This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Local, as officially released by Microsoft in the past two weeks.

Azure

Compute

New Storage Optimized Laosv4, Lasv4, and Lsv4 Azure VM Series

Azure has announced the general availability of the Laosv4, Lasv4, and Lsv4 storage-optimized virtual machine series. The Laosv4 and Lasv4 VMs are powered by 4th Gen AMD EPYC™ (Genoa) processors, while the Lsv4 series uses 5th Gen Intel® Xeon® (Emerald Rapids) CPUs. These VMs offer sizes ranging from 2 to 96 vCPUs, with 8GB of memory and substantial local NVMe disk capacity per vCPU. In particular, the largest VMs offer up to 23TB of local storage. All three VM series come with Azure Boost and Azure Boost SSDs, support NVMe local SSD disk encryption by default, and feature an NVMe remote storage interface with premium storage caching, enhancing remote storage performance. These VMs are ideal for storage-intensive, distributed workloads such as big data analytics, Elasticsearch, distributed file systems, and data warehousing, delivering the high performance and flexibility needed for modern enterprise applications.

Networking

Profile and Route WAF Policies on Azure Front Door (private preview)

Azure has introduced a private preview of profile and route-based Web Application Firewall (WAF) policies for Azure Front Door. Previously, WAF policies could only be associated with a Front Door instance via frontends or custom domains. With this update, WAF policies can now also be applied at the Front Door profile level and at the individual route level within a domain. This new flexibility allows administrators to define a global policy at the profile level to cover all associated domains, while also enabling more granular security through route-specific policies. For instance, more sensitive routes—such as login or payment pages—can have stricter rules applied. The policy hierarchy ensures that more specific policies override broader ones: route-level policies take precedence over domain-level policies, which in turn override profile-level policies. This enhancement empowers organizations to implement targeted protection strategies within a unified WAF framework.

Azure Virtual Network Manager in Azure China

Azure Virtual Network Manager is now generally available in Azure China, bringing centralized control over connectivity, security rules, and routing configurations across subscriptions at scale. This service simplifies network topology management using hub-and-spoke or mesh configurations, helping administrators ensure consistent connectivity and policy enforcement throughout complex environments. The security admin rules feature allows organizations to define security policies that take precedence over traditional Network Security Group (NSG) rules, helping to avoid misconfigurations and maintain compliance across environments. Additionally, flow logs offer visibility and diagnostics for traffic governed by these rules. Routing configurations can also be standardized and applied automatically to multiple subnets or virtual networks, supporting scenarios like routing spoke traffic through Azure Firewall or enabling cross-hub connections, further simplifying enterprise network architecture.

Storage

Archive Access Tier Now Available in Italy North

The Archive access tier for Azure Blob Storage is now generally available in the Italy North region. This development enables customers to store infrequently accessed data in a highly cost-effective manner while ensuring data residency and compliance with Italian regulations. Ideal for long-term data retention, backup, and compliance scenarios, the Archive tier supports comprehensive data lifecycle management. Users can manage data in the Archive tier through the Azure portal, CLI, PowerShell, or REST API. With this release, the Italy North region now supports the full spectrum of Azure Blob Storage tiers—Hot, Cool, Cold, and Archive—aligning it with other fully featured Azure regions.

Azure Storage Mover support for SMB source to Azure Blob target

Azure Storage Mover has expanded its capabilities to support the migration of SMB shares directly to Azure Blob containers. This fully managed migration service enables seamless and secure transfer of on-premises files and folders to Azure Storage, minimizing downtime during migration processes. With integration features like just-in-time permission setting and Azure Key Vault support, organizations can perform secure migrations end-to-end. This enhancement complements the existing support for migrations from NFS shares to Azure Blob and from SMB sources to Azure File shares.

NFS Azure Files volume mount support in Azure Container Apps (preview)

Azure Container Apps now support mounting Network File System (NFS) Azure Files volumes to containerized applications. This enhancement allows developers to leverage a scalable and high-performance file system that can be shared across multiple containers within an application. The use of NFS Azure Files volumes also ensures data persistence across container restarts, making it ideal for stateful workloads or data-intensive jobs running in container environments.

Encrypt Premium SSD v2 and Ultra Disks with Cross-Tenant Customer Managed Keys (preview)

Microsoft has introduced a public preview for encrypting Premium SSD v2 and Ultra Disks using Cross-Tenant Customer Managed Keys (CMK) in select regions. This feature enables encryption of managed disks using a CMK that resides in an Azure Key Vault located in a different Microsoft Entra tenant from the disk itself. This advancement is particularly beneficial for service providers building Software as a Service (SaaS) solutions on Azure, as it allows their customers to manage their own encryption keys independently. Customers can now host and control their CMKs in their own tenant, granting them full sovereignty over their data and encryption practices.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Local. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Local, as officially released by Microsoft in the past two weeks.

Azure

General

GitHub Copilot for Azure

GitHub Copilot for Azure is now generally available, delivering a streamlined and intelligent development experience across the Azure ecosystem. Designed to enhance developer productivity, this solution integrates natively with Azure resources and offers support for Infrastructure as Code (IaC) through Bicep and Terraform. It enables efficient diagnostics and issue resolution, while providing real-time recommendations to improve code quality. GitHub Copilot for Azure acts as a comprehensive assistant, helping developers design resilient architectures, manage cloud resources, and elevate their Azure expertise with minimal disruption.

