Once again this month, I’m back with my recurring series focused on the evolution of Azure management and security services, with a special focus on hybrid and multicloud scenarios enabled by Azure Arc and enhanced by the use of Artificial Intelligence.
This monthly series aims to:
-
Provide an overview of the most relevant updates released by Microsoft;
-
Share operational tips and field-proven best practices to help architects and IT leaders manage complex and distributed environments more effectively;
-
Follow the evolution towards a centralized, proactive, and AI-driven management model, in line with Microsoft’s vision of AI-powered Management.
The main areas addressed in this series, together with the corresponding tools and services, are described in this article.
Hybrid and multicloud environment management
Azure Arc
Azure Kubernetes Fleet Manager for Arc-enabled clusters
Azure Kubernetes Fleet Manager is expanding beyond Azure with the introduction of support for Arc-enabled Kubernetes clusters. This enables organizations to manage Kubernetes environments distributed across Azure, Azure Local, and other infrastructures connected through Azure Arc from a single control plane.
This evolution makes it possible to organize AKS clusters running on Azure Local and other Arc-enabled clusters within a fleet, consistently applying updates, policies, and workload deployments. The benefits are particularly evident for organizations running Kubernetes across multiple locations, datacenters, or edge environments, where cluster-by-cluster management can quickly become complex.
By extending the fleet management model to Arc-enabled scenarios, Microsoft is strengthening its vision of centralized, consistent, and scalable Kubernetes governance spanning cloud, on-premises, and distributed infrastructures.
Security posture across hybrid and multicloud infrastructures
Microsoft Defender for Cloud
Microsoft Foundry agent security in Microsoft Defender for Cloud and transition to Microsoft Agent 365 (preview)
Microsoft has announced that, starting July 1, 2026, the security capabilities for Microsoft Foundry agents previously available through Microsoft Defender for Cloud will transition to Microsoft Agent 365 licensing.
Agent protection in Defender will be powered by Agent 365 observability logs, further strengthening the connection between AI agent security, monitoring, and governance. This evolution reflects an important shift in how Microsoft is structuring security for agentic scenarios: protection is no longer limited to traditional cloud resources but also encompasses visibility, control, and behavioral assessment of AI agents.
For organizations beginning to adopt agentic models and Microsoft Foundry-based solutions, it is therefore becoming essential to consider agent licensing, observability, and security posture as part of their overall cloud security strategy.
Microsoft Defender security assessments for Azure Database for PostgreSQL (preview)
Microsoft Defender is introducing security assessments for Azure Database for PostgreSQL in Public Preview, enabling organizations to continuously evaluate the security posture of PostgreSQL databases managed on Azure.
These assessments help identify risks, suboptimal configurations, and opportunities to improve the protection of data workloads. In a context where databases represent some of the most sensitive assets within an application environment, integrated assessments in Microsoft Defender allow security and operations teams to adopt a more proactive approach.
The capability shifts the focus from incident detection alone to prevention, providing actionable recommendations to strengthen configurations, access controls, and security safeguards.
Broader multicloud coverage for AWS and Google Cloud
Defender for Cloud is expanding its security posture assessment capabilities for AWS and Google Cloud by adding approximately 90 new resource types and more than 200 recommendations across data, identity, networking, compute, and container environments.
The new assessments contribute to the Cloud Secure Score. As a result, changes to the score may be caused by the broader assessment scope rather than by an actual deterioration in security posture.
The portal also introduces dedicated labels and a change log to explain the impact of newly added recommendations.
Cloud security reporting in the Microsoft Defender portal
Cloud security reporting capabilities are now available in the Microsoft Defender portal. Organizations can create, customize, and share cloud security reports using predefined templates or fully customized reports.
Individual report cards can also be configured to display the data most relevant to operational, governance, or executive reporting requirements.
API security posture management for Function Apps and Logic Apps
Defender CSPM is extending its API discovery and posture assessment capabilities to Azure Function Apps and Azure Logic Apps.
Defender for Cloud can automatically identify APIs that are unauthenticated, exposed to the internet, inactive, or configured to accept unencrypted traffic. Associated risks can also be investigated through Cloud Security Explorer and attack path analysis.
Extended container support in cloud scopes
Cloud scopes now support Kubernetes namespaces and clusters, multicloud container registries, and artifact repositories.
These new resource types allow organizations to structure containerized resources around more granular operational boundaries, simplifying access delegation and the application of security controls across multicloud environments.
SQL Vulnerability Assessment Express for Managed Instance and Synapse
SQL Vulnerability Assessment Express Configuration is now available for Azure SQL Managed Instance and Azure Synapse Analytics.
Express Configuration removes the need to manage a dedicated storage account while retaining automatic and on-demand scans, assessment rules, and baselines.
A new unified REST API also simplifies service management across the main Azure SQL workloads and servers enabled through Azure Arc.
Security posture management for serverless containers (preview)
Defender for Cloud is introducing discovery and posture assessment capabilities for Azure Container Apps and Azure Container Instances.
The capability provides asset inventory visibility, recommendations for configuration issues, vulnerability assessment findings, and attack path analysis, extending CSPM controls to serverless container workloads.
