filters for on-upload malware scanning. Users can define exclusion rules based on blob path prefixes or suffixes, as well as blob size. This update allows non-critical or temporary files, such as logs or transient files, to be excluded from scanning—optimizing security processes and helping reduce operational costs.

Governance and policy management

Azure Cost Management

Advanced Exports in Cost Management

Advanced exports in Cost Management are now generally available across all Azure regions and clouds. This feature introduces significant improvements in how organizations can automate the analysis of cost and usage data. Key enhancements include an expanded set of exportable datasets (including price sheets, recommendations, and reservation details), new export formats (CSV with Gzip compression, Parquet with Snappy compression), and support for the FinOps Open Cost and Usage Specification (FOCUS) version 1.0. Organizations can now configure partitioned files, enable overwrites, retrieve historical data (up to thirteen months via the portal, seven years through the REST API), and export to storage accounts protected by firewalls or network policies. Schema versioning is also supported, ensuring compatibility with existing data pipelines. This update is extremely valuable for streamlining FinOps workflows, managing costs at scale, and aligning with enterprise security and compliance requirements.

Improvements to Purchase Details in Cost Management for MCA Customers (Preview)

By June, new preview features will enhance purchase details in Cost Management for customers under the Microsoft Customer Agreement (MCA). The improvements primarily focus on reserved instances (RIs), Azure savings plans (ASPs), and third-party purchases made through the Azure Marketplace. Users will be able to view the subscription ID associated with RIs and ASPs, simplifying showback and chargeback activities. Start and end dates will display the full duration of the offer, and cost data will be available in both the billing currency and US dollars, facilitating comparison with list prices. For monthly-billed offers, the pricingCurrency and costInPricingCurrency fields will show values for each installment. For Marketplace purchases completed through the Azure portal, tag support will be added, and fields such as the resource URI, subscription ID, and resource group name (where supported) will be visible. Additionally, the “Effective Price” field will be available, expressed in the pricing currency. Partner customers will also be able to view purchases and refunds at the subscription level, improving transparency in cost management.

Backup & Resilience

Azure Backup

Backup for Azure Database for PostgreSQL – Flexible Server

The Vaulted Backup feature for Azure Database for PostgreSQL – Flexible Server is now generally available and managed through Azure Backup. This solution offers scalable and secure backups with fully automated management via scheduled policies, eliminating the need for manual intervention. Key benefits include enhanced security through immutable vaults and role-based access controls, long-term retention (LTR) of up to 10 years to meet global regulatory requirements, and enterprise-level management via the Azure Business Continuity Center, which enables unified operations and governance of all protected resources from a single console. This is an ideal solution for businesses and developers who require operational continuity and regulatory compliance in critical environments.

GRS and CRR Support for Azure Backup with Premium SSD v2 Expanded to New Regions

Geo-Redundant Storage (GRS) and Cross-Region Restore (CRR) support in Azure Backup for virtual machines using Premium SSD v2 is now available in even more regions. Premium SSD v2 is a high-performance block storage solution that offers low latency, high IOPS, and high throughput at a cost-effective rate. With GRS and CRR, data can be protected from irreversible loss and restored on demand in a secondary region, making this functionality ideal for audit or disaster recovery scenarios. Newly supported regions include Brazil South, South Central US, North Central US, East US 2, Central US, UK West, UK South, Canada East, Canada Central, West US, West Central US, West US 2, Australia Southeast, and Australia East. A strategic solution for ensuring the resilience of critical workloads.

Azure Backup for Elastic SAN (Preview)

Microsoft has announced the public preview of Azure Backup support for Elastic SAN—a fully managed solution for protecting and restoring Elastic SAN volumes. This integration allows data to be safeguarded against accidental deletion, ransomware attacks, and application updates by exporting Elastic SAN volumes into incremental Managed Disk snapshots, independent of the lifecycle of the original volumes. The snapshots are stored using locally redundant storage (LRS) and support up to 450 recovery points with a backup frequency of up to every 24 hours. Currently, the feature is available only in select Azure regions and supports volumes up to 4 TiB. During this preview phase, long-term vault backups and hourly backups are not available. There is no Azure Backup Protected Instance cost, but standard rates apply for incremental snapshots. This marks an important step toward native, scalable protection of modern SAN environments hosted in Azure.