Cloudera on Cloud Available in Italy North Region

Cloudera on Cloud is now available in the Italy North Azure region through the Azure Marketplace. This availability expands the regional presence of Cloudera’s analytics and data platform, allowing customers in Italy to deploy and operate Cloudera environments more efficiently and in compliance with local data residency requirements.

Azure Chaos Studio available in ItalyNorth

Azure Chaos Studio has expanded its regional availability and is now offered in the ItalyNorth region. This service enables customers to improve the resilience of their applications by simulating faults and disruptions in a controlled manner. By testing real-world failure scenarios, organizations can proactively address reliability issues and strengthen the stability of their cloud workloads.

Retirement of Azure China North 1 and East 1 Regions

Microsoft has announced the planned retirement of the China North 1 and China East 1 regions, operated by 21Vianet, effective July 1, 2026. This decision follows an ongoing effort to modernize and optimize the Azure infrastructure in China. Customers are encouraged to migrate their resources to newer regions, such as China North 3, which offer improved performance, security, and support for advanced Azure services. To avoid service disruption, all migrations should be completed before the retirement date. Azure in China will continue its operations in multiple enhanced regions to meet evolving customer needs.

Azure Quota Groups

Azure Quota Groups is now generally available, bringing enhanced flexibility and centralized control for Enterprise Agreement (EA) and internal customers. This feature allows quotas to be shared across multiple subscriptions within a designated group, reducing the volume of individual quota requests and simplifying management. Through the use of a centralized Quota Group Azure Resource Manager (ARM) object, customers can self-manage their quota allocations—without requiring Microsoft approval. Benefits include the ability to reassign unused quota across subscriptions, reduced support overhead, and the ability to submit a single quota request for the entire group. Azure Quota Groups significantly streamlines resource governance and boosts operational efficiency.

Compute

ND96isr_H200_v5 Virtual Machines available in ItalyNorth

Azure has expanded the regional availability of ND96isr_H200_v5 Virtual Machines, which are now offered in the ItalyNorth region. These VMs are optimized for high-performance computing and AI workloads, providing enhanced GPU capabilities designed to accelerate demanding applications such as deep learning, data analytics, and large-scale simulations.

Network Optimized Azure Virtual Machines – Dnsv6, Dndsv6, Dnlsv6, Dnldsv6, Ensv6 and Endsv6 (preview)

Azure has introduced a new class of Network Optimized Virtual Machines, now in public preview, built on the 5th Generation Intel® Xeon® Platinum 8537C (Emerald Rapids) processors. These VMs provide enhanced performance and flexibility with three memory-to-core configurations and options with or without local SSDs. Leveraging Azure Boost, these VMs deliver superior network bandwidth per vCPU, increased vNIC capacity, and faster connection setup times. The new SKUs, including Dnsv6, Dndsv6, Dnlsv6, Dnldsv6, Ensv6, and Endsv6, expand the v6 family of Intel-based Azure VMs, making them ideal for network-intensive workloads.

Networking

Private Subnet

Azure announces the general availability of the private subnet functionality. Traditionally, virtual machines created in a virtual network without explicit outbound configuration were assigned a default outbound public IP address. These implicit IPs presented security challenges and lacked association with subscriptions, making them unreliable and difficult to manage. With the private subnet feature, any new subnet defaults to having “default outbound access” set to false, thus eliminating implicit outbound connectivity and promoting Azure’s “secure by default” principle. Users must now explicitly configure outbound access using services such as NAT Gateway or Public IP addresses. Starting September 30th, 2025, all new virtual networks will adopt this default behavior, although existing networks and older API versions will remain unaffected.

Azure Traffic Manager SLA Increased to 100%

Azure Traffic Manager now offers a 100% service level agreement (SLA) for global DNS resolution, guaranteeing uninterrupted resolution of DNS queries to healthy service endpoints. This enhancement reinforces Azure’s commitment to reliability and performance, ensuring that all Traffic Manager profiles automatically benefit from this updated SLA without requiring any customer-side changes.

Destination Network Address Translation (DNAT) on Azure Firewall Private IP address

Azure Firewall now supports Destination Network Address Translation (DNAT) rule configurations on its Private IP address, enabling port translations that were previously unavailable. This enhancement is particularly useful for enterprises dealing with overlapping IP ranges, such as during the integration of new partners or mergers and acquisitions. In hybrid networking scenarios, this feature allows on-premises datacenters to establish communication with Azure resources using private, non-routable IP addresses, ensuring seamless interoperability and connectivity across diverse environments.

Container Apps and Functions as Private Link enabled origins for Front Door Premium

Azure Front Door Premium now supports configuring Azure Container Apps and Azure Functions as Private Link enabled origins. This capability ensures secure backend communication by restricting origin exposure to the public internet. Even though users access content through public Front Door endpoints, the actual origin services remain securely accessible only via Private Link, improving overall network security posture for web applications and APIs.

