This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Local, as officially released by Microsoft in the past two weeks.
Azure
General
Microsoft Announces New European Digital Commitments
Microsoft has introduced five new commitments to deepen its partnership with Europe, focusing on digital resilience, data privacy, cybersecurity, and competitiveness. These actions reflect Microsoft’s goal to align with European values and regulations.
1. Expanding AI and Cloud Infrastructure
Microsoft will boost its European datacenter capacity by 40% over two years, covering 16 countries. This includes public and sovereign cloud operations, and partnerships with firms like Bleu (France) and Delos Cloud (Germany). Microsoft aims to support innovation while complying with EU laws.
2. Strengthening Digital Resilience
Microsoft will operate European cloud services under a Europe-based board and uphold a Digital Resilience Commitment, pledging to challenge any external attempts to disrupt services. Code backups in Switzerland and continuity partnerships will ensure service reliability.
3. Safeguarding Data Privacy
With the EU Data Boundary project completed, Microsoft enables customers to keep data within the EU. Customers can encrypt data with their own keys, use lockboxes, and restrict Microsoft access. Microsoft also legally defends against unlawful data requests.
4. Boosting Cybersecurity
Microsoft has supported Ukraine and NATO with $500 million in cybersecurity aid and intelligence. A new Deputy CISO for Europe will oversee compliance with EU cybersecurity regulations like DORA and CRA. Independent audits will confirm adherence.
5. Supporting Competitiveness and Open Source
Through its AI Access Principles, Microsoft ensures open access to over 1,800 AI models, many of them open-source. The company supports European businesses and research institutions in applying AI, and commits to continued local collaboration.
These commitments underline Microsoft’s long-term dedication to Europe’s digital future and its respect for local governance.
Semantic Ranker for Azure AI Search now available on ItalyNorth
The Semantic Ranker feature in Azure AI Search is now generally available in the ItalyNorth region. This capability enhances the relevance of search results by using deep learning models to understand the semantic meaning behind user queries. It enables more accurate and contextually appropriate responses, particularly beneficial for AI-powered applications requiring advanced search functionalities.
Azure Functions Flex Consumption plan hosting now available on ItalyNorth
The Flex Consumption plan for Azure Functions is now available in the ItalyNorth cloud region. This Linux-based hosting option builds upon the pay-as-you-go Consumption model, offering greater flexibility and customization. It introduces capabilities such as private networking, selectable instance memory sizes, and rapid, large-scale out scenarios—all while maintaining a serverless billing model. This provides developers with enhanced control over their serverless workloads without compromising on scalability or cost-efficiency.
UAE North regional availability with Microsoft Dev Box
Microsoft Dev Box is now available in the United Arab Emirates (UAE) North region. This expansion enables customers in the UAE and nearby areas to provision developer workstations closer to their users and data sources, enhancing performance and ensuring compliance with data residency requirements. With this regional support, organizations can now benefit from faster provisioning times and improved network performance for Dev Box environments.
Compute
Azure Compute Fleet
Azure Compute Fleet is now generally available across all Azure regions, offering a scalable and flexible way to deploy up to 10,000 virtual machines in a single fleet. This service intelligently selects and provisions VM instances that match specified parameters—such as core count, RAM, region, pricing model, and VM SKU—ensuring optimal resource allocation for diverse workloads. Azure Compute Fleet also includes robust management features to automatically adjust deployment based on factors like Spot VM evictions, capacity shortages, and cost optimization needs. It is particularly valuable for customers requiring dynamic scaling with a wide variety of VM configurations.
Instance Mix for Virtual Machine Scale Sets
Instance mix is now generally available for Virtual Machine Scale Sets, enabling the use of multiple VM sizes within a single scale set deployment. This new feature offers enhanced flexibility and cost optimization by allowing customers to specify a mix of VM sizes tailored to their workload requirements. It also includes allocation strategies that can prioritize either price or capacity based on customer preferences. With instance mix, deployments benefit from increased capacity availability and simplified management of diverse VM resources within a unified scale set. In addition, customers leveraging Spot Priority Mix can combine both Spot and On-Demand VM instances, further increasing their ability to secure necessary capacity at optimized costs.