Monitoring

Azure Monitor

Cross-region replication for Log Analytics Workspace

Cross-region replication for Log Analytics Workspace is now generally available. This feature enhances the resilience of distributed monitoring environments by allowing administrators to enable a replica of the workspace in a secondary geographic region. Once activated, the replication enables simultaneous log ingestion in both regions, ensuring uninterrupted visibility through dashboards, alerts, and advanced solutions like Microsoft Sentinel—even in the event of a regional outage. This represents a significant advancement in business continuity management for critical or geographically distributed environments.

Increased record limit per query in Log Analytics to 100,000

Azure Monitor Log Analytics has increased the record limit per query in the UI to 100,000, up from the previous limit of 30,000. This enhancement enables deeper analysis and more detailed investigations directly within the Azure portal, without the need for external tools to process large volumes of data. To enable this option, simply select “Max. limit” from the “Show” menu in the Logs interface or set it as the default value. Microsoft is actively monitoring usage and performance to assess future extensions. For even larger-scale analysis, exports of up to 500,000 records via API remain available.

Managed Prometheus visualizations and enhanced monitoring for AKS

Managed Prometheus-based visualizations in Azure Monitor are now generally available, offering a unified and enhanced monitoring experience for Azure Kubernetes Service (AKS). This update allows users to centralize all critical information for AKS cluster management in a single view, overcoming the limitations of previous Log Analytics-based dashboards. With integrated managed Prometheus, customers benefit from a more cost-effective and responsive observability solution. Key capabilities include: cost optimization by migrating from Log Analytics to Prometheus, improved query performance, integration with recommended Prometheus-based alerts, visibility into control plane components for deeper diagnostics, and an optimized multi-cluster view for large-scale monitoring. A significant step forward for managing containerized environments in Azure.

Recommended Prometheus alerts now available for AKS cluster

Recommended community Prometheus alerts are now directly available for Azure Kubernetes Service (AKS) clusters through the Azure portal. This feature significantly simplifies monitoring management by eliminating the need to download templates or use command-line tools. The predefined alerts provide comprehensive coverage across all layers of the cluster—infrastructure, nodes, and pods. The goal is to deliver a powerful tool for timely anomaly detection, simplified diagnostics, and enhanced reliability for containerized applications. Integration with managed Prometheus metrics further strengthens Microsoft’s strategy for centralized, proactive, and cloud-native operations management.

Simple Log Alerts in Azure Monitor (Preview)

As of May, the new Simple Log Alerts feature in Azure Monitor is available in Public Preview. Designed to simplify alert creation and improve event detection timeliness, this feature differs from Log Search-based alerts, which evaluate sets of rows over a time window. Simple Log Alerts evaluate each row individually, enabling near real-time notifications. With simplified use of KQL, alerts can be defined quickly and intuitively. This solution also supports log tiers previously excluded from alerting, such as Basic Logs and Analytics. The pricing model is similar to traditional alerts, with minute-based evaluation billing. This is a particularly useful feature in operational scenarios that require fast and granular responses.

Prometheus Community Recommended Alerts for Arc-enabled Kubernetes Clusters (Preview)

In Public Preview, one-click activation of Prometheus community recommended alerts is now available for Kubernetes clusters managed via Azure Arc. Accessible directly from the Azure portal, these alerts provide comprehensive coverage for cluster, node, and pod metrics, based on community-refined Prometheus rules. Previously, enabling these alerts required manual operations via CLI and templates. To activate them, the Azure Monitor managed service for Prometheus must be enabled on the cluster.

Managed Prometheus for Arc-enabled Kubernetes Clusters in Azure Monitor (Preview)

A new Azure Monitor feature is now in Public Preview, allowing telemetry data visualization for Arc-enabled Kubernetes clusters using Managed Prometheus. This integration offers a more performant and cost-effective alternative to collecting metric data via Log Analytics. With this update, customers can: reduce costs by migrating to Prometheus-managed metrics, improve query performance, adopt preconfigured Prometheus-based alert rules, and centrally monitor multiple clusters at scale. This marks an important evolution for managing distributed containerized environments, simplifying monitoring while maintaining high levels of control and resource optimization.

