This month, Microsoft introduced a series of significant updates related to Azure management services. Through this series of monthly articles, the aim is to provide an overview of the most relevant new features. The goal is to keep you constantly informed about these developments, providing you with essential information to further explore these topics.
The following diagram shows the different areas related to management, which are covered in this series of articles:
Figure 1 – Overview of Management Services in Azure
Monitor
Azure Monitor
Support for Azure Managed Prometheus Horizontal Pod Autoscaling in AKS Replica Set Pods
Azure Monitor’s managed service for Prometheus now supports Horizontal Pod Autoscaling (HPA) for the ama-metrics replica set pods within Azure Kubernetes Service (AKS). This new capability enables automatic scaling of the ama-metrics pod based on memory usage, allowing for more efficient management of Prometheus metrics and custom jobs.
By default, HPA is configured with a minimum of 2 replicas and a maximum of 12, with users having the flexibility to define a custom range within these limits. Thanks to this enhancement, the platform can dynamically adapt to monitoring demands, preventing memory exhaustion issues (OOM kills) and improving the overall reliability and scalability of AKS infrastructures.
Azure Monitor Managed Service for Prometheus on Azure Arc-enabled Kubernetes Clusters
Azure Monitor now offers a generally available managed Prometheus service tailored for Azure Arc-enabled Kubernetes environments. This fully managed service brings together the strengths of Prometheus’ open-source ecosystem with automation of complex tasks such as scaling, high availability, and data retention of up to 18 months.
It enables monitoring of Kubernetes clusters wherever they are running, providing native collection, storage, rule evaluation, and querying of Prometheus data. Backed by the same infrastructure as Azure Monitor Metrics—extended to support Prometheus format—and integrated with Azure Managed Grafana, this service is a key component for observability in cloud-native containerized workloads.
New API for Deleting Data in Log Analytics
Microsoft has introduced the Delete Data API for Log Analytics, allowing asynchronous requests to remove sensitive, personal, or corrupted data from Log Analytics workspaces. Unlike the more resource-intensive Purge API, this new API takes a more efficient approach by marking logs as deleted instead of physically removing them.
This improves performance and reduces system impact. It is recommended for deletion tasks not subject to GDPR regulations, offering a scalable and effective solution for log data management.
Govern
Azure Cost Management
Updates related to Microsoft Cost Management
Microsoft is constantly seeking new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns, and optimize costs. This article reports some of the latest improvements and updates regarding this solution:
- Retirement of AWS Connector:
Microsoft has announced the retirement of the AWS connector in Microsoft Cost Management, effective March 31, 2025. This connector previously enabled centralized integration and visualization of cost data across Microsoft Azure and AWS environments.
After this date, the connector will no longer be available, and all AWS-related cost and usage data—including historical data—will be removed from the service. However, previously exported Cost and Usage Reports (CURs) stored in the user’s Amazon S3 bucket will remain intact.
Microsoft recommends migrating to a new AWS cost management solution and removing the connector via the Azure Portal by following the official instructions. As an alternative, users can export data in the FOCUS (FinOps Cost and Usage Specification) format and leverage advanced analysis tools such as Microsoft Fabric to achieve unified and detailed cost reporting across multi-cloud environments.
- Reservation Exchange for Azure OpenAI Service:
Starting from February 2025, Microsoft has introduced a new feature enabling users to exchange reservations for Azure OpenAI Service directly through the Azure Portal. Reservations offer discounted rates compared to pay-as-you-go pricing and guarantee dedicated capacity for high-performance AI model execution.
This new option allows users to adjust reservations more flexibly to align with evolving operational needs. Refund requests remain available under applicable conditions. This capability marks another step forward in streamlining cost management for AI resources in Azure.
Azure Advisor
New Performance Recommendations in Azure Advisor for Azure Database for PostgreSQL (Preview)
Azure Advisor introduces new capabilities to proactively support performance management for Azure Database for PostgreSQL – Flexible Server. With three new recommendations and improvements to existing ones, users can now identify and resolve critical database performance scenarios more accurately.
For instance, long-running transactions now include the Process ID (PID) to simplify analysis, while high bloat scenarios highlight the affected database name and provide tailored resolution suggestions.
This update empowers database administrators with more detailed insights and actionable guidance for timely intervention and performance optimization.
Secure
Microsoft Defender for Cloud
New features, bug fixes, and deprecated features of Microsoft Defender for Cloud
The development of Microsoft Defender for Cloud is constantly evolving, with continuous improvements being introduced. To stay updated on the latest developments, Microsoft updates this page, which provides information on new features, bug fixes, and deprecated features. Specifically, this month’s main news includes:
- General Availability of Agentless Scanning for VMs with Customer-Managed Key (CMK) Encrypted Disks
Agentless scanning is now generally available for Azure virtual machines with disks encrypted using Customer Managed Keys (CMK). This capability is supported by both the Defender Cloud Security Posture Management (CSPM) plan and the Defender for Servers Plan 2, and applies across multi-cloud environments.