Enforcement of Kubernetes misconfigurations (preview)
Defender for Containers can now evaluate Kubernetes configurations during the admission phase.
Rules can be applied in either Audit or Block mode, preventing the deployment of resources that do not comply with Microsoft security best practices. This capability complements post-deployment controls with preventive protection before resources are admitted into the cluster.
Vulnerability assessment for runtime images and Kubernetes nodes on EKS and GKE (preview)
Defender for Cloud is extending its vulnerability assessment capabilities to Amazon EKS and Google Kubernetes Engine environments. The assessment covers both container images discovered directly while workloads are running and the underlying Kubernetes nodes.
The platform can therefore analyze images that were not previously detected in container registries, identify operating-system-level vulnerabilities, determine which node pools are affected, and recommend upgrades to fixed versions of Kubernetes or the operating system.
The capability requires the AWS or Google Cloud environment to be onboarded to Defender for Cloud. Agentless scanning must also be enabled to assess Kubernetes nodes. Expanding the scanning scope may result in additional costs.
Defender for open-source databases on Amazon RDS
Defender for Open-Source Relational Databases is now available for Amazon RDS.
The service provides threat protection and sensitive data discovery for Aurora PostgreSQL, Aurora MySQL, PostgreSQL, MySQL, and MariaDB.
Environments that were already enabled during the preview will be upgraded automatically, while service billing begins in June 2026.
Container-level Kubernetes recommendations (preview)
Defender CSPM is introducing agentless recommendations that analyze the configuration of individual containers rather than aggregating findings at the cluster level.
The assessments cover privileged containers, root user usage, resource limits, Linux capabilities, file systems, trusted registries, and access to API credentials.
This increased level of granularity makes anomalies easier to assign to the appropriate owners and more straightforward to remediate.
AKS upgrade recommendation (preview)
The new “Upgrade Azure Kubernetes Service Version” recommendation supports the remediation of vulnerabilities detected in system pods managed by AKS.
Defender for Cloud identifies a cluster upgrade as the appropriate remediation path, enabling teams to distinguish between issues that can be resolved within individual workloads and those that require an update to the underlying Kubernetes platform.
Serverless protection for Azure and AWS
Serverless protection is now available for Azure Web Apps, Azure Functions, and AWS Lambda.
Defender for Cloud discovers these resources and assesses them for configuration issues, vulnerabilities, and insecure dependencies, providing a centralized view of security posture for serverless applications distributed across Azure and AWS.
Backup & Resilience
Azure Infrastructure Resiliency Manager (preview)
Azure Infrastructure Resiliency Manager is now available in Public Preview, introducing a unified, goal-oriented experience for designing, assessing, and improving the resilience of Azure workloads.
The capability enables teams to analyze zone-level resilience, identify architectural gaps, run simulations, receive targeted recommendations, and improve recovery readiness before an incident occurs.
This approach is particularly valuable because it shifts resilience from a point-in-time, often manual assessment to a more continuous and structured process. For architects and IT leaders, Azure Infrastructure Resiliency Manager can become a useful tool for validating architectural decisions, verifying alignment with business continuity objectives, and strengthening the organization’s ability to respond to infrastructure or application failures.
Azure Backup
Vaulted backups for Azure Cosmos DB (preview)
Azure Backup is introducing support for vaulted backups for Azure Cosmos DB in Public Preview, providing a secure, isolated, and fully managed backup solution for mission-critical and globally distributed applications.
With this capability, backup copies are stored in an Azure Backup vault that is separate from the source Cosmos DB account, creating an additional layer of protection outside the production environment.
The model supports policy-based backups, with automated scheduling, retention, and lifecycle management. Isolating recovery points helps protect data against accidental or malicious deletion, credential compromise, insider threats, and ransomware scenarios.
Support for long-term retention, together with controls such as encryption, soft delete, immutability, and Role-Based Access Control (RBAC), further strengthens the security and compliance posture of Cosmos DB data.
Snapshot backup for SQL Server on Azure VMs (preview)
Azure Backup is introducing support for snapshot-based backup for SQL Server running on Azure Virtual Machines in Public Preview.
This capability combines Azure disk snapshots with native SQL Server transaction log backups, enabling near-instantaneous, low-impact full backups, even for large databases.
The primary benefit is a reduction in the operational window required to perform application-consistent backups, while also improving data protection and recovery capabilities.
For organizations running mission-critical SQL Server workloads on Azure IaaS, this preview represents a significant evolution toward more efficient data protection strategies, particularly in scenarios where performance, backup duration, and Recovery Point Objective (RPO) are critical considerations.
Azure Site Recovery
Azure Site Recovery support for Linux VMs with NVMe controllers (preview)
Azure Site Recovery is introducing support in Public Preview for replication and disaster recovery of Azure Linux virtual machines based on NVMe controllers in Azure-to-Azure scenarios.
This includes NVMe-enabled Generation 2 VM families such as Da/Ea/Fa v6 and Ebsv5/Ebdsv5.