Granular RBAC in Log Analytics Workspaces (Preview)

A new feature in Public Preview enables more granular access control in Azure Monitor’s Log Analytics Workspaces. Through integration with Azure Attribute-Based Access Control (ABAC), it is now possible to define row-level RBAC within the same centralized workspace. This allows organizations to segment data access based on criteria such as job role, organizational unit, geographic location, or data sensitivity. This approach enables more precise governance aligned with least-privilege principles while retaining the advantages of a centralized log platform. It is especially well-suited for complex enterprise environments with high security requirements.

Conclusions

The latest updates from Microsoft for Azure confirm a clear and strategic direction: making the cloud increasingly sustainable, secure, and governable. The integration of artificial intelligence into tools such as GitHub Copilot for Azure, SQL Server Management Studio, and Azure Monitor is no longer a future promise—it is a concrete reality that is transforming the way developers, administrators, and analysts work every day. At the same time, the focus on sustainability—with native features for monitoring and reducing carbon emissions—marks a significant step toward more responsible and environmentally conscious IT. In parallel, improvements in security posture—thanks to Microsoft Defender for Cloud—and advancements in monitoring and backup help strengthen the resilience of hybrid and multicloud environments. Lastly, the latest innovations in governance and FinOps provide increasingly advanced tools for cost optimization and consumption transparency, benefiting both IT teams and financial decision-makers.

Azure Hybrid Management & Security: What’s New and Insights from the Field – April 2025

With this article, I’m launching a new monthly series focused on the management and security of hybrid and multicloud environments with Azure, which takes over from the previous “Azure Management Services: What’s New” series.

The evolution of IT architectures and the growing adoption of hybrid models require a shift in how we approach operations, governance, and resource protection. Tools like Azure Arc, the integration of Artificial Intelligence into management processes, and new models for automation now form the foundation for modern, scalable IT control.

This new series, “Azure Hybrid Management & Security: What’s New and Insights from the Field”, is designed to follow this transformation closely. Every month, I will share:

  • the most relevant updates and announcements from Microsoft;

  • a selection of hands-on recommendations and field-proven practices;

  • a focus on the key tools that enable effective and secure management.

The goal is twofold: to keep you up to date, and to offer practical guidance for architects, IT leaders, and operational teams dealing with complex and distributed environments.

The key areas we will cover in this series, along with the corresponding tools and services, include:

🔹 Hybrid and multicloud environment management – with Azure Arc, which extends policy, security, management, and automation capabilities to on-premises and multicloud resources.

🔹 AI and intelligent automation – enabled by Microsoft Copilot in Azure, AIOps capabilities, and predictive tools to streamline operations and support smarter decision-making.

🔹 Security posture across hybrid and multicloud infrastructures – using Microsoft Defender for Cloud and other native services for vulnerability management and advanced threat protection.

🔹 Governance and policy management – leveraging tools such as Azure Policy, Azure Cost Management, and Resource Graph to ensure control, standardization, and cost/resource optimization.

🔹 Update & Patching – through Azure Update Management, Azure Automation, and native patching capabilities across Azure Arc-enabled environments.

🔹 Backup & Resilience – using Azure Backup and Azure Site Recovery to ensure business continuity, data protection, and disaster recovery.

🔹 Monitoring – with tools like Azure Monitor, Log Analytics, and Application Insights for comprehensive visibility and effective troubleshooting.

AI and intelligent automation

Microsoft Copilot in Azure

Microsoft Copilot in Azure is now available!

Microsoft has announced the general availability of Copilot in Azure, marking a significant milestone in the evolution of intelligent cloud management. Copilot in Azure introduces an AI-based assistant that leverages Large Language Models (LLMs), the Azure control plane, and real-time information from the user’s environment. This enables the optimization of operational tasks, improved productivity, and full realization of the benefits offered by the cloud. With its production release, users can now enjoy enhanced performance, greater response accuracy, and full localization support across all languages of the Azure portal. The currently available features come at no additional cost, although Microsoft has indicated that future enhancements may introduce a pricing model. To ensure fair and sustainable use, protective mechanisms such as temporary throttling in case of excessive use of generative services have been implemented.

