Category Archives: Announcements and updates

Azure IaaS and Azure Stack: announcements and updates (June2021 – Weeks: 23 and 24)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.



Confidential Computing price reduction on DCsv2 virtual machines

DCsv2-series protects the confidentiality and integrity of your data and code while it’s processed in the public cloud. Microsoft is announcing a price reduction on DCsv2-series Azure Virtual Machines by 37%. The new pricing is effective June 1st, 2021, and applies to all the regions where DCsv2-series is available.

New datacenter region in Arizona

Microsoft is launching a new sustainable datacenter region in Arizona, known as “West US 3.” For more details you can read “Expanding cloud services: Microsoft launches its sustainable datacenter region in Arizona“.

Azure Virtual Machines DCsv2-series are available in Australia

Confidential computing DCsv2-series virtual machines (VMs) are now available in Australia East, Austria Southeast will launch in the coming weeks to provide disaster recovery capabilities.


Azure Blob index tags

Prior to index tags, solutions that required the ability to quickly find specific objects in a blob container would need to keep a secondary catalog. Blob index tags provides a built in capability to add tags and then quickly query for or filter using this information. This provides a simpler solution without requiring a separate query system. This includes the ability to set index tags both upon upload or after upload. You can utilize these indexes as part of lifecycle management that automates deletion and movement between tiers.


New Azure private MEC solution announced

An evolution of Private Edge Zones, Azure private multi-access edge compute (MEC) expands the scope of possibilities from a single platform and service to a combination of edge compute, multi-access networking stacks, and the application services that run together at the edge. These capabilities help simplify integration complexity and securely manage services from the cloud for high-performance networking and applications.

In addition to the Azure private MEC solution, we are announcing the following Microsoft and partner services and solutions:

  • New Azure Network Function Manager (public preview) service
  • Metaswitch Fusion Core third-party services on Azure Stack Edge
  • Affirmed Private Network Service third-party service on Azure Stage Edge
  • New Azure Marketplace solutions from our partners’

Default Rule Set 2.0 for Azure Web Application Firewall (preview)

The Default Rule Set 2.0 (DRS 2.0) for Azure Web Application Firewall (WAF) deployments running on Azure Front Door is in preview. This rule set is only available on the Azure Front Door Premium SKU. DRS 2.0 includes the latest changes to our rule set, including the addition of anomaly scoring. With anomaly scoring, incoming requests are assigned an anomaly score when they violate WAF rules and an action is taken only when they breach an anomaly threshold. This helps drastically reduce false positives for customer applications. Also included in DRS2.0 are rules powered by Microsoft Threat Intelligence which offer increased coverage and patches for specific vulnerabilities.

Azure IaaS and Azure Stack: announcements and updates (June 2021 – Weeks: 21 and 22)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.



Azure Storage Blob inventory is now available in all public regions (preview)

Azure blob storage inventory provides you the ability to understand the total number of objects, their size, tier, and other information to gain insight into your object storage estate. Inventory can be used with Azure Synapse to calculate summaries by container. Microsoft has expanded preview to all public regions for blob inventory.

Key Rotation and Expiration Policies

Key rotation is one of the best security practices to reduce the risk of secret leakage for enterprise customers. Customers using Azure Storage account access keys can rotate their keys on demand, in the absence of key expiry dates and policies customers find it difficult to enforce and manage this key rotation automatically. The new feature will allow you to not only set key expiration duration but also add policies that can mandate anyone deploying storage endpoints to specify key rotation duration. Furthermore, you would be able to monitor key expiration and set alerts if a key is about to expire. For accounts that are nearing key expiry, you can rotate the keys using APIs, CLI, Powershell, or Azure Portal.


ExpressRoute Global Reach Pricing Reduction

Microsoft is annoucing a 50% decrease in the data transfer price for ExpressRoute Global Reach. This pricing change will go into effect as of June 1, 2021. For more information about ExpressRoute Global Reach pricing, visit the ExpressRoute Pricing webpage.

Azure Stack

Azure Stack HCI

Azure Kubernetes Service (AKS) on Azure Stack HCI

Azure Kubernetes Services (AKS) on Azure Stack HCI simplifies the Kubernetes cluster deployment on Azure Stack HCI. It offers hybrid capabilities and consistency with Azure Kubernetes Service for ease of app portability and management. You can take advantage of familiar tools and capabilities to modernize both Linux and Windows .NET apps on-premises. Furthermore, its built-in security enables you to deploy your modern applications anywhere: cloud, on-premises, and edge.

Free Trial Now Available

The Azure Stack HCI team has extended the built-in free software trial from 30 days to 60 days giving more time for customers and partners to evaluate their virtual workloads on Azure Stack HCI in planning their purchase decision. There’s nothing you need to do to enable the trial duration, it’s been automatically extended.

Available in China

Azure Stack HCI is now available in the China cloud – making it very easy to get all the benefits of Azure Stack HCI.

New feature called Network ATC

The next update available to Azure Stack HCI subscribers will be 21H2 which is in preview right now. With this update comes a new feature called Network ATC, which simplifies the deployment and management of networking on your HCI hosts.

If you’ve deployed Azure Stack HCI previously, you know that network deployment can pose a significant challenge. You might be asking yourself:

  • How do I configure or optimize my adapter?
  • Did I configure the virtual switch, VMMQ, RDMA, etc. correctly?
  • Are all nodes in the cluster the same?
  • Are we following the best practice deployment models?
  • (And if something goes wrong) What changed!?

So, what does Network ATC actually set out to solve? Network ATC can help:

  • Reduce host networking deployment time, complexity, and errors
  • Deploy the latest Microsoft validated and supported best practices
  • Ensure configuration consistency across the cluster
  • Eliminate configuration drift

Network ATC does this through some new concepts, namely “intent-based” deployment. If you tell Network ATC how you want to use an adapter, it will translate, deploy, and manage the needed configuration across all nodes in the cluster.

Azure IaaS and Azure Stack: announcements and updates (May 2021 – Weeks: 19 and 20)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.



