Archivi categoria: Azure Local – 2026-2027

Azure IaaS and Azure Local: announcements and updates (May 2026 – Weeks: 17 and 18)

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Local, as officially released by Microsoft in the past two weeks.

Azure

Networking

Microsoft HTTP DDoS Ruleset for Azure WAF on Azure Front Door Premium (preview)

The Microsoft HTTP DDoS Ruleset for Azure Web Application Firewall (WAF) on Azure Front Door Premium is now available in Public Preview. This ruleset introduces automated and adaptive Layer 7 protection against HTTP-layer Distributed Denial of Service (DDoS) attacks, which remain a common cause of application downtime. Once assigned to an Azure Front Door profile, the ruleset continuously learns normal traffic patterns at both the profile and per-client level, then uses dynamic thresholds and sensitivity settings to detect attack surges and selectively block offending clients with minimal manual tuning. The ruleset includes two core protections: one targeting high-rate client anomalies and another focused on suspected bots, using Microsoft Threat Intelligence to improve detection and mitigation.

Cross-region IPAM pool association in Azure Virtual Network Manager

Cross-region IP Address Management (IPAM) pool association in Azure Virtual Network Manager is now Generally Available (GA). This capability allows customers to associate a single IPAM pool with virtual networks across multiple Azure regions, helping centralize address planning and reduce configuration complexity in global environments. Instead of creating and maintaining separate pools for each region, organizations can use one multi-region IPAM pool to apply consistent Classless Inter-Domain Routing (CIDR) allocation policies across regions, while still defining regional restrictions when needed. Existing single-region IPAM pools continue to work without required changes, preserving backward compatibility while enabling stronger governance and lower operational overhead for large-scale Azure deployments.

Storage

Azure NetApp Files advanced ransomware protection

Azure NetApp Files advanced ransomware protection (ANF ARP) is now Generally Available (GA) in all Azure NetApp Files regions. This capability is designed to help organizations proactively detect, respond to, and recover from ransomware threats affecting cloud volumes. ANF ARP monitors Azure NetApp Files volumes for suspicious activity by analyzing signals such as file extension profiling, entropy, and Input/Output Operations Per Second (IOPS) patterns. When a potential threat is detected, the system creates a point-in-time snapshot to support rapid evaluation and recovery. Notifications are sent through the Azure Activity Log, and attack reports are retained for 30 days. Microsoft notes that there is no specific additional charge for ANF ARP, although customers should review sizing considerations before enabling the feature.

Elastic SAN CRC Protection

Azure Elastic SAN now generally supports CRC-32C checksum verification, enabling stronger data integrity validation when the feature is enabled on the client side for connections to Elastic SAN volumes. Azure Elastic SAN also allows this protection to be enforced through a property configured at the volume group level, with all volumes in that group inheriting the setting. When enabled, Elastic SAN rejects any client connection to volumes in that group if CRC-32C is not configured for header or data digests on the connection. When the property is disabled, checksum verification still depends on whether CRC-32C is enabled on the client, but Elastic SAN does not reject connections. This feature can be enabled either when creating a new Elastic SAN or on an existing deployment.

Capacity Autoscaling for Elastic SAN

Capacity Autoscaling for Elastic SAN is now Generally Available (GA), allowing customers to automatically expand SAN capacity based on actual usage instead of relying on manual provisioning or static overprovisioning strategies. With autoscaling policies, organizations can define scaling increments to improve predictability and maintain greater control over costs as capacity grows. This capability is particularly valuable in scenarios involving rapid business growth or unexpected usage spikes, where storage demand can increase quickly and manual capacity management may become operationally inefficient.

Connect to Azure Elastic SAN from Windows VM via VM Extension

Azure Elastic SAN now supports volume connectivity for Windows Virtual Machines (VMs) using the Elastic SAN VM extension directly from the Azure portal. This capability allows customers to connect Elastic SAN volumes during VM deployment, simplifying the configuration process and reducing the need for manual post-deployment setup. By integrating Elastic SAN connectivity into the deployment workflow, Microsoft makes it easier to adopt Elastic SAN for workloads that require scalable block storage attached to Windows virtual machines.