Security posture across hybrid and multicloud infrastructures

Microsoft Defender for Cloud

Threat Detection in Azure Backup with Microsoft Defender for Cloud (Private Preview)

A new Threat Detection feature for Azure Backup, integrated with Microsoft Defender for Cloud (MDC), has been released in Private Preview. This innovative capability allows for the assessment of the health status of Azure VM recovery points (RPs), distinguishing between secure and potentially compromised restore points. The analysis relies on signals from real-time scans performed by Microsoft Defender for Endpoint (MDE), as part of Microsoft Defender for Servers plans. Azure Backup uses behavioral and heuristic signals detected by MDE to identify anomalies that may indicate the presence of ransomware in backup data.

New features, bug fixes, and deprecated features of Microsoft Defender for Cloud

The development of Microsoft Defender for Cloud is constantly evolving, with continuous improvements being introduced. To stay updated on the latest developments, Microsoft updates this page, which provides information on new features, bug fixes, and deprecated features. Specifically, this month’s main news includes:

  • AI Posture Management in GCP Vertex AI (Preview): support has been extended to AI workloads on Google Cloud Platform (GCP) via Vertex AI. Key features introduced include:
  • Automatic discovery of AI components, data, and artifacts.
  • Detection of misconfigurations with integrated suggestions and remediation actions.
  • Attack path analysis to identify and mitigate security risks.

  • Integration with Mend.io (Preview): a new integration designed to enhance application security by identifying and mitigating vulnerabilities in third-party software dependencies.

  • GitHub Permissions Update: GitHub connectors can now request administrative permissions for Custom Properties, useful for enabling new contextualization capabilities. Permissions can be granted:
  • Directly from the GitHub Apps section in the organization settings.
  • Or via an automated email from GitHub Support.

  • Defender for SQL Server on Machines Plan Update: a new lightweight agent has been introduced, which no longer requires the Azure Monitor Agent. This simplifies onboarding and improves coverage.

Note: after the update, costs may increase if additional SQL Server instances are protected.

  • New Malware Scanning Limit in Defender for Storage: the default limit for on-upload malware scanning has been increased from 5,000GB to 10,000GB. This applies to:
  • New subscriptions
  • Reactivated subscriptions
    The limit can be customized based on specific needs.

  • API Security Posture Management (General Availability): this capability is now generally available (GA) within the Defender CSPM Plan. Key features include:
  • Unified API inventory
  • Identification of new risk types, such as unauthenticated or unencrypted APIs
  • Mapping of exposed APIs via Azure API Management to Kubernetes Ingress and VMs
  • Support for Attack Path Analysis to better manage and mitigate risks

  • Improvements to Defender for App Service Alerts (effective April 30, 2025):
  • New alerts introduced for suspicious code execution and access to internal or remote endpoints
  • Detection optimized to reduce false positives
  • Deprecated alert: “Suspicious WordPress theme invocation detected”

Governance and policy management

Azure Cost Management

AKS Cost Optimization with Azure Advisor

Azure Advisor introduces a new feature designed to support cost optimization in Azure Kubernetes Service (AKS) clusters. Thanks to AKS-specific recommendations, it is now possible to identify concrete saving opportunities through actionable suggestions based on container cost management best practices. The recommendations are tailored to the cluster’s configuration and cover key scenarios such as rightsizing, autoscaling, consumption visibility, and SKU selection.

Environmental Sustainability

New Enhancements for Carbon Optimization in Azure (Preview)

The Carbon Optimization feature in Azure is enriched with new capabilities in Public Preview, aimed at improving the analysis and visibility of emissions data generated by cloud workloads. Key updates include a new version of the API (2024-02-01-preview), which surpasses the previous limit of 5,000 items, enabling the processing of much larger datasets for in-depth analysis. Additionally, the access model has been expanded: users with the Subscription Reader role can now view emissions data, promoting a more collaborative approach to sustainability. Another important update involves the categorization of emissions: data is now organized by resource type (e.g., virtual machines or Azure Data Explorer) rather than by service, offering more useful granularity to identify critical areas. Finally, new filters by resource type and geographic region make it easier to focus on specific segments of the infrastructure for environmental optimization.