Zone redundant storage (ZRS) option for Azure managed disks (preview)

Zone redundant storage (ZRS) option for Azure managed disks is now available on Premium SSDs and Standard SSDs in public preview in: West Europe, North Europe, West US 2 and France Central regions. Disks with ZRS provide synchronous replication of data across the zones in a region, enabling disks to tolerate zonal failures which may occur due to natural disasters or hardware issues. Disks with ZRS maintain three consistent copies of the data in distinct Availability Zones in a region, making them tolerant to outages. They also allow you to maximize your virtual machine availability without the need for application-level replication of data across zones, which is not supported by many legacy applications such as old versions of SQL or industry-specific proprietary software. This means that, if a virtual machine becomes unavailable in an affected Zone, you can continue to work with the disk by mounting it to a virtual machine in a different zone. You can also use the ZRS option with shared disks to provide improved availability for clustered or distributed applications like SQL FCI, SAP ASCS/SCS or GFS2.

Lower pricing for provisioned throughput on Azure Ultra Disks

Microsoft is announcing a price reduction on provisioned throughput for Azure Ultra Disks by 65%. The new pricing is effective May 1st, 2021, and applies to all the regions where Ultra Disks are available. Azure Ultra Disks offer high throughput, high IOPS, and consistent low latency disk storage for Azure Virtual Machines (VMs).

Azure NetApp Files: Application Consistent Snapshot tool (AzAcSnap)

The Azure Application Consistent Snapshot tool (AzAcSnap) is a command-line tool enables you to simplify data protection for third-party databases (SAP HANA) in Linux environments (for example, SUSE and RHEL). Since the January 2021 preview announcement, AzAcSnap has seen wide adoption among enterprise customers for fast backup of Azure NetApp Files volumes including multi-TB databases and scale-out scenarios for SAP HANA. Now it is available.

Azure File Sync agent v12.1

The v12.0 agent release had two bugs which are fixed in this release:

  • Agent auto-update fails to update the agent to a later version.
  • FileSyncErrorsReport.ps1 script does not provide the list of per-item errors.

If agent version 12.0 is installed on your servers, you will need to update to v12.1 using Microsoft Update or Microsoft Update Catalog (see installation instructions in KB4588751).

More information about this release:

  • This update is available for Windows Server 2012 R2, Windows Server 2016 and Windows Server 2019 installations.
  • The agent version for this release is
  • A restart may be required if files are in use during the installation.
  • Installation instructions are documented in KB4588751.


Virtual Network peering support for Azure Bastion

Azure Bastion and VNet peering can be used together. When VNet peering is configured, you don’t have to deploy Azure Bastion in each peered VNet. This means if you have an Azure Bastion host configured in one virtual network (VNet), it can be used to connect to VMs deployed in a peered VNet without deploying an additional Bastion host.

Azure VPN Client for macOS (preview)

Azure VPN Client for macOS, with support for native Azure AD, certificate-based, and RADIUS authentication for OpenVPN protocol is in public preview. Native Azure AD authentication support is highly desired by organizations as it enables user-based policies, conditional access, and multi-factor authentication (MFA) for P2S VPN. Native Azure AD authentication requires both Azure VPN gateway integration and the Azure VPN Client to obtain and validate Azure AD tokens. With the Azure VPN Client for macOS, customers can use user-based policies, Conditional Access, as well as Multi-factor Authentication (MFA) for their Mac devices.

Application Gateway Mutual Authentication (preview)

Azure Application Gateway now supports the ability to perform frontend mutual authentication. In addition to the client authenticating Application Gateway in a request, Application Gateway can now also authenticate the client. You can upload multiple client Certificate Authority (CA) certificate chains for Application Gateway to use for client authentication. Additionally, Application Gateway also allows you to configure listener specific SSL policies. You can choose to enable mutual authentication at a per listener level on your gateway, as well as choose to pass client authentication information to the backends through server variables. This feature enables scenarios where Application Gateway needs to authenticate the client in addition to the client authenticating Application Gateway.

Azure ExpressRoute: 5 New Peering Locations Available

New peering locations are now available for ExpressRoute:

  • Bogota
  • Madrid
  • Sao Paulo
  • Rio de Janeiro
  • Toronto2

With this announcement, ExpressRoute is now available across 75 global commercial Azure peering locations.

Azure IaaS and Azure Stack: announcements and updates (May 2021 – Weeks: 17 and 18)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.



Azure Hybrid Benefit for Linux with RI and VMSS Support

Azure Hybrid Benefit is available for Linux, extending the ability to easily migrate RHEL and SLES servers to Azure beyond existing pay-as-you-go instances to include support for Azure Reserved Instance (RI) and virtual machine scale set (VMSS).

While previous Bring-Your-Own-Subscription cloud migration options available to Red Hat and SUSE customers allowed them to use their pre-existing RHEL and SLES subscriptions in the cloud, Azure Hybrid Benefit for Linux improves upon this with several capabilities unique to Azure making enterprise Linux cloud migration even easier than before:

  • Applies to all Red Hat Enterprise Linux and SUSE Linux Enterprise Server pay-as-you-go images available in the Azure Marketplace or Azure Portal. No need to provide your own image.
  • Save time with seamless post-deployment conversions—production redeployment is unnecessary. Simply convert the pay-as-you-go images used during your proof-of-concept testing to bring-your-own-subscription billing.
  • Lower ongoing operational costs with automatic image maintenance, updates, and patches: Microsoft maintains the converted RHEL and SLES images for you.
  • Enjoy the convenience of unified user interface integration with the Azure CLI, providing the same UI as other Azure virtual machines, as well as scalable batch conversions.
  • Get co-located technical support from Azure, Red Hat, and SUSE with just one ticket.
  • Combine with recently announced Red Hat and SUSE support for Azure shared disks to lift-and-shift failover clusters and parallel file systems, like Global File System.
  • Fully compatible with Azure Arc, providing end-to-end hybrid cloud operations management for Windows, RHEL, and SLES servers in one solution.