Azure Local

Azure Local 2604 expands to sovereign-scale and disaggregated infrastructure

With the 2604 release, Azure Local introduces a major platform evolution for sovereign private cloud, edge, and enterprise-scale infrastructure scenarios. Identified as version 12.2604.1003.209, the April 2026 update brings general reliability improvements and bug fixes, together with significant enhancements across deployment architecture, storage integration, identity, update control, performance, virtualization, GPU acceleration, and portal management experiences.

The most significant infrastructure enhancement is the General Availability (GA) of disaggregated Azure Local deployments with Storage Area Network (SAN) storage. This enables compute and storage to be deployed and scaled independently, extending Azure Local beyond single-node and traditional hyperconverged architectures while preserving an Azure-consistent management and operational experience. Customers can adopt SAN-only or hybrid architectures, attach external SAN devices via Fibre Channel (FC), and reuse existing enterprise storage investments without replacing their storage estates. iSCSI support is planned for a future release. This architecture allows Azure Local clusters to scale from single-node edge deployments to multi-rack environments beyond 16 nodes, addressing sovereign private cloud, government, defense, regulated industries, and other large-scale infrastructure scenarios. It also supports workloads with massive storage requirements, including virtual machines, Kubernetes environments, and Azure Virtual Desktop. Azure Local can now coexist with both Storage Spaces Direct volumes and external SAN volumes, with ecosystem support from partners such as DataON, Dell Technologies, Everpure, HPE, Hitachi Vantara, Lenovo, and NetApp.

From version 2604 onward, all new and existing Azure Local deployments run the updated OS version 26100.32690, available from the Azure portal. Customers must use drivers compatible with OS version 26100.32690 or Windows Server 2025. For Integrated System or Premier solution hardware from the Azure Local Catalog, the OS remains preinstalled, and Microsoft recommends working with the Original Equipment Manufacturer (OEM) to obtain compatible OS images and drivers. This build also uses .NET 8.0.26 and .NET 10.0.6 for both .NET Runtime and ASP.NET Core.

For Azure Kubernetes Service (AKS) enabled by Azure Arc, Azure Local 2604 continues to support Kubernetes versions 1.31.12, 1.31.13, 1.32.8, 1.32.9, 1.33.4, and 1.33.5, while Kubernetes 1.30 is no longer supported. Microsoft also notes that Key Management Service (KMS) v1 will be deprecated soon and that KMS v2 is included in this Azure Local release. Customers should therefore plan cluster redeployment using KMS v2 and ensure AKS clusters are running a supported Kubernetes version before upgrading Azure Local.

Another important enhancement is the General Availability of Local Identity with Azure Key Vault, which allows Azure Local to be provisioned without infrastructure dependencies on Microsoft Active Directory. This simplifies deployments in disconnected, air-gapped, edge, and regulated environments by reducing the need for additional domain controller infrastructure and complex firewall configurations. The release also adds support for domain join prior to deployment and introduces new controls to manage how updates are applied to Azure Local.

Deployment and lifecycle operations have been optimized as well. Validation time is reduced by up to 50%, validation can resume from the point of failure within a three-hour window, and deployment duration is now more consistent for clusters of up to eight nodes, with an overall deployment time reduction of up to 40%. These improvements help accelerate both initial deployment and ongoing update workflows.

On the resiliency and virtualization side, rack-aware clustering now supports deployments that use Local Identity with Azure Key Vault, combining simplified identity requirements with the high availability needed in industries such as manufacturing, energy, and other distributed environments. GPU acceleration for Azure Local virtual machines is now Generally Available, enabling administrators to attach or detach full Graphics Processing Units (GPUs) through Discrete Device Assignment (DDA) or GPU partitions (GPU-P) during VM creation or as a Day-2 operation through the Azure CLI or Azure portal. VM restart operations have also been improved with graceful restart by default, meaning Azure Local VM restart operations now perform a graceful shutdown unless explicitly bypassed.