Azure Front Door supports origin authentication via Managed Identities (preview)

Azure Front Door Standard and Premium now support origin authentication using Managed Identities, currently in public preview. This feature allows secure, identity-based access control between Front Door and its backend origins. By leveraging Managed Identities, customers can avoid the risks and operational overhead associated with managing credentials, ensuring that only authorized Front Door instances can access origin services.

VM Network Troubleshooter in Azure Portal (preview)

Azure has introduced a new VM Network Troubleshooter tool in the Azure Portal, now in public preview. Accessible from the VM Overview blade, this tool allows users to run diagnostics and detect common issues such as blocked ports. This feature significantly streamlines network troubleshooting, enabling quicker identification and resolution of connectivity problems that often affect virtual machine workloads.

Using Server-sent events with Application Gateway (preview)

Azure Application Gateway introduces preview support for Server-sent events (SSE), a technology that enables servers to push real-time updates to clients over persistent HTTP connections. This preview allows developers to build low-latency applications requiring continuous data streaming directly from the server. To utilize this capability, both the Application Gateway and the backend application must be configured appropriately. This feature enhances the ability to deliver dynamic content to clients while maintaining control over scalability and performance at the application delivery layer.

Storage

Availability Set Support for Premium SSD v2 Disk Storage

Azure has added support for Availability Sets with Premium SSD v2 (Pv2) disk storage in regions without Availability Zones, including Australia Southeast, Canada East, North Central US, UK West, West Central US, and West US. Premium SSD v2 offers scalable IOPS and throughput, low latency, and consistent performance—making it a strong choice for enterprise workloads such as SQL Server, Oracle, SAP, and big data platforms. This enhancement allows customers in these regions to build resilient architectures using Availability Sets, ensuring higher availability even in the absence of zonal infrastructure.

Customer-managed keys for Azure NetApp Files volume encryption with Azure Key Vault Managed HSM

Azure NetApp Files now supports customer-managed keys for volume encryption using Azure Key Vault Managed HSM. This enhancement provides an elevated level of security, transitioning from FIPS 140-2 Level 2 to Level 3 compliance for critical deployments. The use of Managed HSM is particularly relevant in sectors that demand high-security standards, such as financial services, public sector, telecommunications, and energy. Applications benefiting from this include payment processing systems, authentication services, and solutions requiring application-level encryption.

Encryption in Transit for Azure Files NFS Shares (preview)

Microsoft has introduced support for encryption in transit for Azure Files NFS v4.1 shares, now available in public preview. This feature enhances data protection by enabling TLS-based encryption for NFS traffic, securing data as it travels between applications and Azure File shares. The solution integrates with the lightweight AZNFS mount helper to deliver a seamless user experience, and it offers flexibility by allowing connections to be mounted with or without encryption, depending on user requirements.

Live Resize for Premium SSD v2 and Ultra NVMe Disks (preview)

Microsoft has announced the public preview of Live Resize for Premium SSD v2 (Pv2) and Ultra NVMe Disks. This new capability enables users to dynamically increase the storage capacity of their disks without causing any disruption to running applications. With Live Resize, organizations can adopt a more cost-effective storage strategy by starting with smaller disk sizes and scaling up as needed—ensuring flexibility, efficiency, and continuous application availability.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Local. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Local, as officially released by Microsoft in the past two weeks.

Azure

General

Carbon optimization in Azure

Microsoft has announced the General Availability of carbon optimization in Azure, a built-in solution designed to help organizations measure, manage, and reduce carbon emissions from their Azure workloads. With this capability, customers gain access to built-in dashboards and KPIs directly in the Azure portal, enabling them to track sustainability progress over time. The service provides detailed, resource-level emissions data, unlocking opportunities for deeper optimization. Role-based access control (RBAC) ensures that relevant stakeholders can access appropriate data. Additionally, actionable recommendations are offered to support both carbon reduction and cost savings. This release underscores Microsoft’s commitment to empowering customers to align their cloud operations with sustainability objectives, offering native tools to support greener decision-making across IT environments.

Perth – Azure Extended Zones (preview)

Microsoft has announced the public preview of the Perth Azure Extended Zone. Azure Extended Zones are small-scale Azure deployments located in specific metros, industrial hubs, or jurisdictions to support low-latency applications and enforce data residency requirements. These zones are capable of running virtual machines, containers, storage solutions, and selected Azure services. With the introduction of the Perth Extended Zone, customers in the region can now run latency-sensitive and high-throughput workloads closer to their end users, improving performance while aligning with regulatory and data governance mandates.

Networking

ExpressRoute Metro available in Italy North with Equinix

ExpressRoute Metro is now available in the Italy North region in partnership with Equinix. This connectivity option allows customers to establish private, resilient network connections to Microsoft cloud services through Equinix infrastructure. ExpressRoute Metro offers low-latency, high-bandwidth connectivity within metropolitan areas, supporting performance-sensitive workloads and regulatory compliance needs for businesses operating in or near the Italy North region.