Backup & Resilience

Azure Backup

Backup for Azure File Share in AKS with Azure Backup (Private Preview)

Microsoft has announced the start of the Private Preview for backup support of Persistent Volumes based on Azure File Share in Azure Kubernetes Service (AKS) environments. This new feature extends protection coverage for stateful workloads running on AKS, adding support for SMB-based Azure File Shares in addition to the existing support for Azure Disks.
Through snapshot-based backup mechanisms, it’s now possible to enable application-level protection for a broader range of workloads, maintaining an instant backup and restore experience with retention of up to 30 days.

Vaulted Backup for Azure Data Lake Storage (Public Preview)

Vaulted backup for Azure Data Lake Storage is now available in Public Preview, enabling more comprehensive and resilient data protection using Azure Backup vaults. The vault stores recovery points over time and allows for the definition of a backup schedule (daily or weekly), with retention options of up to 10 years to meet the most stringent compliance requirements.
This new feature introduces an effective off-site copy strategy, safeguarding backups from accidental deletion or malicious attacks through source-data isolation, soft-delete, immutability, and data encryption. In the event the source storage is compromised, recovery can be performed on an alternate account, ensuring business continuity even in critical scenarios.

Azure Site Recovery

Shared Disk Protection

Azure Site Recovery for Shared Disk is now generally available, enabling protection, monitoring, and recovery of workloads running on Windows Server Failover Clusters (WSFC) hosted on Azure virtual machines with shared disks. This new capability extends business continuity and disaster recovery options to mission-critical scenarios such as SQL Server with Failover Cluster Instance (FCI), SAP ASCS, and Scale-out File Server.
The feature supports Windows Server 2016 and later, up to four nodes per cluster, and allows an unlimited number of shared disks per environment. Additionally, support for high write-frequency scenarios and PowerShell integration ensures scalable and automated management. This represents a significant advancement for organizations looking to implement advanced disaster recovery solutions in complex and distributed Azure environments.

Monitoring

Azure Monitor

I/O Performance Analysis for SQL Server on Azure Virtual Machines

I/O performance analysis for SQL Server running on Azure virtual machines is now available. This feature enables the identification and resolution of I/O-related bottlenecks. From the Azure portal, users can view detailed metrics and receive operational guidance to improve SQL Server instance performance, particularly when delays are caused by disk or VM throttling.
This feature allows immediate assessment of storage health and application of best practice rules. When no issues are detected, a green visual indicator is shown; otherwise, the system identifies the impact level and the exact moment of the anomaly, which may relate to disk or cache latency. It is also possible to run a subset of SQL Server best practice assessment rules and compare results over time, gaining a useful historical perspective for performance tuning.

Monitoring Java and Node.js Microservices on AKS (Preview)

A new integration between Azure Monitor Application Insights and Java and Node.js microservices deployed on AKS is now available in Public Preview. This enables automatic monitoring without any code changes.
Thanks to auto-instrumentation built into the AKS cluster, immediate visibility into Java and Node.js applications running on Linux nodes is now possible, using specific libraries. Log data, metrics, and tracing—compliant with the OpenTelemetry standard—are sent directly to the Application Insights resource.
This integration also allows application telemetry to be linked with infrastructure signals through OpenTelemetry Resource attributes, simplifying root cause analysis and improving correlation with Container Insights data. The result is faster and more effective application performance diagnostics.

Conclusions

The growing complexity of IT environments—now increasingly hybrid and distributed—requires an evolved approach to management and security. With this new monthly column, Azure Hybrid Management & Security: updates and field insights, I aim to provide a reliable reference point for navigating updates, tools, and best practices, with a practical and concrete focus.
The proposed insights not only help keep pace with Microsoft’s ongoing innovations but are especially designed to support IT professionals in the conscious adoption of scalable, secure, and sustainable solutions. I encourage you to follow this article series regularly to stay up to date and more effectively tackle the challenges of multi-cloud management.