The Azure portal experience has also been enhanced. Administrators can now create new data disks at the cluster level with a richer disk overview experience, benefit from usability improvements across disk management workflows, and attach existing disks directly from the Azure Local VM view. Azure Marketplace image navigation has been improved by moving image selection to a full-page experience when creating a new VM image. Finally, Azure Local now supports enabling or disabling Software Defined Networking (SDN) management per network interface, giving administrators more granular control over network interface behavior.

Microsoft also notes that pricing for multi-rack and sovereign-scale deployments is being introduced as part of this release. Customers interested in large-scale or sovereign Azure Local scenarios should work with their Microsoft account team to understand pricing, configuration options, and early access programs.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Local. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

Azure IaaS and Azure Local: announcements and updates (April 2026 – Weeks: 15 and 16)

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Local, as officially released by Microsoft in the past two weeks.

Azure

General

Microsoft named a Leader in The Forrester Wave™ for Sovereign Cloud Platforms

Microsoft has been named a Leader in The Forrester Wave™: Sovereign Cloud Platforms, Q2 2026, an evaluation that assessed major sovereign cloud providers based on current offerings, strategy, and customer feedback. Microsoft presents this recognition as confirmation of its long-term commitment to helping organizations adopt cloud and Artificial Intelligence (AI) capabilities without compromising control, compliance, operational independence, or innovation. According to Microsoft, the report highlights an important reality of digital sovereignty: there is no single deployment model that fits every requirement, and organizations often combine public cloud, private cloud, and disconnected environments to balance regulation, risk, functionality, and cost. Microsoft states that its approach is based on delivering consistent sovereign controls across multiple environments rather than relying on a single isolated sovereign cloud model. The company also emphasizes that Microsoft Sovereign Cloud brings together public cloud controls such as data residency and access protections, private cloud and hybrid deployments enabled by Azure Local and Azure Arc, and partner-operated national clouds. Microsoft further notes that Forrester recognized its ability to extend sovereignty across cloud, AI, productivity, and security services, while maintaining consistency in management, governance, and deployment models across connected and disconnected environments.

Microsoft Azure now available from new cloud region in Denmark

Microsoft has announced the opening of a new Azure cloud region in Denmark, further expanding its global infrastructure footprint to support digital transformation and Artificial Intelligence (AI) innovation. The new Denmark East region provides Danish customers with local and secure cloud infrastructure, helping address requirements for data residency, low latency, and in-country cloud adoption.

Compute

Ephemeral OS Disk with full caching for VM and VMSS (preview)

Ephemeral OS Disk with full caching is now available in Public Preview for Azure Virtual Machines (VMs) and Virtual Machine Scale Sets (VMSS), delivering faster and more reliable operating system disk performance for supported workloads. This capability works by caching the entire OS disk image on local VM storage—including cache disk, resource disk, or NVMe disk—resulting in improved input/output (I/O) performance, consistently low latency, and greater resilience during remote storage disruptions. Microsoft highlights that this feature is especially well suited for I/O-sensitive stateless workloads, such as Artificial Intelligence (AI) scenarios, quorum-based databases, data analytics, real-time processing systems, and large-scale stateless services on general-purpose VM families. During the preview, the feature is available for most general-purpose VM SKUs, excluding 2-vCPU and 4-vCPU virtual machines, across a broad set of 29 Azure regions.

Networking

Rule impact analysis on Azure Network Watcher (preview)

Rule impact analysis in Azure Network Watcher is now available in Public Preview, enabling customers to preview the impact of security admin rules before applying them to their environments. This capability helps administrators better understand the potential effects of rule changes in advance, reducing the risk of unintended connectivity issues and improving change validation for network security configurations.