Azure Virtual Network Manager high-scale private endpoints in connected groups (preview)

Microsoft has introduced the public preview of high-scale private endpoints within connected groups using Azure Virtual Network Manager. This new capability is designed to address the growing scalability needs of complex enterprise network environments in Azure. It enables the support of up to 20,000 private endpoints within a single connected group, significantly increasing the ability to scale private connectivity across large environments. This enhancement allows organizations to manage a broader set of workloads efficiently, improving network architecture flexibility while maintaining strong isolation and security.

Storage

Azure File Sync in Italy North

Microsoft has expanded the availability of Azure File Sync to the Italy North region. Azure File Sync provides a hybrid storage solution that allows organizations to tier data from on-premises Windows Servers to Azure Files, optimizing performance while reducing on-premises storage requirements. This expansion brings the service closer to customers in the region, offering reduced latency, improved performance, and compliance with local data residency regulations. With Azure File Sync, businesses can maintain the compatibility and flexibility of traditional file servers while benefiting from the scalability and cost-efficiency of the Azure cloud.

Azure Archive Storage in Italy North

Azure Archive Storage is now available in the Italy North region. This service provides a secure, low-cost option for storing rarely accessed data, such as compliance archives, backup data, and long-term retention files. With this regional expansion, customers in Italy can now benefit from reduced latency and improved data residency compliance when leveraging Azure Archive Storage for their cold data needs.

Azure Storage Actions – Serverless storage data management

Microsoft has announced the general availability of Azure Storage Actions, a fully managed serverless platform for automating data management tasks across Azure Blob and Data Lake Storage. Available in select Azure regions, Storage Actions empowers organizations to scan, analyze, and process billions of objects across multiple storage accounts without writing code. The solution supports the use of blob tags and metadata as dynamic parameters, allowing fine-grained control over how each object is handled. An integrated dashboard provides visibility into operations, including detailed drill-downs. By combining a no-code experience with serverless scalability, Azure Storage Actions significantly simplifies and accelerates storage data workflows.

Azure Premium SSD v2 now available in more regions

Azure Premium SSD v2 is now available in several additional non-availability-zone (non-AZ) regions, including US West, UK West, Canada East, Australia Southeast, North Central US, West Central US, Australia Central 2, and Norway West. Premium SSD v2 is a next-generation general-purpose block storage offering that delivers sub-millisecond latency and optimized price-performance for I/O-intensive enterprise workloads. It is ideal for a wide array of use cases such as SQL Server, Oracle, MariaDB, SAP, Cassandra, MongoDB, big data analytics, gaming on virtual machines, and stateful container deployments. This expansion brings high-performance storage closer to more global Azure customers.

Azure NetApp Files support for Active Directory connection per NetApp account

Azure NetApp Files now offers general availability of Active Directory connection per NetApp account. This feature enables each NetApp account to connect independently to its own Active Directory Forest and Domain, allowing multiple, distinct Active Directory configurations within a single Azure region and subscription. With this functionality, organizations can achieve better operational segregation, enhance security, and simplify hosting of specialized or multi-tenant environments. The association of SMB volumes to specific Active Directory connections per NetApp account further streamlines identity and access management across different organizational contexts.

Azure NetApp Files cross-zone and cross-region replication across subscriptions

Azure NetApp Files now supports replication across different subscriptions under the same tenant, enabling cross-subscription replication. This enhancement significantly improves disaster recovery and operational flexibility by utilizing NetApp SnapMirror technology, which optimizes data transfer by replicating only changed blocks in a compressed format. The feature supports both cross-zone replication across all Azure NetApp Files regions with availability zones and cross-region replication across all supported regions. Organizations can now better manage and protect data across different organizational units or cost centers while maintaining efficient and secure replication practices.

Azure NetApp Files cross-zone-region replication (preview)

Microsoft has introduced the public preview of cross-zone-region replication (CZRR) for Azure NetApp Files, a capability that extends existing cross-region and cross-zone replication functionalities. CZRR allows replication of volumes not only across different Azure regions but also across availability zones within the same region. This dual-layer replication enhances both disaster recovery and business continuity. Customers can configure protection by combining various replication setups, such as one cross-zone and one cross-region replication relationship, two cross-region replications, or two cross-zone replications. For cross-zone replication, the source volume must reside in an availability zone. This preview feature aims to deliver higher resilience and data protection for critical workloads.

Azure Premium SSD v2 Disk Storage in Japan West

Azure Premium SSD v2 (Pv2) Disk Storage is now available in the Japan West region. Pv2 represents Azure’s next-generation general-purpose block storage, engineered to provide sub-millisecond latency, flexible scalability, and cost efficiency. It allows users to independently scale IOPS, throughput, and capacity, making it suitable for a wide variety of production workloads. Pv2 supports relational databases such as SQL Server, Oracle, and MariaDB, NoSQL platforms like Cassandra and MongoDB, as well as SAP systems, analytics tasks, gaming environments, and stateful containerized applications. This expansion delivers high-performance disk storage closer to customers in Japan West, enhancing workload responsiveness and data locality.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Local. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Local, as officially released by Microsoft in the past two weeks.

Azure

General

Microsoft Announces New European Digital Commitments

Microsoft has introduced five new commitments to deepen its partnership with Europe, focusing on digital resilience, data privacy, cybersecurity, and competitiveness. These actions reflect Microsoft’s goal to align with European values and regulations.