Improve the security of Generation 2 VMs via Trusted Launch in Azure DevTest Labs (preview)
Trusted Launch is now available in public preview for Generation 2 virtual machines (Gen2 VMs) within Azure DevTest Labs. This feature introduces a set of coordinated infrastructure technologies that enhance protection against sophisticated and persistent threats. By leveraging Trusted Launch, users can enable key security capabilities—such as secure boot and virtual TPM—independently, thereby hardening their Gen2 VMs without significant configuration overhead. This enhancement is part of Azure’s ongoing efforts to provide secure-by-default infrastructure for development and testing environments.
Improve the security of Generation 2 VMs via Trusted Launch in Azure DevTest Labs (preview)
Trusted Launch is now available in public preview for Generation 2 virtual machines (Gen2 VMs) within Azure DevTest Labs. This feature introduces a set of coordinated infrastructure technologies that enhance protection against sophisticated and persistent threats. By leveraging Trusted Launch, users can enable key security capabilities—such as secure boot and virtual TPM—independently, thereby hardening their Gen2 VMs without significant configuration overhead. This enhancement is part of Azure’s ongoing efforts to provide secure-by-default infrastructure for development and testing environments.
Networking
Azure Firewall integration in Security Copilot
The integration of Azure Firewall with Microsoft Security Copilot enhances the way analysts investigate threats by leveraging natural language interactions. This feature enables users to analyze malicious traffic intercepted by the Intrusion Detection and Prevention System (IDPS) across all deployed firewalls without writing complex KQL queries. Through either the Security Copilot portal or the Copilot in Azure experience, users can: retrieve the top IDPS signature hits, enrich threat profiles with additional intelligence, perform fleet-wide signature searches across tenants, and generate environment-specific security recommendations. This integration streamlines threat analysis and empowers teams with faster, more actionable insights.
Azure Firewall Log Tables Now Supported in Azure Monitor Basic Plan
All resource-specific log tables for Azure Firewall now support the Azure Monitor Basic log plan. This addition enables customers to reduce their logging costs by up to 80%. While this plan provides significant savings, it is important to note that it does not support integrations with Policy Analytics or Microsoft Security Copilot. Organizations looking to balance cost efficiency with basic firewall logging capabilities may find this update especially beneficial.
Next hop IP support for Virtual WAN
Azure Virtual WAN has introduced support for Next hop IP, enhancing routing flexibility for complex networking scenarios. The virtual hub router within Azure Virtual WAN can now peer with Network Virtual Appliances (NVAs) or BGP-enabled endpoints to exchange routes directly. This enables customers to advertise routes for virtual machines that reside behind load balancers, streamlining traffic flows and optimizing network architecture across virtual hubs. This improvement significantly simplifies route management in hybrid and large-scale cloud networks.
Azure virtual network terminal access point (TAP) (preview)
Azure Virtual Network TAP is now in public preview, offering a powerful way to stream virtual machine network traffic directly to packet collectors or analysis tools. This agentless solution eliminates the need for additional appliances or changes to existing network topologies, enabling transparent traffic mirroring with zero impact on VM performance. Furthermore, mirrored traffic does not count against the VM’s bandwidth quota. With broad compatibility across third-party tools, Virtual Network TAP facilitates robust integration into existing security and monitoring frameworks—an essential advancement for organizations requiring deep network visibility in their cloud environments.
Azure WAF CAPTCHA Challenge for Azure Front Door (preview)
Azure Web Application Firewall (WAF) for Azure Front Door now includes CAPTCHA challenge support in public preview. This new capability introduces an adaptive layer of defense to mitigate threats from automated attacks such as bots, scrapers, and brute-force attempts, which often bypass traditional protections like IP filtering or rate limiting. By requiring real-time human verification through an interactive CAPTCHA, this feature enhances application security while maintaining usability for legitimate users. It provides a modern and effective way to safeguard web applications from malicious automated traffic.