Unlock client-side configuration at scale with Azure App Configuration and Azure Front Door (preview)

Azure App Configuration now integrates with Azure Front Door in Public Preview, allowing customers to deliver dynamic configuration securely to client-side applications at Content Delivery Network (CDN) scale. This capability gives modern applications greater flexibility by enabling client-side configuration updates at global scale, while benefiting from Azure Front Door’s distribution and edge delivery capabilities.

StandardV2 NAT Gateway as an outbound type for AKS (preview)

Azure Kubernetes Service (AKS) now supports managed and user-assigned StandardV2 NAT Gateway as an outbound type for both AKS-managed and bring-your-own virtual networks (BYO VNets) in Public Preview. This update provides additional flexibility for outbound connectivity design in AKS, enabling customers to take advantage of the newer StandardV2 NAT Gateway option when planning egress architecture for Kubernetes workloads.

Storage

Granular encryption-in-transit controls for SMB and NFS on Azure Files

Azure Files now supports independent configuration of encryption-in-transit settings for SMB and NFS protocols at the storage account level. This capability allows customers to define protocol-specific security policies and apply more precise control over encryption requirements for each protocol without compromise. Microsoft positions this enhancement as especially useful for mixed-protocol workloads, where SMB and NFS may require different security configurations while still sharing the same storage environment.

Azure Storage Mover now available in Azure Government (US)

Azure Storage Mover is now available in Azure Government (US), enabling U.S. government customers and partners to securely migrate large-scale file data into Azure Government cloud environments by using a fully managed migration service. This availability expands Storage Mover’s reach to government scenarios that require stronger compliance and sovereign cloud alignment, while helping organizations simplify large-scale file migrations without relying on self-managed tooling.

Azure Data Box now supports Azure Files Provisioned v2

Azure Data Box now supports data ingestion into Azure Files Provisioned v2 storage accounts. This enhancement extends Azure Data Box compatibility to the newer billing and provisioning model for Azure Files, helping customers move data into Provisioned v2 environments as part of migration and large-scale data transfer scenarios.

Azure File Sync now available in Belgium Central, Malaysia West, and Indonesia Central

Azure File Sync is now available in Belgium Central, Malaysia West, and Indonesia Central, extending the service to additional regions and bringing it closer to organizations with hybrid file storage requirements. Azure File Sync enables seamless tiering of data from on-premises Windows Servers to Azure Files, supporting both hybrid use cases and simplified migration scenarios. With this regional expansion, customers can benefit from lower latency, improved performance, and support for local data residency requirements, while continuing to use the performance, flexibility, and compatibility of their on-premises file servers together with the scale and cost efficiency of Azure Files.

Encrypt Premium SSD v2 and Ultra Disks with cross-tenant customer-managed keys

Cross-tenant customer-managed keys (CMK) for Premium SSD v2 and Ultra Disks are now Generally Available (GA). This capability allows managed disks to be encrypted with a customer-managed key stored in an Azure Key Vault located in a different Microsoft Entra tenant from the disk resource itself. The feature is designed for scenarios where resource ownership and key ownership are intentionally separated across tenants, such as in multi-tenant or service provider environments, helping organizations enforce stronger separation of duties and more flexible encryption governance models.

Minimum billable object size for cooler storage tiers

Microsoft has announced a minimum billable object size for cooler storage tiers in storage accounts that use Azure Blob Storage or Azure Data Lake Storage (ADLS) Gen2. This update affects how objects stored in cooler tiers are billed, introducing a minimum billable size threshold for stored objects. Based on the available information, Microsoft has announced the change, but no additional publicly indexed details were available in the provided sources regarding the full scope or implementation specifics.

Smart Tier for Azure Blob and Data Lake Storage

Smart Tier for Azure Blob Storage and Azure Data Lake Storage (ADLS) is now Generally Available (GA) in nearly all zonal public cloud regions, with Israel Central, Qatar Central, and UAE North excluded from this announcement. Smart Tier is a fully managed and automated data tiering capability for object storage standard online tiers, designed to reduce the need for manual tier placement decisions. By automating data placement across supported tiers, Smart Tier helps customers simplify storage management and optimize data lifecycle handling for object storage workloads.