1. Expanding AI and Cloud Infrastructure
Microsoft will boost its European datacenter capacity by 40% over two years, covering 16 countries. This includes public and sovereign cloud operations, and partnerships with firms like Bleu (France) and Delos Cloud (Germany). Microsoft aims to support innovation while complying with EU laws.

2. Strengthening Digital Resilience
Microsoft will operate European cloud services under a Europe-based board and uphold a Digital Resilience Commitment, pledging to challenge any external attempts to disrupt services. Code backups in Switzerland and continuity partnerships will ensure service reliability.

3. Safeguarding Data Privacy
With the EU Data Boundary project completed, Microsoft enables customers to keep data within the EU. Customers can encrypt data with their own keys, use lockboxes, and restrict Microsoft access. Microsoft also legally defends against unlawful data requests.

4. Boosting Cybersecurity
Microsoft has supported Ukraine and NATO with $500 million in cybersecurity aid and intelligence. A new Deputy CISO for Europe will oversee compliance with EU cybersecurity regulations like DORA and CRA. Independent audits will confirm adherence.

5. Supporting Competitiveness and Open Source
Through its AI Access Principles, Microsoft ensures open access to over 1,800 AI models, many of them open-source. The company supports European businesses and research institutions in applying AI, and commits to continued local collaboration.

These commitments underline Microsoft’s long-term dedication to Europe’s digital future and its respect for local governance.

Semantic Ranker for Azure AI Search now available on ItalyNorth

The Semantic Ranker feature in Azure AI Search is now generally available in the ItalyNorth region. This capability enhances the relevance of search results by using deep learning models to understand the semantic meaning behind user queries. It enables more accurate and contextually appropriate responses, particularly beneficial for AI-powered applications requiring advanced search functionalities.

Azure Functions Flex Consumption plan hosting now available on ItalyNorth

The Flex Consumption plan for Azure Functions is now available in the ItalyNorth cloud region. This Linux-based hosting option builds upon the pay-as-you-go Consumption model, offering greater flexibility and customization. It introduces capabilities such as private networking, selectable instance memory sizes, and rapid, large-scale out scenarios—all while maintaining a serverless billing model. This provides developers with enhanced control over their serverless workloads without compromising on scalability or cost-efficiency.

UAE North regional availability with Microsoft Dev Box

Microsoft Dev Box is now available in the United Arab Emirates (UAE) North region. This expansion enables customers in the UAE and nearby areas to provision developer workstations closer to their users and data sources, enhancing performance and ensuring compliance with data residency requirements. With this regional support, organizations can now benefit from faster provisioning times and improved network performance for Dev Box environments.

Compute

Azure Compute Fleet

Azure Compute Fleet is now generally available across all Azure regions, offering a scalable and flexible way to deploy up to 10,000 virtual machines in a single fleet. This service intelligently selects and provisions VM instances that match specified parameters—such as core count, RAM, region, pricing model, and VM SKU—ensuring optimal resource allocation for diverse workloads. Azure Compute Fleet also includes robust management features to automatically adjust deployment based on factors like Spot VM evictions, capacity shortages, and cost optimization needs. It is particularly valuable for customers requiring dynamic scaling with a wide variety of VM configurations.

Instance Mix for Virtual Machine Scale Sets

Instance mix is now generally available for Virtual Machine Scale Sets, enabling the use of multiple VM sizes within a single scale set deployment. This new feature offers enhanced flexibility and cost optimization by allowing customers to specify a mix of VM sizes tailored to their workload requirements. It also includes allocation strategies that can prioritize either price or capacity based on customer preferences. With instance mix, deployments benefit from increased capacity availability and simplified management of diverse VM resources within a unified scale set. In addition, customers leveraging Spot Priority Mix can combine both Spot and On-Demand VM instances, further increasing their ability to secure necessary capacity at optimized costs.

Improve the security of Generation 2 VMs via Trusted Launch in Azure DevTest Labs (preview)

Trusted Launch is now available in public preview for Generation 2 virtual machines (Gen2 VMs) within Azure DevTest Labs. This feature introduces a set of coordinated infrastructure technologies that enhance protection against sophisticated and persistent threats. By leveraging Trusted Launch, users can enable key security capabilities—such as secure boot and virtual TPM—independently, thereby hardening their Gen2 VMs without significant configuration overhead. This enhancement is part of Azure’s ongoing efforts to provide secure-by-default infrastructure for development and testing environments.

Improve the security of Generation 2 VMs via Trusted Launch in Azure DevTest Labs (preview)

Trusted Launch is now available in public preview for Generation 2 virtual machines (Gen2 VMs) within Azure DevTest Labs. This feature introduces a set of coordinated infrastructure technologies that enhance protection against sophisticated and persistent threats. By leveraging Trusted Launch, users can enable key security capabilities—such as secure boot and virtual TPM—independently, thereby hardening their Gen2 VMs without significant configuration overhead. This enhancement is part of Azure’s ongoing efforts to provide secure-by-default infrastructure for development and testing environments.

