This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Stack, as officially released by Microsoft in the past two weeks.
Microsoft Azure achieves HITRUST CSF v11.0.1 certification
I am thrilled to announce that Microsoft Azure has achieved HITRUST CSF v11.0.1 certification across 162 Azure services and 115 Azure Government services. This certification covers all GA Azure regions across both Azure and Azure Government clouds. This monumental achievement stands as a testament to Azure’s unwavering commitment to enhancing its security and compliance offerings, especially for valued customers in the healthcare sector.
HITRUST CSF v11.0.1 is the latest iteration of the framework, incorporating new requirements and updates from authoritative sources such as NIST SP 800-53 Rev 5, NIST Cybersecurity Framework v1.1, PCI DSS v3.2.1, FedRAMP High Baseline Rev 5, CSA CCM v3.0.1, GDPR, CCPA, and more. Moreover, HITRUST CSF v11.0.1 introduces innovative features and enhancements, including a maturity scoring model, risk factor analysis, an expanded inheritance program, improved assessment scoping tools, and more. By securing this certification, Azure reinforces its dedication to providing secure and compliant cloud services for customers in the healthcare industry.
Azure Dedicated Host – Resize
With the introduction of Azure Dedicated Host’s new ‘resize’ feature, users can now effortlessly transition their existing dedicated host to a different Azure Dedicated Host SKU, for instance, moving from Dsv3-Type1 to Dsv3-Type4. This innovative ‘resize’ feature significantly reduces the complexities and efforts associated with reconfiguring VMs when there’s a need to upgrade the foundational dedicated host system. One of the standout features is the ability to automatically create a new host, migrate all pre-existing VMs, and subsequently delete the old host. This eliminates the need for any manual interventions during the upgrade process of the dedicated host. Additionally, this could lead to potential cost savings, as users gain the capability to operate more VMs on the newly introduced dedicated host SKUs.
VMSS Automatic Instance Repairs – Reimage, Restart Repair Actions (preview)
Automatic instance repairs help Virtual Machine Scale Set customers achieve high application availability by automatically detecting and recovering unhealthy VM instances at runtime. Microsoft has announced that customers can now choose between Replace, Reimage (Preview), or Restart (Preview) as the default repair action performed in response to an “Unhealthy” application signal. These new options provide a less-impactful repair process, ensuring higher application availability while preserving VM properties and metadata for customers with sensitive workloads.
Default Outbound Access for VMs in Azure Will Be Retired
Microsoft has recently announced that starting from 30 September 2025, the default outbound access connectivity for all new virtual machines in Azure will be retired. This decision is in line with Azure’s move towards a secure-by-default model, which means that the default outbound access to the internet will be turned off. Consequently, after the mentioned date, Azure will no longer assign a default implicit IP for VMs to communicate with the internet. However, it’s important to note that existing VMs will not be affected by this retirement. For those who require outbound access post this date, Azure will provide an easy way to enable outbound internet access using explicit outbound methods. Additionally, for VMs currently having default outbound access and wishing to transition to a secure configuration after this date, Azure will offer a mechanism for easy opt-in. Users already utilizing explicit outbound connectivity methods will remain unaffected by this retirement. Azure emphasizes the benefits of explicit outbound connectivity methods, including greater control over internet connections, protection from public IP address changes, and traceable IP address resources beneficial for measurement and troubleshooting. Azure will be sending periodic updates to subscription owners impacted by this change in the coming months.
ExpressRoute Traffic Collector now generally available
Microsoft Azure has announced the general availability of the ExpressRoute Traffic Collector. This feature allows users to capture information about IP flows sent over ExpressRoute direct circuits. The ExpressRoute Traffic Collector supports flow logs capture for both Private and Microsoft peering. The captured flow logs data is sent to a Log Analytics workspace, enabling users to create custom log queries for in-depth analysis.
Some of the primary use cases for flow logs include:
- Network Monitoring: gain near real-time visibility into network throughput and performance, perform network diagnosis, and forecast capacity.
- Network Usage and Cost Optimization: analyze traffic trends by filtering sampled flows by IP, port, or applications. Identify top talkers for a source IP, destination IP, or applications. Optimize network traffic expenses by analyzing traffic patterns.
- Network Forensics Analysis: identify potentially compromised IPs by analyzing all associated network flows. Users can also export flow logs to a SIEM tool of their choice to monitor and correlate events.
It’s important to note that the flow logs collected by the ExpressRoute Traffic Collector do not impact network throughput or latency. Users can enable or stop flow logs collection without any risk of affecting the network performance of an ExpressRoute direct circuit.
Azure Private Link for MySQL – Flexible Server
Azure Private Link allows users to connect to various PaaS services, such as Azure Database for MySQL – Flexible Server, in Azure, via a private endpoint. Private Link brings Azure services inside your private virtual network (VNet). Using the private IP address, the Azure Database for MySQL – Flexible Server becomes accessible just like any other resource within the VNet. This feature is now available for general use.
Azure Files improved support for Unicode characters
Azure Files has undergone enhancements to now support all valid Unicode characters. This development allows for the creation of SMB File shares with file and directory names that align with the NTFS file system, specifically for valid Unicode characters. This expanded character set support includes:
- Control characters that are supported by NTFS.
- Trailing dot (.) characters at the end of directory and file names.
- Characters that function individually but were previously blocked when used in combination, especially in non-English languages.
Such advancements facilitate tools like AzCopy and Storage mover to migrate all files into Azure Files using the REST protocol. This expanded character support is now accessible in all Azure regions.
Zone Redundant Storage for Azure Disks in More Regions
Microsoft has announced the general availability of Zone Redundant Storage (ZRS) for Azure Disk Storage on Azure Premium SSDs and Standard SSDs in the Norway East and UAE North regions. Disks with ZRS offer synchronous replication of data across three availability zones within a region. This ensures that the disks can withstand zonal failures without disrupting the associated applications. The feature not only enhances the resilience of disks against zonal failures but also eliminates the need for application-level replication of data across zones. Furthermore, ZRS can be combined with shared disks to provide even higher availability for clustered or distributed applications, including SQL FCI, SAP ASCS/SCS, and GFS2.
Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.