This enhancement expands protection options for modern Linux workloads running on newer, higher-performance virtual machine families. NVMe support is particularly important for applications with demanding I/O performance requirements that may previously have faced limitations when defining a business continuity strategy based on Azure Site Recovery.
With this preview, Microsoft is further extending the coverage of the service, making it easier to protect critical Linux workloads and maintain a consistent approach to application resilience across Azure.
Monitoring
Azure Monitor
Native ingestion of OTLP signals into Azure Monitor
Azure Monitor now provides generally available support for the native ingestion of OpenTelemetry Protocol (OTLP) signals, enabling telemetry generated by applications and platforms already instrumented with OpenTelemetry to be sent directly to Azure Monitor.
This evolution represents an important step toward a more open and standardized observability model, reducing the need for intermediary components or custom integrations.
For organizations adopting cloud-native, hybrid, or distributed architectures, the ability to collect metrics, logs, and traces through a widely adopted standard simplifies the development of a consistent and scalable monitoring strategy that can be more easily integrated with tools already present in the IT ecosystem.
Service Level Indicators and Service Level Objectives in Azure Monitor
Azure Monitor now includes generally available support for Service Level Indicators (SLIs) and Service Level Objectives (SLOs), providing IT and application teams with a clearer way to measure service reliability from the user experience perspective.
The objective is no longer limited to observing infrastructure metrics such as CPU, memory, or the availability of individual resources. Monitoring can instead be correlated with signals that more closely reflect the outcomes experienced by end users.
This approach enables teams to define measurable service objectives, monitor compliance with reliability thresholds, and respond more proactively when application behavior deviates from expected levels.
In complex Azure, hybrid, or multicloud environments, SLIs and SLOs help shift the focus from purely technical resource monitoring to broader service quality governance.
Simple log alerts in Azure Monitor
Azure Monitor has made Simple log alerts generally available, introducing a capability designed to simplify the creation and management of log-based alerts.
This enhancement provides a more intuitive experience for detecting anomalous conditions, recurring events, or relevant operational signals without requiring teams to build complex alerting logic.
For teams managing distributed environments, where logs and diagnostic signals originate from multiple Azure services, servers, applications, and resources connected through Azure Arc, a simplified alerting model can deliver tangible operational efficiency.
The goal is to reduce the time required to turn collected data into action, improving the ability to identify and respond promptly to infrastructure or application issues.
OpenTelemetry metrics and advanced monitoring for Azure VMs and Arc-enabled servers
Azure Monitor has made OpenTelemetry metrics, new visualizations, and advanced monitoring capabilities for Azure Virtual Machines and Arc-enabled servers generally available.
This evolution brings multiple observability capabilities together within a single experience, providing a more consistent view of the operational health of Azure virtual machines and servers managed through Azure Arc.
The value is particularly significant in hybrid scenarios, where IT teams must monitor workloads distributed across the public cloud, datacenters, edge locations, and environments outside Azure.
Through OpenTelemetry integration and more intuitive visualizations, teams can analyze performance more effectively, identify anomalies, and correlate signals across different infrastructures, moving closer to a centralized and data-driven management model.
New experience for Summary Rules in Log Analytics
Microsoft has introduced a new Azure portal experience for managing Summary Rules in Log Analytics.
Summary Rules make it possible to aggregate high-volume log data at a defined frequency and store the results in summary tables. This can improve query performance, simplify reporting, and support scenarios where the level of retained data detail needs to be reduced or rationalized.
The capability is particularly useful in complex and distributed environments, where log volumes can grow rapidly and make operational information more difficult to interpret.
An additional benefit is the ability to ingest logs using a lower-cost tier and summarize only the most relevant information into the Analytics tier. This helps optimize the balance between observability, performance, and efficient data management.
The new portal experience makes these rules easier to configure and use, supporting a more proactive approach to log management and the creation of high-value operational views.
Conclusions
The June 2026 updates confirm an increasingly clear evolution toward a unified, proactive, and resilience-oriented management model for cloud, hybrid, and multicloud environments.
Azure Arc continues to serve as the connecting layer for governing distributed infrastructures, while Microsoft Defender for Cloud progressively expands its scope to include Kubernetes workloads, APIs, serverless services, open-source databases, and AI agents.
At the same time, services such as Azure Infrastructure Resiliency Manager and the latest Azure Backup and Azure Site Recovery capabilities strengthen organizations’ ability to prevent disruptions and prepare for recovery scenarios in a more structured manner.
Based on practical experience, the recommendation is therefore not to assess these capabilities as isolated updates, but to incorporate them into a comprehensive roadmap that integrates governance, security posture, resilience, and monitoring.
Before enabling them at scale, organizations should also verify prerequisites, availability status, licensing implications, and potential cost variations, particularly in multicloud scenarios and for capabilities that are still in preview.
The challenge is no longer simply to gain visibility across increasingly distributed environments, but to transform telemetry, recommendations, and security signals into timely operational decisions.
It is precisely through this ability to correlate management, protection, and observability that Microsoft’s AI-powered Management model takes shape: an approach in which automation and artificial intelligence support IT teams, helping them govern complexity and continuously improve reliability, security, and operational efficiency.