Networking

Azure Firewall integration in Security Copilot

The integration of Azure Firewall with Microsoft Security Copilot enhances the way analysts investigate threats by leveraging natural language interactions. This feature enables users to analyze malicious traffic intercepted by the Intrusion Detection and Prevention System (IDPS) across all deployed firewalls without writing complex KQL queries. Through either the Security Copilot portal or the Copilot in Azure experience, users can: retrieve the top IDPS signature hits, enrich threat profiles with additional intelligence, perform fleet-wide signature searches across tenants, and generate environment-specific security recommendations. This integration streamlines threat analysis and empowers teams with faster, more actionable insights.

Azure Firewall Log Tables Now Supported in Azure Monitor Basic Plan

All resource-specific log tables for Azure Firewall now support the Azure Monitor Basic log plan. This addition enables customers to reduce their logging costs by up to 80%. While this plan provides significant savings, it is important to note that it does not support integrations with Policy Analytics or Microsoft Security Copilot. Organizations looking to balance cost efficiency with basic firewall logging capabilities may find this update especially beneficial.

Next hop IP support for Virtual WAN

Azure Virtual WAN has introduced support for Next hop IP, enhancing routing flexibility for complex networking scenarios. The virtual hub router within Azure Virtual WAN can now peer with Network Virtual Appliances (NVAs) or BGP-enabled endpoints to exchange routes directly. This enables customers to advertise routes for virtual machines that reside behind load balancers, streamlining traffic flows and optimizing network architecture across virtual hubs. This improvement significantly simplifies route management in hybrid and large-scale cloud networks.

Azure virtual network terminal access point (TAP) (preview)

Azure Virtual Network TAP is now in public preview, offering a powerful way to stream virtual machine network traffic directly to packet collectors or analysis tools. This agentless solution eliminates the need for additional appliances or changes to existing network topologies, enabling transparent traffic mirroring with zero impact on VM performance. Furthermore, mirrored traffic does not count against the VM’s bandwidth quota. With broad compatibility across third-party tools, Virtual Network TAP facilitates robust integration into existing security and monitoring frameworks—an essential advancement for organizations requiring deep network visibility in their cloud environments.

Azure WAF CAPTCHA Challenge for Azure Front Door (preview)

Azure Web Application Firewall (WAF) for Azure Front Door now includes CAPTCHA challenge support in public preview. This new capability introduces an adaptive layer of defense to mitigate threats from automated attacks such as bots, scrapers, and brute-force attempts, which often bypass traditional protections like IP filtering or rate limiting. By requiring real-time human verification through an interactive CAPTCHA, this feature enhances application security while maintaining usability for legitimate users. It provides a modern and effective way to safeguard web applications from malicious automated traffic.

Storage

Next-Generation Azure Data Box Devices Now Available

Microsoft has announced the general availability of the next-generation Azure Data Box 120 and Azure Data Box 525. These compact, NVMe-based devices are now available for order in the US, US Gov, Canada, EU, and UK Azure regions, with broader regional availability expected soon. Since their preview debut at Ignite ’24, these devices have successfully facilitated petabyte-scale data ingestion across numerous customer projects and industry verticals. Customers have reported up to 10x improvements in data transfer speeds, citing enhanced reliability and efficiency as key benefits. The design of these devices is based on extensive customer feedback and reflects the growing demands of large-scale data migrations. Azure Data Box continues to offer one of the most cost-effective solutions for offline data transfers, with a competitive price per terabyte and seamless ordering through the Azure portal.

Cross-Region Data Transfer Support in Azure Data Box

Azure Data Box now supports cross-region data transfer for all Azure region pairs, marking a significant enhancement in flexibility for distributed storage strategies. Customers can now upload data from any on-premises location directly to any Azure region, eliminating the need to physically transport the device across commerce boundaries. For example, data collected in Japan can be uploaded to an Azure data center in the European Union, while the Data Box itself remains within Japan. The transfer is carried out over the Azure network at no additional cost, making this feature particularly valuable for global enterprises managing multi-regional data workloads.

Azure Files: Metadata Cache for Azure SSD (Premium) SMB

Azure Files has introduced a new enhancement that significantly improves metadata operations performance for both SMB and REST protocols. This capability is automatically available at no extra cost and benefits both new and existing file shares. Whether used to support critical business applications, streamline DevOps workflows, or provide storage for large-scale virtual desktop environments, Azure Files now offers improved speed, scalability, and performance optimization. This update reinforces Azure Files as a high-performance storage option for demanding enterprise workloads.

Azure Premium SSD v2 and Ultra Disk Storage Now Available in Australia Central 2 and Norway West

Azure Premium SSD v2 and Ultra Disk Storage have been made generally available in the Australia Central 2 and Norway West regions. Azure Ultra Disk Storage provides high throughput, elevated IOPS, and consistently low latency, making it an optimal choice for data-heavy applications such as SAP HANA, high-performance databases, and applications requiring intensive transactional operations. Azure Premium SSD v2, designed as a next-generation block storage solution, delivers sub-millisecond latencies and cost-efficient performance for IO-intensive workloads. It is ideal for a wide spectrum of enterprise production scenarios, including SQL Server, Oracle, MariaDB, SAP, big data analytics, gaming on virtual machines, and stateful containers.