Azure Data Box enhances compliance with automatic Secure Erasure Certificates

Azure Data Box now automatically generates a downloadable Secure Erasure Certificate for every completed order, improving compliance and auditability for data transfer workflows. This enhancement provides customers with a more consistent way to document secure data removal after transfer operations, which can be especially useful for governance, regulatory, and audit requirements.

Azure Files assessments now available using Azure Migrate (preview)

Azure Migrate now supports Azure Files assessments in Public Preview, allowing customers and partners to more effectively plan migrations of on-premises SMB and NFS shares. With this capability, organizations can discover and review existing on-premises file shares, then group, tag, and assess them to support migration planning and improve visibility into file-based modernization scenarios.

User and group quota reports in Azure NetApp Files (preview)

User and group quota reports in Azure NetApp Files are now Generally Available (GA). This capability provides organizations using individual user and group quotas on NFS, SMB, and dual-protocol volumes with improved visibility into quota consumption by exposing key metrics such as quota limits, used capacity, and percentage utilization for each targeted user or group defined in a quota rule. With this reporting functionality, administrators can more easily monitor capacity usage, identify potential imbalances, and manage storage allocation more effectively across Azure NetApp Files environments.

Azure NetApp Files storage with cool access enhancement (preview)

Azure NetApp Files is introducing a storage with cool access enhancement in Public Preview for the Premium and Ultra service levels. This enhancement more precisely aligns throughput with data tiering by dynamically calculating maximum throughput based on the amount of data tiered to cool access storage, rather than applying a fixed reduction. With this model, hot data retains its configured performance, while throughput adjustments occur only for the data that has been moved to the cool tier, enabling more efficient performance management for tiered storage scenarios.

Azure Local

Foundry Local on Azure Local single-node deployments (preview)

Microsoft has announced the Public Preview of Foundry Local support for single-node Azure Local deployments, extending its edge Artificial Intelligence (AI) capabilities to industrial, manufacturing, and sovereign scenarios where inference must run locally without relying on cloud connectivity or multi-node clusters. Delivered both as a Kubernetes-native service and as an Azure Arc-enabled extension, this preview allows organizations to deploy, manage, and run advanced AI models directly on local infrastructure, such as servers on the factory floor, in remote plants, or in highly regulated and disconnected environments. Foundry Local provides REST and OpenAI-compatible APIs, enabling teams to use familiar cloud-aligned patterns for local AI workloads, while supporting built-in generative models from the Foundry Local catalog, custom predictive models such as Open Neural Network Exchange (ONNX) models from Open Container Initiative (OCI) registries, and multi-model orchestration for agent-style applications a single Kubernetes cluster. On Azure Local single-node systems, Foundry Local runs on Azure Kubernetes Service (AKS) enabled by Azure Arc, with Graphics Processing Unit (GPU) access enabled through the NVIDIA device plugin, providing a validated and supported edge AI foundation. Microsoft also offers two deployment paths: an Azure Arc-enabled Kubernetes extension for simplified lifecycle management through the Azure portal, and a Helm chart-based installation option for teams that require more granular control over deployment configuration, GPU allocation, storage, and GitOps workflows.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Local. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

Azure IaaS and Azure Local: announcements and updates (April 2026 – Weeks: 13 and 14)

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Local, as officially released by Microsoft in the past two weeks.

