This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Local, as officially released by Microsoft in the past two weeks.
Azure
Compute
Azure 128 & 192 vCPU sizes for the Esv6 and Edsv6 series VMs
Microsoft has introduced new VM sizes in the Esv6 and Edsv6 series, offering configurations with up to 192 vCPUs and 1832 GiB of RAM. These high-capacity virtual machines are designed for enterprise-scale workloads, including in-memory analytics, large relational databases, and in-memory cache scenarios. Equipped with Intel® Total Memory Encryption (Intel TME) and NVMe-enabled local and remote storage, these VMs deliver both robust performance and enhanced data security. Key advantages include up to 400K IOPS and 12 GB/s remote storage throughput with 200 Gbps network bandwidth, three times the local storage IOPS thanks to the NVMe interface, and strong memory protection capabilities provided by Intel TME.
Networking
Network Security Perimeter
Microsoft has introduced Network Security Perimeter, a feature that allows organizations to define a logical network isolation boundary for PaaS resources, such as Azure Storage accounts and SQL Database servers, deployed outside their virtual networks. This capability restricts public network access to PaaS resources within the perimeter, with exceptions managed through explicit inbound and outbound access rules. Key benefits include secure resource-to-resource communication within perimeter members to prevent data exfiltration, centralized management of external public access, detailed access logs for audit and compliance, and a unified experience across supported PaaS resources.
Customer-controlled maintenance
Microsoft has announced that customers can now define configurable maintenance windows for the Point-to-Site (P2S) VPN Gateway in the Virtual WAN service, which has reached general availability. This capability allows greater control over planned updates and enhances operational predictability. With this release, maintenance window configuration is now supported across multiple gateway resources in Azure networking services, including: Virtual Network Gateway in ExpressRoute, Virtual Network Gateway in VPN Gateway, Site-to-Site VPN Gateway in Virtual WAN, Point-to-Site VPN Gateway in Virtual WAN, and ExpressRoute Gateway in Virtual WAN. This improvement ensures that organizations can align gateway maintenance with their operational and compliance requirements.
Azure DNS Public Zones DNS Security Extensions (DNSSEC) in US Gov and China regions
Microsoft has announced the general availability of Domain Name System Security Extensions (DNSSEC) for Azure DNS Public Zones in US Gov and China regions. This enhancement enables cryptographic authentication of DNS data, providing protection against threats such as cache poisoning and man-in-the-middle attacks. Administrators can enable DNSSEC for both new and existing DNS zones via the Azure Portal, CLI, PowerShell, or API. Azure manages all key operations, simplifying deployment and maintenance while ensuring high availability and performance through its global infrastructure.
Azure Virtual Network Manager mesh now supports 5,000 virtual networks (preview)
Azure Virtual Network Manager now supports grouping up to 5,000 virtual networks in a mesh connectivity configuration, available in public preview for supported regions. A mesh topology establishes bi-directional connectivity between every virtual network in the group, removing the need for manual peerings, reducing network hops, and ensuring low-latency traffic flows under a unified control plane. This approach is particularly beneficial in hub-and-spoke environments, where spokes can communicate directly without routing through the hub, lowering latency while retaining security oversight via Azure Virtual Network Manager security admin rules, NSGs, and comprehensive traffic monitoring through flow logs.
Storage
Log or block shared access signature (SAS) tokens for Azure Storage based on expiration policy
Azure Storage now supports enhanced enforcement options for Shared Access Signature (SAS) token expiration policies. Administrators have long been able to define the validity interval for SAS tokens using a storage account’s expiration policy. However, it was previously possible to override this with a longer signed expiry date on the SAS token itself. With the new SAS expiration action capability, administrators can now choose to either log or block requests that violate the configured expiration policy. The ‘Log’ action provides visibility into out-of-policy usage without disrupting service, making it ideal for auditing and trend analysis. Conversely, the ‘Block’ action enforces strict compliance by denying access to expired tokens. Microsoft recommends beginning with the ‘Log’ action to monitor access patterns, followed by implementing ‘Block’ to secure environments against unauthorized or outdated token usage.
Azure Data Box Next Gen is now generally available in additional regions
Azure Data Box Next Gen is now generally available in new regions, including Australia, Japan, Singapore, Brazil, Hong Kong, UAE, Switzerland, and Norway. This expansion complements the existing availability of both the 120 TB and 525 TB models in the US, UK, Canada, EU, US Government, Australia, Japan, and Singapore. Additionally, the 120 TB model is now available in Brazil, UAE, Hong Kong, Switzerland, and Norway. These next-generation NVMe-based devices have already facilitated the ingestion of several petabytes of data across various industries, delivering up to 10× faster transfer speeds. Customers value their reliability and efficiency for large-scale migration projects, making them a preferred choice for secure and high-speed data movement.
Azure Storage Actions now in 22 more regions
Azure Storage Actions is now available in 22 additional Azure regions, expanding its global reach and providing customers with more options for data residency and compliance. This broader availability enhances the ability to automate data management tasks across a wider range of geographic locations, supporting diverse operational and regulatory requirements.
Azure Storage Discovery (preview)
Microsoft has announced the public preview of Azure Storage Discovery, a fully managed service providing enterprise-wide visibility into Azure Blob Storage estates. This solution offers deep insights into capacity usage, activity trends, cost optimization opportunities, and security enhancements, all accessible directly within the Azure Portal. Azure Storage Discovery integrates with Azure Copilot, enabling users to obtain actionable insights through natural language queries without needing to learn a query language or write code.
Organizations can analyze trends over time, drill down into top storage accounts, and filter reports by configuration details such as region, redundancy, performance type, and encryption. The service supports analysis of up to one million storage accounts across multiple subscriptions and resource groups in a single workspace. Key benefits include automated aggregation of metrics, interactive reporting, 30 days of historical data upon deployment, and retention of insights for up to 18 months. The Standard tier is free to use until September 30, after which charges will apply, while the Free tier offers basic insights at no cost.
Conclusion
Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Local. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.