New Azure VMs for general purpose and memory intensive workloads (preview)

The new Dv5, Dsv5, Ddv5, Ddsv5, and Ev5, Edv5 series Azure Virtual Machines, now in preview, are based on the 3rd Generation Intel® Xeon® Platinum 8370C (Ice Lake) processor in a hyper-threaded configuration. This custom processor can reach an all-core Turbo clock speed of up to 3.5GHz and features Intel® Turbo Boost Technology 2.0, Intel® Advanced Vector Extensions 512 (Intel® AVX-512) and Intel® Deep Learning Boost. These new offerings deliver a better value proposition for general-purpose, and memory intensive workloads compared to the prior generation (e.g., increased scalability and an upgraded CPU class) including better price to performance.

The Dv5, Dsv5, Ddv5, Ddsv5 VM sizes offer a combination of vCPUs and memory able to meet the requirements associated with most general-purpose workloads and can scale up to 96 vCPUs. The Ddv5 and Ddsv5 VM sizes feature high performance, large local SSD storage (up to 2,400 GiB). The Dv5 and Dsv5 VM series offer a lower price of entry since they do not feature any local temporary storage. If you require temporary storage select the latest Ddv5 or Ddsv5 Azure virtual machines, which are also in Preview.

The Ev5 and Edv5 VM sizes feature up to 672 GiB of RAM and are ideal for memory-intensive enterprise applications. You can attach Standard SSDs and Standard HDDs disk storage to these VMs. If you prefer to use Premium SSD or Ultra Disk storage, please select the Esv5 and Edsv5 VM series, which will be in preview in the near future. The Ev5 and Esv5 VMs offer a lower price of entry since they do not feature any local temporary storage. If you require temporary storage select the latest Edv5 VM series which are also in preview, or the Edsv5 VM series, which will be in preview in the near future.

New NPv1 virtual machines

NPv1 series virtual machines are a new addition to the Azure product offering. These instances are powered by Xilinx Alveo U250 FPGAS. These highly-programmable accelerators benefit a variety of computationally intensive workloads such as genomics, image-processing, security, data analysis and more. The NP series offering is based upon the commercially available U250 from Xilinx and uses a standard shell easing the difficulties of migrating existing FPGA workloads & solutions to the cloud. New Xilinx Alveo U250 FPGA NPv1 VMs are now generally available in West US 2, East US, West Europe, and Southeast Asia.

Microsoft acquires Kinvolk to accelerate container-optimized innovation

Microsoft is excited to bring the expertise of the Kinvolk team to Azure and having them become key contributors to the engineering development of Azure Kubernetes Service (AKS), Azure Arc, and future projects that will expand Azure’s hybrid container platform capabilities and increase Microsoft’s upstream open source contributions in the Kubernetes and container space. Microsoft is also committed to maintaining and building upon Kinvolk’s open source culture. The Kinvolk team will continue to remain active in their existing open source projects and will be essential to driving further collaboration between Azure engineering teams and the larger open source container community.


Azure Blob storage: NFS 3.0 protocol support public preview now expands to all regions

Azure Blob storage is the only public cloud storage platform that supports NFS 3.0 protocol over object storage natively (no gateway or data copying required), with object storage economics. This new level of support is optimized for high-throughput, read-heavy workloads where data will be ingested once and minimally modified further, such as large-scale analytic data, backup and archive, media processing, genomic sequencing, and line-of-business applications. Azure Blob Storage NFS 3.0 preview supports general purpose v2 (GPV2) storage accounts with standard tier performance in all publicly available regions. Further, Microsoft is enabling a set of Azure blob storage features in premium blockblob accounts with NFS 3.0 feature enabled such as blob service REST API and lifecycle management.

Attribute-based Access Control (ABAC) in preview

Attribute-based access control (ABAC) is an authorization strategy that defines access levels based on attributes associated with security principals, resources, requests, and the environment. Azure ABAC builds on role-based access control (RBAC) by adding conditions to Azure role assignments in the existing identity and access management (IAM) system. This preview includes support for role assignment conditions on Blobs and ADLS Gen2, and enables you to author conditions based on resource and request attributes.

Prevent Shared Key authorization for an Azure Storage account

Every secure request to an Azure Storage account must be authorized. By default, requests can be authorized with either Azure Active Directory (Azure AD) credentials, or by using the account access key for Shared Key authorization. Of these two types of authorization, Azure AD provides superior security and ease of use over Shared Key and is recommended by Microsoft. To require clients to use Azure AD to authorize requests, you can disallow requests to the storage account that are authorized with Shared Key. Microsoft is announcing the general availability of the ability to disable Shared Key authorization for Azure Storage.

Append blob support in Azure Data Lake Storage

Append blobs provide a simple and effective way of adding new content to the end of a file or blob when the existing content does not need to be modified. This makes append blobs great for applications such as logging that need to add information to existing files efficiently and continuously. Until now, only block blobs were supported in Azure Data Lake Storage accounts. Applications can now also create append blobs in these accounts and write to them using Append Block operations. These append blobs can be read using existing Blob APIs and Azure Data Lake Storage APIs.


Multiple features for Azure VPN Gateway

The following features for Azure VPN Gateway are general available:

  • Multiple authentication types for point-to-site VPN – You can now enable multiple authentication types on a single gateway for OpenVPN tunnel type. Azure AD, certificate-based and RADIUS can all be enabled on a single gateway.
  • BGP diagnostics – You can now see the Border Gateway Protocol session status, route advertised and routes learnt by the VPN Gateway.
  • VPN packet capture in Azure portal – Support for packet capture on the VPN Gateway is now availbe in the Azure portal.
  • VPN connection management – With new enhancements in VPN connection management capabilities, you can now reset an individual connection instead of resseting the whole gateway. You can also set the Internet Key Exchange (IKE) mode of the gateway to responder-only, initiator-only or both and view the Security Association (SA) of a connection.

Azure IaaS and Azure Stack: announcements and updates (April 2021 – Weeks: 15 and 16)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.



New M-series Msv2/Mdsv2 Medium Memory VMs for memory-optimized workloads

Azure Msv2/Mdsv2 Medium Memory Series offering up to 192vCPU and 4TB memory configurations and running on Cascade Lake processor are now generally available. Msv2/Mdsv2 medium memory VM sizes providing a 20% increase in CPU performance, increased flexibility with local disks, and a new intermediate scale up-option. These virtual machines provide unparalleled computational performance to support large in-memory databases and workloads such as SAP HANA and SQL Hekaton.