Cross-tenant customer-managed keys for Azure NetApp Files volume encryption (preview)

A new feature in public preview enables cross-tenant customer-managed keys (CMK) for Azure NetApp Files volume encryption. This capability allows end users to manage their own encryption keys across different Azure tenancies, rather than relying on the SaaS provider’s key management. Particularly useful in SaaS provider-to-customer models, it ensures that customers maintain full control over their data protection. Available in all regions that support Azure NetApp Files, this enhancement provides increased flexibility and transparency in key management strategies for both providers and consumers.

Azure Local

Azure Local 2504: new OS version, feature enhancements, and improved update experience

The 2504 release of Azure Local introduces several enhancements aimed at improving performance, security, and manageability. New deployments now use OS version 261000.3775, while existing systems remain on version 23598.1551. Customers can obtain this OS image and compatible drivers through the Azure portal or via their OEM partners.

Significant improvements have been made in several areas. .NET update installations are now more reliable, and update processes benefit from enhanced health checks and simplified tracking via the Azure portal. Registration and deployment processes are more flexible, allowing customers to select from up to six supported software versions, and error logging has been improved.

Security is also strengthened: Dynamic Root of Trust for Measurement (DRTM) is now enabled by default for new deployments. Azure Local VMs gain new capabilities, such as data disk expansion and live migration for VMs using GPU partitioning (GPU-P), provided the latest NVIDIA vGPU drivers are used.

Additional changes include renamed OEM licenses to reflect Azure Local branding, improved handling of solution extensions, a new crash dump collection feature for observability, and updates to billing logic for newer deployments. Documentation for version 22H2 will be archived after May 31, 2025.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Local. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Local, as officially released by Microsoft in the past two weeks.

Azure

Compute

Retirement of D, Ds, Dv2, Dsv2, and Ls Series Virtual Machines

Microsoft has announced the retirement of the D, Ds, Dv2, Dsv2, and Ls series virtual machines, effective May 1, 2028. After this date, these VM series will no longer be available for use or purchase. Customers currently utilizing these VM types are advised to begin planning their migration strategies toward newer VM generations to ensure ongoing compatibility and support for their applications. As part of the phased retirement process, three-year reserved instances for these VMs will no longer be available for purchase or renewal starting May 1, 2025. One-year reservations will continue to be offered until 2027. For those with active three-year reservation contracts, the benefits will remain valid until contract expiration. Beyond that point, instances will revert to pay-as-you-go pricing. To avoid billing surprises and ensure continuity, customers should review their reservations and take action to transition affected workloads.

Networking

Azure Firewall Updates – Parallel IP Group Updates

Azure Firewall now supports Parallel IP Group Updates, enabling administrators to update multiple IP Groups simultaneously as part of their firewall or firewall policy changes.

Key Benefits

• Faster & Scalable Updates: Update up to 20 IP Groups in parallel, achieving up to 2x faster update times compared to sequential updates.
• Improved Visibility: Enhanced error messaging allows administrators to quickly identify and resolve issues. Even if one IP Group fails, other updates continue uninterrupted, preserving overall system integrity.

This update significantly improves management efficiency and scalability for large-scale or dynamic firewall policy environments.

New Regions for Azure Front Door Premium with Private Link-Enabled Origins

Azure Front Door Premium now supports Private Link-enabled origins in West US 2 and Southeast Asia regions. This feature allows content to be delivered through public Front Door endpoints while keeping backend origins inaccessible from the public internet, enhancing security and privacy. With the addition of these new regions, organizations can now deploy Private Link-enabled architectures in more geographies, improving network performance and meeting regional compliance requirements.

Network isolated cluster in AKS

Azure Kubernetes Service (AKS) now offers network isolated clusters, enabling a simplified approach to securing network access to Kubernetes workloads. While customers have traditionally relied on Azure Firewall to control egress traffic and enforce isolation, this approach often introduces added complexity and cost. With network isolated clusters, organizations can reduce the risk of unintentional exposure of public endpoints and strengthen the security posture of their AKS deployments. This built-in feature helps minimize attack surfaces by ensuring tighter control over how clusters connect to external networks, supporting compliance and data protection goals with greater ease.

ExpressRoute Resiliency Enhancements (preview)

Microsoft has introduced new resiliency validation and insight capabilities for ExpressRoute, now available in public preview. These enhancements aim to improve the assessment and monitoring of ExpressRoute-enabled workloads, offering more robust and transparent insights into network reliability. The resiliency validation feature allows customers to simulate site failovers on their Virtual Network Gateways, enabling proactive testing during planned migrations or outage scenarios. This helps verify failover mechanisms and ensures continued connectivity to Azure services. In addition, the new resiliency insights capability introduces a resiliency index — a percentage-based score that evaluates ExpressRoute reliability based on criteria such as route resilience, use of zone-redundant gateways, advisory feedback, and test results from resiliency validation. These metrics allow organizations to identify weak points in their network architecture and make informed improvements to enhance the robustness of their connectivity.