Azure IaaS and Azure Local: announcements and updates (April 2025 – Weeks: 15 and 16)

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Local, as officially released by Microsoft in the past two weeks.

Azure

General

Microsoft Copilot in Azure is Now Generally Available

Microsoft Copilot in Azure has reached general availability, bringing AI-powered assistance to users across the Azure ecosystem. Designed to enhance productivity, Copilot in Azure leverages Large Language Models (LLMs), the Azure control plane, and real-time insights from the user’s environment to streamline tasks and uncover cloud benefits. With GA, users can now rely on Copilot in production scenarios, benefiting from improved performance, higher response accuracy, and full localization support across all Azure portal languages. Current capabilities are included at no additional cost, though future features may introduce pricing considerations. Microsoft has also implemented safeguards such as temporary throttling to manage excessive use of generative AI services.

Microsoft Azure Now Available from New Cloud Regions

Microsoft has announced the general availability of new Azure cloud regions, further expanding its global infrastructure. The Indonesia Central region is now live, marking Azure’s first presence in Indonesia. Equipped with Azure Availability Zones, this region offers scalable, resilient, and secure cloud services to support digital transformation and AI innovation across the country. In addition, a new Azure for U.S. Government Secret region is now generally available, providing increased capacity and flexibility for classified workloads. Designed to meet the strict requirements of the U.S. Department of Defense and other federal agencies, the new region offers geographically distributed data residency options, continuity of operations, and native connectivity to U.S. Government classified networks. Customers benefit from a consistent platform experience and can access foundational Azure services, including Azure ExpressRoute, to support mission-critical scenarios with private, high-bandwidth connectivity.

ExpressRoute Metro and Global Reach Available in Italy North

ExpressRoute Metro and Global Reach are now available in the Italy North region, expanding Azure’s private connectivity capabilities in the area. ExpressRoute Metro allows customers to connect to Microsoft’s global network from two different physical locations within a metro area for higher resiliency and performance. With Global Reach, users can connect their on-premises networks across different regions through the Microsoft backbone, improving global connectivity and optimizing traffic flow.

Compute

DCesv6 and ECesv6 Series Confidential VMs with Intel® TDX (private preview)

Azure has introduced the DCesv6 and ECesv6 series Confidential Virtual Machines in private preview, leveraging 5th Gen Intel® Xeon® processors with Intel® Trust Domain Extensions (TDX). These next-generation VMs are designed to support highly sensitive and confidential workloads in the cloud without requiring changes to application code. The new SKUs include the general-purpose DCesv6-series and the memory-optimized ECesv6-series. These VMs maintain data privacy by keeping it encrypted even during processing, and they offer in-guest attestation, enabling verification of VM integrity. This marks a significant advancement in Azure’s confidential computing offerings.

Networking

Azure Networking Capabilities for Microsoft Copilot in Azure

Azure networking capabilities for Microsoft Copilot in Azure are now generally available, enhancing the AI-powered assistant with deep, contextual insights into network design, operations, and security. Users can now query Copilot for information on Azure networking products, receive guidance on architecture planning, resilience strategies, and migration from on-premises environments. Copilot also supports detailed inventory and traffic path queries, providing topology maps and network connectivity graphs. For operational needs, it offers troubleshooting and diagnostic capabilities by analyzing network configurations, control plane data, and resource health. Additionally, Copilot now integrates with Security Copilot to enable attack investigation on malicious traffic intercepted by Azure Firewall’s IDPS feature—directly within the Azure portal.

Application Gateway as a Private Link Enabled Origin for Front Door Premium

Application Gateway resources can now be configured as Private Link enabled origins within Azure Front Door Premium profiles. This integration allows customers to deliver web content via public Front Door endpoints while keeping the origin infrastructure isolated from the public internet. The use of Private Link ensures that the communication between Front Door and the origin remains secure and private, enhancing the security posture of internet-facing applications. This feature is particularly valuable for scenarios requiring strict network isolation without compromising performance or global reach.