Azure Virtual Machines DCsv2-series in Azure Government (public preview)

Azure Government customers can build secure, enclave-based applications to protect code and data while it’s in use, in a dedicated cloud that meets stringent government security and compliance requirements. Confidential computing DCsv2-series virtual machines are now in preview for Azure Government customers (federal, state, local governments, and their partners) in US Government Virginia and Arizona regions. These VMs are backed by Intel XEON E-2288G processors with Intel Software Guard Extensions (SGX) technology.

Microsoft announces plans to establish first datacenter region in Malaysia

The new datacenter region is part of the “Bersama Malaysia” initiative to support inclusive economic growth in Malaysia.


Azure Blob storage supports objects up to 200 TB in size

Workloads that utilize larger file sizes such as backups, media, and seismic analysis can now utilize Azure Blob storage and ADLS Gen2 without breaking these large files into separate blobs. Each blob is made up of up to 50,000 blocks. Each block can now be 4GB in size for a total of 200 TB per blob or ADLS Gen2 file.

Lustre HSM tools to import from or export to Azure Storage

Lustre HSM (Hierarchical Storage Management) provides the capability to associate a Lustre file system with an external storage system and migrate file data between them.

Now available are the File System Hydrator and Copy Tool, which enables integrating a Lustre file system with an Azure storage account:

  • The File System Hydrator is used to import a file system namespace from an Azure storage account into a Lustre file system with the imported files left in the ‘released’/’exist’ state.
  • The Copy Tool is used to hydrate the content of the files in the storage account into the Lustre file system on-demand. The copy tool can also be used to archive content of files back into the storage account, including changed or added files.


Application Gateway URL Rewrite

Azure Application Gateway now supports the ability to rewrite host name, path and query string of the request URL. In addition to header rewrites, you can now also rewrite URL of all or some of the client requests based on matching one or more conditions as required. You can choose to route the request based on the original URL or the rewritten URL. This feature enables several important scenarios such as allowing path based routing for query string values and support for hosting friendly URLs.

Azure IaaS and Azure Stack: announcements and updates (April 2021 – Weeks: 13 and 14)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.



Virtual machine (VM) level disk bursting available on all Dsv3 and Esv3 families

Virtual machine level disk bursting allows your virtual machine to burst its disk IO and MiB/s throughput performance for a short time daily. This feature is now enabled on all our Dsv3-series and Esv3-series virtual machines, with more virtual machine types and families support soon to come. There is no additional cost associated with this new capability or adjustments on the VM pricing and it comes enabled by default.

Cloud Services (extended support) is generally available

Cloud Services (extended support), which is a new Azure Resource Manager (ARM)-based deployment model for Azure Cloud Services, is generally available. Cloud Services (extended support) has the primary benefit of providing regional resiliency along with feature parity with Azure Cloud Services deployed using Azure Service Manager (ASM). It also offers some ARM capabilities such as role-based access and control (RBAC), tags, policy, private link support, and use of deployment templates. The ASM-based deployment model for Cloud Services has been renamed Cloud Services (classic). Customers retain the ability to build and rapidly deploy web and cloud applications and services. Customers will be able to scale cloud services infrastructure based on current demand and ensure that the performance of applications can keep up while simultaneously reducing costs. The platform-supported tool for migrating existing cloud services to Cloud Services (extended support) also goes into preview. Migrating to ARM will allow customers to set up a robust infrastructure platform for their applications. 


Azure File Sync agent v12 

Improvements and issues that are fixed in the v12 release:

  • New portal experience to configure network access policy and private endpoint connections
    • You can now use the portal to disable access to the Storage Sync Service public endpoint and to approve, reject and remove private endpoint connections. To configure the network access policy and private endpoint connections, open the Storage Sync Service portal, go to the Settings section and click Network.
  • Cloud Tiering support for volume cluster sizes larger than 64KiB
  • Measure bandwidth and latency to Azure File Sync service and storage account
    • The Test-StorageSyncNetworkConnectivity cmdlet can now be used to measure latency and bandwidth to the Azure File Sync service and storage account. Latency to the Azure File Sync service and storage account is measured by default when running the cmdlet. Upload and download bandwidth to the storage account is measured when using the “-MeasureBandwidth” parameter. To learn more, see the release notes.
  • Improved error messages in the portal when server endpoint creation fails
    • We heard your feedback and have improved the error messages and guidance when server endpoint creation fails.
  • Miscellaneous performance and reliability improvements
    • Improved change detection performance to detect files that have changed in the Azure file share.
    • Performance improvements for reconciliation sync sessions.
    • Files may fail to tier on Server 2019 if Data Deduplication is enabled on the volume.
    • AFSDiag fails to compress files if a file is larger than 2GiB.

To obtain and install this update, configure your Azure File Sync agent to automatically update when a new version becomes available or manually download the update from the Microsoft Update Catalog.

More information about this release:

  • This release is available for Windows Server 2012 R2, Windows Server 2016 and Windows Server 2019 installations.
  • A restart is required for servers that have an existing Azure File Sync agent installation.
  • The agent version for this release is
  • Installation instructions are documented in KB4568585.

Encryption scopes in Azure Storage

Encryption scopes introduce the option to provision multiple encryption keys in a storage account for blobs. Previously, customers using a single storage account for multi-tenancy scenarios were limited to using a single account-scoped encryption key for all the data in the account. With encryption scopes, you now can provision multiple encryption keys and choose to apply the encryption scope either at the container level (as the default scope for blobs in that container) or at the blob level. 

Azure Data Explorer external tables

An external table is a schema entity that references data stored outside the Azure Data Explorer database. Azure Data Explorer Web UI can create external tables by taking sample files from a storage container and creating schema based on these samples. You can then analyze and query data in external tables without ingestion into Azure Data Explorer.

Azure IaaS and Azure Stack: announcements and updates (March 2021 – Weeks: 11 and 12)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.



Brazil South Availability Zones

Availability Zones give users additional options for high availability for their most demanding applications and services as well as confidence and protection from potential hardware and software failures by providing three or more unique physical locations within an Azure region. Availability Zones in Brazil South are made up of three unique physically separated locations or “zones” within a single region to bring higher availability and asynchronous replication across Azure regions for disaster recovery protection.