Storage
Next-Generation Azure Data Box Devices Now Available
Microsoft has announced the general availability of the next-generation Azure Data Box 120 and Azure Data Box 525. These compact, NVMe-based devices are now available for order in the US, US Gov, Canada, EU, and UK Azure regions, with broader regional availability expected soon. Since their preview debut at Ignite ’24, these devices have successfully facilitated petabyte-scale data ingestion across numerous customer projects and industry verticals. Customers have reported up to 10x improvements in data transfer speeds, citing enhanced reliability and efficiency as key benefits. The design of these devices is based on extensive customer feedback and reflects the growing demands of large-scale data migrations. Azure Data Box continues to offer one of the most cost-effective solutions for offline data transfers, with a competitive price per terabyte and seamless ordering through the Azure portal.
Cross-Region Data Transfer Support in Azure Data Box
Azure Data Box now supports cross-region data transfer for all Azure region pairs, marking a significant enhancement in flexibility for distributed storage strategies. Customers can now upload data from any on-premises location directly to any Azure region, eliminating the need to physically transport the device across commerce boundaries. For example, data collected in Japan can be uploaded to an Azure data center in the European Union, while the Data Box itself remains within Japan. The transfer is carried out over the Azure network at no additional cost, making this feature particularly valuable for global enterprises managing multi-regional data workloads.
Azure Files: Metadata Cache for Azure SSD (Premium) SMB
Azure Files has introduced a new enhancement that significantly improves metadata operations performance for both SMB and REST protocols. This capability is automatically available at no extra cost and benefits both new and existing file shares. Whether used to support critical business applications, streamline DevOps workflows, or provide storage for large-scale virtual desktop environments, Azure Files now offers improved speed, scalability, and performance optimization. This update reinforces Azure Files as a high-performance storage option for demanding enterprise workloads.
Azure Premium SSD v2 and Ultra Disk Storage Now Available in Australia Central 2 and Norway West
Azure Premium SSD v2 and Ultra Disk Storage have been made generally available in the Australia Central 2 and Norway West regions. Azure Ultra Disk Storage provides high throughput, elevated IOPS, and consistently low latency, making it an optimal choice for data-heavy applications such as SAP HANA, high-performance databases, and applications requiring intensive transactional operations. Azure Premium SSD v2, designed as a next-generation block storage solution, delivers sub-millisecond latencies and cost-efficient performance for IO-intensive workloads. It is ideal for a wide spectrum of enterprise production scenarios, including SQL Server, Oracle, MariaDB, SAP, big data analytics, gaming on virtual machines, and stateful containers.
Cross-tenant customer-managed keys for Azure NetApp Files volume encryption (preview)
A new feature in public preview enables cross-tenant customer-managed keys (CMK) for Azure NetApp Files volume encryption. This capability allows end users to manage their own encryption keys across different Azure tenancies, rather than relying on the SaaS provider’s key management. Particularly useful in SaaS provider-to-customer models, it ensures that customers maintain full control over their data protection. Available in all regions that support Azure NetApp Files, this enhancement provides increased flexibility and transparency in key management strategies for both providers and consumers.
Azure Local
Azure Local 2504: new OS version, feature enhancements, and improved update experience
The 2504 release of Azure Local introduces several enhancements aimed at improving performance, security, and manageability. New deployments now use OS version 261000.3775, while existing systems remain on version 23598.1551. Customers can obtain this OS image and compatible drivers through the Azure portal or via their OEM partners.
Significant improvements have been made in several areas. .NET update installations are now more reliable, and update processes benefit from enhanced health checks and simplified tracking via the Azure portal. Registration and deployment processes are more flexible, allowing customers to select from up to six supported software versions, and error logging has been improved.
Security is also strengthened: Dynamic Root of Trust for Measurement (DRTM) is now enabled by default for new deployments. Azure Local VMs gain new capabilities, such as data disk expansion and live migration for VMs using GPU partitioning (GPU-P), provided the latest NVIDIA vGPU drivers are used.
Additional changes include renamed OEM licenses to reflect Azure Local branding, improved handling of solution extensions, a new crash dump collection feature for observability, and updates to billing logic for newer deployments. Documentation for version 22H2 will be archived after May 31, 2025.
Conclusion
Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Local. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.