Azure Front Door: Enhanced Server Variable Support

Azure Front Door has expanded its server variable capabilities by enabling the capture of request header, response header, and request query string values. This builds on the previously released feature to capture URL path segments. With these new enhancements, server variables can now be used in the rules engine to enable more dynamic and flexible HTTP request manipulation and routing at the edge. Scenarios enabled by this feature include modifying a response header based on a request header value, renaming cloud provider-generated headers to branded ones, and redirecting based on query string values. These capabilities unlock new customization opportunities for developers aiming to fine-tune edge routing behavior.

Azure Front Door: Custom Cipher Suite Support

Custom cipher suite support for Azure Front Door is now generally available across both Standard and Premium tiers. Azure Front Door provides several predefined TLS policies based on Microsoft Security best practices to ensure strong encryption and protocol support. With this update, customers can also define custom TLS policies to meet specific business and compliance requirements. This includes setting the minimum supported TLS version and selecting allowed cipher suites, offering granular control over security settings and enabling organizations to tailor their Front Door configuration to their unique security posture.

Azure Bastion Developer Now Available in 36 Regions

Azure Bastion Developer, previously limited to six regions, is now generally available in 36 public regions worldwide. Designed for Dev/Test scenarios, this version of Azure Bastion provides secure-by-default RDP and SSH access to virtual machines without the need for a public IP address. It allows users to connect to one VM at a time through the virtual machine’s connect blade—all at no cost. While it lacks the advanced features and scalability options of the standard Bastion offering, Bastion Developer is ideal for users seeking a streamlined and secure connection method for development and testing environments.

Expanded Availability of ExpressRoute Metro, Peering Locations, and Global Reach

Azure continues to expand its networking footprint with broader availability of ExpressRoute Metro and Global Reach. ExpressRoute Metro is now accessible in four new locations—Atlanta (USA), Jakarta (Indonesia), Madrid (Spain), and Milan (Italy)—providing increased resiliency for organizations requiring high-performance, private connectivity to Azure. Additionally, two new ExpressRoute Peering locations, Brussels and Brussels2 in Belgium, have been introduced, further enhancing secure access across Europe. ExpressRoute Direct is now available in all these new regions. Furthermore, ExpressRoute Global Reach has expanded to include Belgium, Italy, and Spain, enabling private site-to-site connectivity through Microsoft’s global network infrastructure.

Route-Maps for Azure Virtual WAN

Azure Virtual WAN now includes support for route-maps, empowering users with enhanced control over routing behavior within Virtual WAN virtual hubs. This feature enables fine-grained management of route advertisements and route selection for various connection types, including site-to-site VPN, point-to-site VPN, ExpressRoute, and virtual network (VNet) links. Route-maps allow for advanced routing scenarios, such as filtering or modifying route advertisements, offering greater flexibility in managing complex network topologies and optimizing traffic flows.

Storage

ACLs for Local Users in Azure Blob Storage SFTP

Access Control Lists (ACLs) for Azure Blob Storage SFTP local users are now generally available. This capability provides administrators with an intuitive way to implement fine-grained access control over blobs and directories for users configured for SFTP access. With ACLs, organizations can enforce security and access policies more precisely, simplifying the management of user-level permissions while enhancing data protection within Azure Blob Storage environments.

Performance Plus for Azure Disk Storage

Azure Disk Storage has introduced the Performance Plus feature in general availability, bringing enhanced performance to Premium SSD, Standard SSD, and Standard HDD disks of 513 GB or larger. With Performance Plus, users benefit from increased IOPS and throughput at no additional cost. This feature is accessible via Azure CLI, PowerShell, and the Azure Portal, enabling customers to optimize their disk performance with minimal effort and without changing disk SKUs. Performance Plus helps meet demanding workload requirements by improving disk responsiveness and efficiency.

Azure NetApp Files: File Access Logs (preview)

Azure NetApp Files now supports file access logs in public preview, offering organizations enhanced visibility into file activity for improved security and operational monitoring. This new feature captures detailed information about file access, including user identity, operation type, and timestamps. It supports SMB, NFSv4.1, and dual-protocol volumes, allowing organizations to detect unauthorized access, ensure compliance, resolve operational incidents, and analyze usage patterns. By incorporating file access logs, enterprises can strengthen data protection, meet compliance requirements, and align with the Well-Architected Framework’s security best practices.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Local. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.