Azure expands PCI DSS certification

PCI DSS is a global information security standard designed to secure payments and reduce credit card fraud. Microsoft Azure has increased the scope of its Payment Card Industry Data Security Standard (PCI DSS) certification, providing coverage across all live Azure regions.

Make workloads on AMD-backed virtual machines confidential without recompiling code (limited preview)

Microsoft is further broadening the confidential computing options available to Azure customers through the technology partnership with AMD, specifically by being the first major cloud provider to offer confidential virtual machines on the new AMD EPYC™ 7003 series processors. This new approach complements existing Azure confidential computing solutions such as confidential containers for Azure Kubernetes Service and opens the possibility to create new confidential applications without requiring code modifications which in turn substantially simplifies the process of creating confidential applications.

HBv3-Series VMs: now generally available in some regions

Azure HBv3-series virtual machines (VMs) for high-performance computing (HPC)
are generally available in the East US, South Central US, and West Europe Azure regions. HBv3 Virtual Machines feature AMD EPYC™ 7003-series (Milan) CPU cores, 448 GB of RAM, 480 MB of L3 cache, and no simultaneous multithreading (SMT). HBv2 Virtual Machines provide up to 340 GB/sec of memory bandwidth. HBv3 VMs can be deployed with a range of CPU core counts to support a diverse set of HPC workload needs.

Publishing VM Images from Shared Image Gallery to Azure Marketplace

You can now publish a VM Image in Shared Image Gallery (SIG) to Azure Marketplace. This capability simplifies your image preparation, testing, and submission process as you no longer have to extract vhds, upload them, and generate SAS URIs. With this capability, you can now manage the full image lifecycle within Azure. You can simply create your image from the VM or a vhd into Shared Image Gallery, then select the SIG Image to publish it in Partner Center.

New VM series supported by Azure Batch

The selection of VMs that can be used by Azure Batch has been expanded, allowing newer Azure VM series to be used. The following additional VM series can now be specified when Batch pools are created:

  • DCsv2
  • HBv3
  • NCasT4_v3


Azure Storage Explorer v1.18.0

Azure Storage Explorer helps you upload, download, and manage the data you store in Azure Storage. The released version v1.18.0 includes the following new capabilities:

  • Decrease startup and load time of Storage Explorer.
  • New connection flow to make it easier to specify the type of resource.
  • For faster data transfer, Storage Explorer now uses AzCopy v10.8.0.
  • Log files now have more descriptive names and, easier way to clean up old logs.
  • Authorizing via shared access signatures (SAS) is now enabled for ADLS Gen2 accounts. You can now attach to an ADLS Gen2 Storage account, container, or folder via SAS using Storage Explorer.


IPv6 Support for ExpressRoute Private Peering (preview)

IPv6 support for ExpressRoute Private Peering is now available for public preview with ExpressRoute circuits globally and Azure environments in regions with Availability zones. IPv6 support will unlock hybrid connectivity for you as you look to expand into mobile and IoT markets with Azure, or to address IPv4 exhaustion in your on-premise networks.

Here are the new capabilities available with this support:

  • Establish BGP sessions between the customer and Microsoft edge over ExpressRoute using IPv4 subnets, IPv6 subnets, or both
  • Connect to dual-stack deployments in Azure using a new or existing ExpressRoute gateway
  • Use FastPath with an ExpressRoute connection to route IPv6 traffic

Service Tags for User Defined Routing (preview)

You can now specify a Service Tag for the address prefix parameter in a user defined route for your route table. You can choose from tags representing over 60 Microsoft and Azure services to simplify route creation and maintenance.

  • You no longer need to manually update routes when services change or add to their list of endpoints. Routes with Service Tags will update automatically to include new changes.
    • This also eliminates the need for regularly updating routes based on the IP data in the weekly JSON file downloads we provide.
  • This also helps reduce the likelihood of running into the routes per route table limit (400) which is common when configuring routing for multiple Microsoft and Azure services. By using Service Tags, you can avoid this, since the tag condenses all ranges for that service into one group.
    • For example, we list more than 4,500 prefixes which collectively represent the Azure address space. You can now use one route with the AzureCloud Service Tag which will include all of these.

The feature is available through REST, PowerShell, CLI, and can also be used in ARM templates. This feature is not currently available through the Azure Portal.

Azure Stack

Stream Analytics runs on Azure Stack Hub

Azure Stream Analytics now is supported on Azure Stack Hub as an IoT Edge module. It allows customer to leverage Azure Stack features, to interact with SQL, Event Hubs, and IoT Hubs running in an Azure Stack Hub subscription. Customers can build truly hybrid architectures for stream processing in your own private, autonomous cloud, which can be connected or disconnected with cloud-native apps using consistent Azure services on-premises.

Azure IaaS and Azure Stack: announcements and updates (March 2021 – Weeks: 09 and 10)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

In this dedicated post you can find the most important announcements and major updates officialized last week during Microsoft Ignite 2021 conference.



Microsoft introduces Narya: advancing failure prediction and mitigation

Project Narya is an end-to-end prediction and mitigation service. Not only does it predict and mitigate Azure host failures but also measures the impact of its mitigation actions and to use an automatic feedback loop to intelligently adjust its mitigation strategy.


Azure File Sync agent v11.2

Azure File Sync agent v11.2 release is now on Microsoft Update and Microsoft Download Center.

Improvements and issues that are fixed:

  • If a sync session is cancelled due to a high number of per-item errors, sync may go through reconciliation when a new session starts if the Azure File Sync service determines a custom sync session is needed to correct the per-item errors.
  • Registering a server using the Register-AzStorageSyncServer cmdlet may fail with “Unhandled Exception” error.
  • New PowerShell cmdlet (Add-StorageSyncAllowedServerEndpointPath) to configure allowed server endpoints paths on a server. This cmdlet is useful for scenarios in which the Azure File Sync deployment is managed by a Cloud Solution Provider (CSP) or Service Provider and the customer wants to configure allowed server endpoints paths on a server. When creating a server endpoint, if the path specified is not in the allow list, the server endpoint creation will fail. Note, this is an optional feature and all supported paths are allowed by default when creating a server endpoint. To learn more, see the release notes.