Agentless scanning provides visibility into VM vulnerabilities and risks without requiring agent installation—even when using customer-managed encrypted disks—thus simplifying security management and ensuring broader coverage.
- New Severity Levels for Security Recommendations
Microsoft has introduced an update to the severity levels used for security recommendations to enhance risk assessment and prioritization. In addition to the existing Low, Medium, and High levels, a new Critical severity level has been added.
This change enables more granular classification of security issues, allowing organizations to better focus on the most urgent threats. Customers may notice changes in the severity ratings of existing recommendations.
For those using the Defender CSPM plan, the overall risk score may also be impacted, as it now factors in both the updated severity ratings and asset context. These improvements contribute to a more effective and accurate risk management model.
- General Availability of File Integrity Monitoring via Defender for Endpoint in Azure Government
File Integrity Monitoring (FIM) powered by Microsoft Defender for Endpoint is now generally available in the Azure Government (GCCH) environment, as part of the Defender for Servers Plan 2.
This implementation enables real-time monitoring of critical files and system logs, helping organizations meet compliance requirements and detect suspicious activity by identifying file content changes.
This FIM experience replaces the legacy solution based on the Log Analytics Agent (MMA), which is being retired. While MMA-based FIM will continue to be supported in Azure Government until the end of March 2025, this release also introduces a new portal experience to streamline the migration of FIM configurations from MMA to the Defender for Endpoint-based solution.
Protect
Azure Backup
Vaulted Backup Support for Azure Files Standard Shares
Azure Backup has introduced general availability of Vaulted Backup support for Azure Files Standard Shares. This new capability enhances data protection by allowing the configuration of both snapshots and vaulted backups under a single policy, while also enabling cross-account and cross-region restore.
With this release, users benefit from:
-
Compliance with the 3-2-1 data protection rule, thanks to immutable backups and centralized management via the Azure Business Continuity Center, which provides monitoring for jobs, alerts, and reports.
-
Advanced protection against ransomware and malicious activities, enabled by features such as immutable backups and soft delete within the Recovery Services Vault.
-
Long-term retention for compliance and audit needs, with daily, monthly, and yearly backup tiers that can be retained in cost-effective storage for up to 99 years.
Vaulted Backup support for Azure Files Premium is currently available in public preview.
Please note that pricing for vaulted backups of both Standard and Premium Azure Files will be effective starting April 1, 2025.
Azure Site Recovery
Azure Site Recovery Support for Azure Trusted Launch Linux VMs (Preview)
Azure Site Recovery now supports Azure Trusted Launch virtual machines running Linux, currently available in public preview. Azure Trusted Launch VMs offer an enhanced level of security for Azure Generation 2 VMs, enabling features such as Secure Boot and vTPM (Virtual Trusted Platform Module).
With this update, customers can now protect Linux-based VMs with the same robust security guarantees already available for Windows VMs, which are already supported by Azure Site Recovery.
This enhancement improves the resilience and security of mission-critical workloads hosted in the cloud.
Azure Site Recovery: Update Rollup 77
Update Rollup 77 for Azure Site Recovery is now available, bringing key updates and optimizations to the latest platform components.
Notably, the Mobility Service now supports additional Linux distributions in Azure-to-Azure replication scenarios, including:
-
Oracle Enterprise Linux 8.10
-
AlmaLinux 8 and 9
-
Ubuntu 24.04
Additionally, support has been extended for newer kernel versions of the following distributions:
-
Debian 11 and 12
-
SUSE Linux Enterprise Server (SLES) 12 and 15
This update also includes general improvements and bug fixes, further enhancing the reliability and compatibility of Azure Site Recovery for disaster recovery scenarios.
Migrate
Azure Migrate
MySQL Discovery and Assessment in Azure Migrate (Preview)
Azure Migrate has introduced public preview support for discovery and assessment of MySQL workloads, streamlining cloud migration planning.
This new capability enables the identification of MySQL instances in on-premises environments, providing detailed insights into their configurations and assessing their suitability for migration to Azure Database for MySQL – Flexible Server.
In addition to technical assessment, the service offers detailed recommendations on the most appropriate compute and storage options, including cost estimates.
With this enhancement, Azure Migrate continues to evolve as a centralized hub for the discovery, assessment, and migration of on-premises assets to Azure—whether targeting PaaS or IaaS deployment models.
Azure Evaluation
For those who wish to explore and personally evaluate the services offered by Azure, a unique opportunity is available: by accessing this page, you can test various features and services for free. This will allow you to better understand how Azure can adapt and improve your IT operations, while ensuring security and innovation.