Azure

General

Availability of Microsoft Azure and related services

Microsoft has announced several generally available updates related to the expansion of Azure infrastructure and storage services. First, Microsoft has opened its new cloud region in Denmark, Denmark East, to support digital transformation and AI innovation for customers in the country. This new region provides local, secure cloud infrastructure with support for data residency, low-latency access, and access to advanced cloud and AI services. In addition, Azure Premium SSD v2 is now available in US Gov Arizona, a region without Availability Zones, extending access to this next-generation general-purpose block storage option for Azure virtual machines in government environments. Azure Premium SSD v2 offers sub-millisecond latency and strong price-performance characteristics for IO-intensive workloads such as SQL Server, Oracle, MariaDB, SAP, Cassandra, MongoDB, big data and analytics platforms, and gaming workloads running on virtual machines or stateful containers. Azure Premium SSD v2 is also now available in South India, further expanding regional access to this storage option for enterprise production workloads that require high performance and cost efficiency.

Compute

Ephemeral OS Disk with full caching for VM/VMSS (preview)

Ephemeral OS Disk with full caching is now available in public preview for Azure Virtual Machines and Virtual Machine Scale Sets, delivering significantly faster and more reliable OS disk performance for supported workloads. This capability works by caching the entire OS disk image on local VM storage, including cache disk, resource disk, or NVMe disk, which results in improved I/O performance, consistently low latency, and greater resilience in scenarios involving remote storage disruptions. The feature is especially beneficial for stateless and I/O-sensitive workloads such as AI applications, quorum-based databases, data analytics platforms, and large-scale stateless services running on General Purpose VM families. It is currently available on most General Purpose VM SKUs, excluding 2-core and 4-core virtual machines, in Central US. Customers can enable it by setting the

enableFullCaching
flag to
true
for Ephemeral OS disks in ARM templates or REST API definitions when creating new virtual machines or virtual machine scale sets.

Networking

Unlock client-side configuration at scale with Azure App Configuration and Azure Front Door (preview)

Azure App Configuration, integrated with Azure Front Door, is now available in public preview and enables organizations to deliver dynamic configuration directly to client-side applications securely and at CDN scale. This new capability brings greater flexibility to modern application architectures and is particularly relevant for AI-powered and agentic client applications. It supports a wide range of client experiences, including Single Page Applications built with frameworks such as React, Vue, Angular, and Next.js, as well as mobile and desktop applications developed with .NET MAUI, browser-based JavaScript components, embedded widgets, and other web applications capable of running JavaScript. With this integration, customers can centrally manage feature flags and configuration settings and propagate updates to browsers and mobile apps in real time without redeploying applications. Azure Front Door provides low-latency delivery for large global audiences, while the design ensures that secrets are not exposed to clients, as only scoped configuration values are delivered through managed identity. This built-in approach also simplifies application architecture by removing the need for custom proxy layers.

Storage

Azure Data Box enhancements

Azure Data Box now includes two generally available enhancements designed to improve compliance, transparency, and data transfer flexibility. First, Azure Data Box automatically generates a downloadable Secure Erasure Certificate for every completed order, verifying that all data on the device has been securely erased in accordance with NIST 800-88 Revision 2 standards. The certificate is produced as part of the standard cleanup process and is available directly through the Azure portal, reducing audit complexity, eliminating the need for manual validation, and simplifying compliance requirements for organizations working with sensitive data, including those in government, law enforcement, and financial services. In addition, Azure Data Box now supports data ingestion into Azure Files Provisioned v2 storage accounts. This allows customers to transfer data directly into a storage model where capacity, IOPS, and throughput are provisioned independently, offering greater flexibility and cost control for file share workloads across most public Azure regions.

Azure NetApp Files storage with cool access enhancement (preview)

The cool access enhancement for Azure NetApp Files storage is now in public preview and introduces an updated Quality of Service (QoS) behavior for Premium and Ultra service levels. This enhancement improves the way Azure NetApp Files balances performance and cost for environments that combine hot and cool data workloads. As data moves to cool storage, throughput is automatically adjusted to preserve hot-tier performance while still allowing customers to take advantage of cool access at scale. The capability continuously optimizes pool and volume throughput according to changing cool access patterns, delivering a more seamless operational experience and reducing the need for manual tuning. As a result, organizations can better align storage performance with workload demand while improving cost efficiency for mixed-use datasets.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Local. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.