More information about this release:

  • This update is available for Windows Server 2012 R2, Windows Server 2016 and Windows Server 2019 installations that have Azure File Sync agent version or later installed.
  • The agent version for this release is
  • A restart may be required if files are in use during the installation.
  • Installation instructions are documented in KB4539952.

Routing Preferences

Routing Preference for Azure Storage provides you the flexibility to choose how network traffic is routed between clients outside Azure and your storage accounts by optimizing for exceptional network reliability and performance or by optimizing for lower costs. You now have the choice to direct network traffic to the public endpoint of your storage account using the ‘Microsoft Global Network‘ or over the ‘Public Internet‘. The Microsoft global network delivers exceptional network reliability with premium performance, while using your ISP network may help achieve cost efficiency.

  • Routing over the Microsoft Global Network: The Microsoft global network is one of the largest networks on the globe that currently spans over 165,000 fiber miles with over 180 edge Points of Presence (POPs). The network is well provisioned with multiple redundant fiber paths and traffic engineered intelligently to ensure exceptionally high reliability and performance. Internet traffic enters and exits the Microsoft network at the POP closest to the client to provide optimized network experience (cold potato routing).
  • Routing via the transit ISP network: The new competitive egress tier minimizes traversal over the Microsoft global network and maximizes traversal over the transit ISP network. Internet traffic enters and exits Microsoft network at the POP closest to your storage account’s region (hot potato routing).

By default and to date, network traffic between clients outside Azure and the storage account always uses the Microsoft global network. You can change the routing preference configuration for the default public endpoint to the ISP network for storage accounts in major Azure regions where the feature is available. In addition, you now have the ability to publish additional route-specific endpoints for your storage accounts. These route-specific endpoints will always route traffic between clients outside Azure and the storage account over the appropriate path.

Azure IaaS and Azure Stack: most impactful announcements at Microsoft Ignite 2021

This special edition includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft this week during Microsoft Ignite 2021 conference. Microsoft announced several important additions to its Azure infrastructure as a service (IaaS) portfolio and the Microsoft infrastructure services continue to evolve to optimize the experience of running business-critical workloads.



Microsoft adding datacenter region in China

To meet growing customer demand in China, Microsoft will establish a new datacenter region in northern China. The new region will enable more customers to innovate and collaborate with the Microsoft Cloud, including Microsoft Azure, Office 365, Dynamics 365 and Power BI.

Azure Resource Mover now generally available

Azure Resource Mover, which provides portability between Azure regions is now generally available. Azure Resource Mover allows new customers to create applications in existing regions and migrate them upon new region launch or move into regions with availability zones (AZs) if not planned for their region. Azure Resource Mover moves multiple resources among Azure regions and performs dependency analysis for the workloads to ensure a successful move.

On-demand capacity reservations for Azure Virtual Machines will be
available (preview in April)

On-demand capacity reservations for Azure Virtual Machines enable customers to access virtual machines (VMs) in advance with service-level agreement (SLA) guarantees. This is particularly important to organizations that want to ensure high levels of availability when running business-critical applications on Azure.

Azure Virtual Machine Scale Sets flexible orchestration mode (preview).

Azure Virtual Machine Scale Sets help customers simplify the deployment, management and scalability of their applications while increasing high availability. Customers may now change VM sizes without redeploying their scale set, resulting in greater operational agility. Customers will also be able to mix Spot Virtual Machines and pay-as-yougo VMs within the same scale set to optimize costs.

New Mv2 Azure Virtual Machines for memory intensive workloads (preview)

These offerings expand the range of workloads that customers can run in Azure while addressing specific organizational compliance requirements and can give a 20% increase in CPU performance. Customers will be able to deploy the same VMs to Azure Dedicated Hosts.

Automatic VM guest patching for Linux VMs (preview)

Automatic VM guest patching for virtual machines helps ease update management by safely and automatically patching virtual machines to maintain security compliance. With automatic VM guest patching enabled, the VM is assessed periodically to determine the applicable patches for that VM. Updates classified as ‘Security’ or ‘Critical’ are automatically downloaded and applied on the VM during off-peak hours. Patch orchestration is managed by Azure and patches are applied following availability-first principles.

Improve Azure Spot Virtual Machines runtime and simulate evictions with new features (preview)

With Azure Spot Virtual Machines (Spot VMs), IT organizations can acquire scalable compute capacity at deep discounts for interruptible workloads. New ‘try & restore’ capabilities can now improve the overall runtime of workloads running on Spot virtual machines if they get evicted due to capacity constraints. This new capability applies when a Spot VM is part of a virtual machine scale set. Customers can also use recently added REST APIs to simulate evictions and test the behavior of their workload making sure it can tolerate interruptions when deployed on Spot VMs.

Azure trusted launch for Virtual Machines (preview)

Azure trusted launch protects your virtual machines against boot kits, rootkits, and kernel-level malware. Trusted launch allows administrators to deploy virtual machines with verified and signed bootloaders, OS kernels, and drivers. By leveraging secure and measured boot, administrators gain insights and confidence of the entire boot chain’s integrity. With virtual Trusted Platform Module (vTPM), administrators can securely protect keys, certificates, and secrets in the virtual machines. In addition, administrators can monitor and attest to the integrity of virtual machines as well as reacting to any changes to the attestation policy baseline. Azure Security Center serves as a single pane of glass for integrity alerts, recommendations, and remediations generated by trusted launch. These new features are easily enabled, trusted launch is switched on with a simple change in deployment code or a checkbox within the Azure portal for all virtual machines.


New Azure Disk Storage capabilities for running mission-critical applications (preview)

Several Azure Disk Storage product enhancements for running mission-critical
applications on Azure are now available in preview, including:

  • Azure Premium SSD and Standard SSD, which offer zone-redundant
    storage (ZRS) support to protect data in the event of a zone failure, a
    key feature to provide customers with high availability for mission-critical
    workloads. Disks with ZRS also provide a recovery point objective (RPO)
    of zero that minimizes data loss and helps ensure successful data recovery.
  • Performance tiers on Azure Premium SSD, which provide sustained
    higher performance for a planned event like a seasonal sales promotion,
    giving customers the flexibility to scale performance without increasing
    the disk size by selecting a higher performance tier. Customers can now
    upgrade performance tiers on Premium SSDs without any downtime to
    avoid disruption to their workloads.
  • Auto-key rotation of customer-managed keys, which gives customers
    the option to automatically update all their disks, snapshots and
    images using the same encryption key when a new version of a key is
    generated. Customers no longer need to manually update all their Azure
    resources and can ensure that their data is always secured with the
    latest key versions and that they meet their organization’s security and
    compliance requirements.

