Once again this month, I’m back with my recurring series focused on the evolution of Azure management and security services, with a special focus on hybrid and multicloud scenarios enabled by Azure Arc and enhanced by the use of Artificial Intelligence.
This monthly series aims to:
-
Provide an overview of the most relevant updates released by Microsoft;
-
Share operational tips and field-proven best practices to help architects and IT leaders manage complex and distributed environments more effectively;
-
Follow the evolution towards a centralized, proactive, and AI-driven management model, in line with Microsoft’s vision of AI-powered Management.
The main areas addressed in this series, together with the corresponding tools and services, are described in this article.
Security posture across hybrid and multicloud infrastructures
Microsoft Defender for Cloud
Retirement of Microsoft Defender for Cloud in Microsoft Azure operated by 21Vianet
Microsoft has announced the retirement of Microsoft Defender for Cloud in the Microsoft Azure environment operated by 21Vianet (Azure in China) due to increasing infrastructure and operational complexity, which no longer allows the expected levels of stability and effectiveness to be ensured. All related features and services will be discontinued and removed on August 18, 2026; after that date, the Defender for Cloud portal and any associated services or features in that environment will no longer be accessible. To manage the transition effectively, customers are encouraged to work with their Azure (operated by 21Vianet) account representatives to assess operational impact and plan the necessary actions; further details are available in the official documentation.
New features, bug fixes, and deprecated features of Microsoft Defender for Cloud
The development of Microsoft Defender for Cloud is constantly evolving, with continuous improvements being introduced. To stay updated on the latest developments, Microsoft updates this page, which provides information on new features, bug fixes, and deprecated features. Specifically, this month’s main news includes:
- Defender for Storage: Optional index tags for malware scan results. Defender for Storage introduces optional index tags to record the outcomes of malware scans, both on-upload and on-demand. With this capability, users can choose whether to publish results to Blob index tags (the default setting) or not use them. Enabling or disabling can be done at the subscription and storage account levels, via the Azure portal or APIs, simplifying metadata governance and integration with triage and auditing processes.
- Defender for Storage available in Azure Government. The service helps U.S. federal and government agencies secure their storage accounts, offering in Azure Government the same functional coverage as the commercial cloud. This lets security teams adopt uniform controls aligned with public-sector compliance requirements.
- Defender CSPM and Defender for Servers Plan 2 available in Azure Government. Microsoft has made both Defender Cloud Security Posture Management (CSPM) and Defender for Servers Plan 2 available in Azure Government. This enables the Department of Defense (DoD) and civilian agencies to manage cloud security posture, strengthen compliance, and benefit from advanced capabilities for server workloads. Feature coverage is aligned with the commercial cloud, facilitating consistent standards and procedures across hybrid and multicloud environments.
- AKS Security Dashboard. Within the Azure portal, the AKS Security Dashboard provides a centralized view of security posture and runtime protection for AKS clusters. The dashboard highlights software vulnerabilities, compliance gaps, and active threats, helping teams prioritize remediations. It also enables real-time monitoring of workload protection, cluster configuration, and threat-detection signals, improving the continuous prevent–detect–respond cycle.
- Aggregated storage logs in Microsoft Defender XDR Advanced Hunting (preview). The CloudStorageAggregatedEvents table is available in preview within the Advanced Hunting experience in Microsoft Defender XDR. The table brings aggregated storage activity logs from Defender for Cloud—covering operations, authentication details, access sources, and success/error counts—into a single queryable schema, reducing noise, improving query performance, and providing a high-level view of access patterns. These logs are included at no additional cost in the new Defender for Storage plan for storage accounts, enabling more effective investigations and detections.
Governance and policy management
Azure Cost Management
Updates related to Microsoft Cost Management
Microsoft is constantly seeking new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns, and optimize costs. This article reports some of the latest improvements and updates regarding this solution.
Monitoring
Azure Monitor
Azure Monitor: Tenant-level Service Health alerts (preview)
Microsoft is introducing tenant-level Service Health alerts in Azure Monitor (preview), a capability that delivers proactive notifications about service health issues that affect the entire tenant—not just individual subscriptions. Alert rules can be created with directory (tenant) scope directly from the Service Health page or via the alert-creation wizard in the Azure portal. This extension provides broader visibility and accelerates response to incidents involving tenant-scoped services; for full coverage, Microsoft recommends configuring both subscription-level and tenant-level Service Health alerts.
Log Analytics: Search Job now supports up to 100 million results
Search Job in Log Analytics enables asynchronous queries across all workspace data—including long-term retention—and can land the results in new Analytics tables for downstream analysis. The maximum size per result set has been increased from 1 million to 100 million records, enabling analysis of much larger datasets without splitting queries. This capability remains central for large-scale analytics, rapid investigations, and advanced log processing, delivering a more complete and accurate view of operational data.
Conclusions
This month strongly reaffirms the shift toward a centralized, proactive, AI-powered management model: from extending security posture across hybrid and multicloud scenarios with Defender for Cloud, to operational updates like the AKS Security Dashboard and aggregated storage logs in Advanced Hunting, through to tenant-level Service Health alerts in Azure Monitor. I urge architects and IT leaders to translate these updates into concrete actions now: plan the transition ahead of already announced deadlines (e.g., the retirement of Defender for Cloud in Azure operated by 21Vianet) and enable the new controls across your tenants and workspaces (AKS Security Dashboard, directory-scoped Service Health alerts). As always, the official documentation remains the authoritative source for details and prerequisites; in upcoming installments we will continue to follow the evolution of AI-powered management with practical guidance and field-tested best practices.