Operational backup for Azure Blobs (preview)

Operational backup for Azure Blobs is a managed, local data protection solution that lets you protect your block blobs from various data loss scenarios like blob corruptions, blob deletions, and accidental storage account deletion. The data is stored locally within the source storage account itself and can be restored to a selected point in time whenever needed. So this provides a simple, secure, and cost-effective means to protect your blobs. Operational backup for blobs uses capabilities available from the blob service, like blob point-in-time restore, blob versioning, blob soft delete, and blob change feed, to restore all or a subset of blobs in a storage account. The solution integrates with Backup Center and other Backup management capabilities to provide a single pane of glass that can help you govern, monitor, operate, and analyze backups at scale.


Azure load balancing options

Azure load balancing options include a guided experience to help customers choose
the load balancing options that match their architectural and application requirements. Azure Load Balancer, now generally available, supports load balancing across IP addresses in the backend pool. Previously, network interfaces associated with virtual machines (VMs) could be added only in the backend of a Load Balancer. This feature enables flexibility to load balance across containers in addition to VMs and VM scale sets associated with their load balancer.

Azure Public IP SKU upgrade and load balancer upgrade

Azure Public IP SKU allows customers to upgrade and retain the same IPs without
management overhead or notices to their end customers and now supports the ability to upgrade from Basic to Standard SKU. In addition, any Basic Public Load Balancer can now be upgraded to a Standard Public Load Balancer, while retaining the same public IP address. This is supported via PowerShell, command line interface (CLI) templates and API, and is available across all Azure regions.

Azure Networking routing preference

Azure Networking routing preference is now generally available and lets Azure customers choose how their traffic is routed between Azure and the internet. Azure customers can choose to optimize for performance (Microsoft network) or cost (ISP network/open internet). These options are also referred to as “cold potato routing” and “hot potato routing,” respectively. Egress data transfer price varies based on the routing
selection. This update will give customers more flexibility to optimize their underlying routing network for performance or cost on a per workload basis.

Azure Route Server (preview)

Azure Route Server facilitates dynamic routing between network virtual appliance (NVA) and virtual networks. By establishing the Border Gateway Protocol (BGP) peering between an NVA and Azure Router Server, customers can inject IP addresses
(i.e., routes) from their NVA to their virtual network and let the NVA learn
what IP addresses their virtual network has. Azure Route Server is a fully
managed service with built-in high availability.

ExpressRoute IPv6 Support

To be released to preview later this month, will support both IPv4- and IPv6-based private peering in availability zones (AZs). IPv6 will enable key internet of things (IoT) scenarios. It will simplify enterprises’ migration or expansion to Azure even as they run
out of IPv4 addresses in their on-premises network.

New ExpressRoute Gateway metrics (preview)

ExpressRoute Gateway metrics enable users to monitor the count of routes learned, count of routes advertised, number of virtual machines (VMs) in the virtual network and frequency of routes changed for their ExpressRoute gateways, and set up alerts to manage capacity accordingly.

New ExpressRoute Portal Experience

It allows users to have a more complete peering and Global Reach configuration experience in Azure Portal.

Azure Virtual WAN now offers integration with VMware SD-WAN (preview)

This allows customers to connect all branch offices and remote locations to Azure through VMWare SD-WAN. Users can now manage last-mile connectivity and dynamic path optimization through VMWare SD-WAN and leverage global connectivity, routing intelligence and security through Azure Virtual WAN, benefiting from a complete Secure
Access Service Edge (SASE) solution.

Virtual WAN Remote User VPN Features

Virtual WAN Remote User VPN Features enable 100,000 remote users to connect to a Virtual WAN hub in a region (increased from the previous 10,000 limit). It will allow remote users to authenticate using any combination of Certificates, Azure Active Directory and Radius Servers. It also offers custom IPsec parameters for remote user VPN. Finally, it will connect multiple Radius servers to a single Virtual WAN Hub for Remote User authentication.

Scalable Bastion Gateway (preview)

Scalable Bastion Gateway will be released in preview later this month. Scalable Bastion Gateway will allow users to increase the size of Bastion gateway to support as many as 500 concurrent sessions and decrease the gateway size when the usage demand goes down. Bastion will support native Azure Active Directory (Azure AD) authentication integration for Linux VMs deployed on Azure.

Advanced VPN diagnostic features

Advanced VPN diagnostic features, including Packet Capture, the BGP Dashboard and VPN Connection features, will be released in preview this month. Packet Capture helps customers troubleshoot their connectivity issues and inspect the traffic flowing through their VPN gateways. The BGP Dashboard provides an all-up view for customers to see their route exchange between Azure and their on-premises networks. VPN Connection features (Reset, Show SA, Modes) allow customers to have fine-grained control and visibility to their VPN tunnels for monitoring, troubleshooting and management.

Application Gateway Ingress Controller (AGIC)

The Application Gateway Ingress Controller (AGIC) is now generally available as an add-on in Azure Kubernetes Service (AKS). You can now easily create or attach an existing Application Gateway instance to their AKS clusters. You can use the standard Kubernetes ingress API to define your routing rules, then have those rules be implemented by the managed Application Gateway service. The Azure Application Gateway is a scalable, reliable, and secure L7 load balancer. By using Application Gateway as the entry point to the AKS applications, you don’t have to self-manage third party networking tools.

Multiple new features for Azure VPN Gateway (preview)

The following new features for Azure VPN Gateway are in public preview:

  • Multiple authentication types for point-to-site VPN: you can now enable multiple authentication types on a single gateway for OpenVPN tunnel type. Azure AD, certificate-based and RADIUS can all be enabled on a single gateway.
  • VPN connection management: with new enhancements in VPN connection management capabilities, you can now reset an individual connection instead of resetting the whole gateway. You can also set the IKE mode of the gateway to responder-only, initiator-only or both and view the Security Association (SA) of a connection.

Azure Stack

Event Hubs on Azure Stack Hub

Event Hubs is a reliable and scalable event streaming engine that backs thousands of applications across every kind of industry in Microsoft Azure. Microsoft is now announcing the general availability of Event Hubs on Azure Stack Hub for disconnected scenarios.

Azure IaaS and Azure Stack: announcements and updates (February 2021 – Weeks: 07 and 08)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.



Automatic Azure VM extension upgrade capabilities (preview)

Azure virtual machine extensions are small applications that provide post-deployment configuration and automation on Azure VMs. The ability to automatically upgrade Azure VM extensions is now available in public preview for Azure virtual machines and virtual machine scale sets. If the automatic extension upgrade feature is enabled for an extension on a VM or a VM scale set, the extension is upgraded automatically whenever the extension publisher releases a new version. Azure manages the upgrade rollout and the upgrades are safely applied following availability-first principles, keeping your environments more secure and up to date.

Azure Image Builder Service now generally available

Azure Image Builder service offers unification and simplification for your image building process across Azure and Azure Stack with an automated image building pipeline. Whether you want to build Windows or Linux virtual machine images, you can use existing image security configurations to build compliant images for your organization and patch existing custom images using Linux commands or Windows Update. Azure Image Builder supports images from multiple Linux distributions, Azure Marketplace, and Windows Virtual Desktop environments and you can build images for specialized VM sizes, such as creating images for GPU VMs.

New datacenter region in Indonesia

Microsoft announced plans to establish its first datacenter region in Indonesia to deliver trusted Azure services locally, with world-class data security, privacy, and the ability to store data in the country. In addition, Microsoft announced plans to skill an additional 3 million Indonesians to empower a total of 24 million Indonesians by the end of 2021 through its long-established skilling programs designed to help create inclusive economic opportunities in the digital era.


Azure NetApp Files: Volume hard quota change

From the beginning Azure NetApp Files has been using a ‘capacity pool’ provisioning and automatic growth mechanism. Azure NetApp Files volumes are thinly provisioned on an underlaying, customer-provisioned ‘capacity pool’ of a selected tier and size. Volume sizes (‘quotas’) are used to provide performance and capacity, and these ‘quotas’ can be adjusted on-the-fly at any time. This behavior means that, currently, the volume quota is a performance lever used to control bandwidth to the volume. Currently, underlaying capacity pools automatically grow when capacity fills up. The Azure NetApp Files behavior of volume and capacity pool provisioning will change to a manual and controllable mechanism. Starting March 15th, 2021, volume sizes (quota) will manage bandwidth performance, as well as provisioned capacity, and underlying capacity pools will no longer grow automatically.


Azure Firewall Premium (preview)

With the new Azure Firewall Premium now in public preview, you can now perform the following new capabilities:

  1. Transport Layer Security (TLS) Inspection: Azure Firewall Premium decrypts outbound traffic, performs the required value-added security functions and re-encrypt the traffic which is sent to the original destination.
  2. Intrusion Detection and Prevention System (IDPS): Azure Firewall Premium provides signature-based IDPS to allow rapid detection of attacks by looking for specific patterns, such as byte sequences in network traffic, or known malicious instruction sequences used by malware.
  3. Web Categories: Allows administrators to allow or deny user access to the Internet based on categories (e.g. social networking, search engines, gambling), reducing the time spent on managing individual FQDNs and URLs. This capability is also available for Azure Firewall Standard based on FQDNs only.
  4. URL Filtering: Allow users to access specific URLs for both plain text and encrypted traffic, typically being used in congestion with web categories.

Azure Firewall Premium is utilizing Firewall Policy, a global resource that can be used to centrally manage your firewalls using Azure Firewall Manager. Starting this release, all new features will be configurable via Firewall Policy only. This includes TLS Inspection, IDPS, URL Filtering, web categories and more. Firewall Rules (Classic) continues to be supported and can be used for configuring existing features of Standard Firewall. Firewall Policy can be managed independently or using Azure Firewall manager. Firewall policy associated with a single firewall has no charge.

Azure Front Door: Standard and Premium now in public preview

Microsoft is introducing the preview of two new SKUs to the Azure Front Door family, which combines capabilities of: Azure Front Door, Azure Content Delivery Network (CDN) standard, and Azure Web Application Firewall (WAF) into a single secure cloud CDN platform with intelligent threat protection and a simple to understand pricing model.

  • Azure Front Door standard SKU is content delivery optimized, offering both static and dynamic content acceleration, global load balancing, SSL offload, domain and certificate management, enhanced traffic analytics, and basic security capabilities.
  • Azure Front Door premium SKU builds on capabilities of the standard SKU, and adds extensive security capabilities across WAF, BOT protection, Azure Private Link support, integration with Microsoft Threat Intelligence, and security analytics. 

Azure Front Door Standard/Premium (Preview) is a secure cloud CDN service that cyber security teams can use to accelerate content delivery while protecting apps, APIs, and websites from cyberthreats. It combines intelligent threat protection and modern CDN technology in a tightly integrated service. Your users get friction-free access to internal apps, and APIs and websites are delivered fast at a global scale. And best of all, implementing Azure Front Door Standard/Premium (Preview) across your internal and external digital assets is quick, easy and cost effective with a simplified billing model.

Web Application Firewall Integration with Azure Front Door Standard and Premium SKU

Azure Web Application Firewall is now integrated into Azure Front Door Standard and Premium SKU (Preview). Azure Front Door Standard supports custom WAF rules only, and the Premium SKU supports custom WAF rules, managed ruleset, and Bot manager.

Azure Front Door: Web Application Firewall ruleset refresh

Azure Web Application Firewall with Azure Front Door has a new version of managed ruleset available: Microsoft_DefaultRuleSet_1.1. Powered by Microsoft Threat Intelligence, Microsoft_DefaultRuleSet_1.1 adds new rules for broader coverage and modifications for some existing rules to reduce false positives.