Increased VNet limits for Private Endpoints (preview)

Microsoft has introduced High Scale Private Endpoints, now in public preview, enabling significantly increased limits for deploying Azure Private Endpoints within Virtual Networks (VNets) and across peered VNets. Previously, customers could only create up to 1,000 private endpoints within a single VNet, and exceeding this limit required a support request. Additionally, Microsoft recommended a soft limit of 4,000 private endpoints across peered VNets to avoid connectivity issues. With the introduction of High Scale Private Endpoints, these limits are substantially raised—allowing up to 5,000 private endpoints within a single VNet and 20,000 across peered VNets. This capability is especially beneficial for large-scale, service-rich environments where extensive use of private connectivity is essential. Customers seeking greater scalability for their private networking configurations are encouraged to adopt High Scale Private Endpoints to support growing infrastructure needs without the complexity of manual quota increases.

Storage

Vaulted Backup for Azure Files

Azure Backup has announced the general availability of Vaulted Backup support for Azure Files – Standard tier, providing a robust, enterprise-grade solution to protect data and applications hosted on Azure SMB file shares.

Key Features & Benefits

• Integrated Protection Policy: Combine snapshot and vaulted backup in a single policy to protect data in a secure Recovery Services vault.

• Regional Recovery: Ensure data resilience with support for cross-region restore.

• Advanced Protection Capabilities:

  • Ransomware protection and immutability

  • Restore capability even if the file share is deleted

• Azure File Sync Integration: Seamlessly protect cloud-tiered data from Azure File Sync, enabling long-term retention in a cost-effective way.

With this release, customers can meet compliance, security, and business continuity requirements while simplifying backup management and reducing data protection costs.

Azure File Sync support for managed identities

Azure File Sync now supports managed identities, a feature that has reached general availability. This enhancement replaces the need for shared keys with a more secure and streamlined authentication mechanism through system-assigned managed identities provided by Microsoft Entra ID. By configuring managed identities within an Azure File Sync deployment, these identities will handle authentication in several key scenarios: the Storage Sync Service authenticating to the Azure file share, registered servers authenticating to the Azure file share, and registered servers authenticating to the Storage Sync Service. To further simplify the setup and improve security, managed identities are now enabled by default for all new Storage Sync Services. Configuration can be completed directly through the Azure portal, eliminating the previous dependency on PowerShell. This updated experience is being gradually rolled out across all Azure regions. The feature is available at no additional cost in all Azure Public and Government cloud regions, making it a recommended approach for customers seeking enhanced security and simplified identity management.

Azure NetApp Files Flexible Service Level (Preview)

Azure has introduced a Flexible Service Level for Azure NetApp Files, now in public preview, allowing customers to independently configure storage capacity and throughput for greater cost and performance optimization.

Key Features & Benefits

• Customizable Throughput: Scale throughput independently from capacity, up to 640 MiB/s per provisioned TiB, which is up to 5x higher than the Ultra tier.

• Manual QoS Pools: Supported with manual QoS capacity pools, offering a baseline throughput of 128 MiB/s at no additional cost.

• Right-Sized Performance:

  • High throughput for smaller pools – Ideal for SAP HANA, Oracle, and other demanding workloads.

  • Cost savings for high-capacity/low-throughput workloads – Reduce cost without compromising storage footprint.

• No Volume Moves Required: Avoid service disruptions or reconfigurations when scaling performance or storage.

This new service level offers unprecedented flexibility, allowing customers to fine-tune Azure NetApp Files performance and cost based on exact workload requirements.

Azure Local

Azure Local – 2503 Update Released

The 2503 update for Azure Local has been officially released as of March 31st, introducing a set of baseline enhancements focused on improving registration, deployment, and overall management experience. This update reflects ongoing efforts to simplify operations and bolster security within Azure Local environments.

Key changes include a shift in the extension installation process: extensions are no longer installed during the registration phase but are now deployed during machine validation. Additionally, the local UI used for bootstrapping has been deprecated in favor of the Configurator app, providing a more modern and flexible onboarding experience. The Arc registration flow has also been streamlined—Service Principal Name (SPN) is deprecated, and a simplified Arc installer script now relies solely on the Start-ArcBootstrap command.

The update also supports composed images for OEMs and enables deployment of both current and previous versions of Azure Local. While the Azure portal supports the latest version, prior versions must be deployed using dedicated Azure Resource Manager templates.

Other notable improvements include enhanced security for the Bootstrap service, integrated environment checks for connectivity and validation, improved update applicability logic, and support for downloading platform update packages via URLs. Finally, users can now connect to Azure Local VMs over SSH or RDP from within the host network, removing the requirement for line-of-sight access.

Azure Local Performance Metrics Dashboard

Microsoft has introduced the Azure Local Performance Metrics Dashboard, a powerful new tool designed to provide comprehensive visibility into the health and performance of Azure Local systems. With over 60 metrics collected by default—at no additional cost—this out-of-the-box solution delivers actionable insights across storage, network, and compute resources.

Metrics are automatically gathered by the TelemetryAndDiagnostics agent, which is configured during deployment, enabling seamless access to system telemetry without requiring manual setup. The dashboard offers deep visibility into several critical performance areas:

• Storage Performance: Includes disk read/write operations and throughput, volume latency, and insights into VHD and physical disk activity to help optimize storage usage.

• Network Performance: Monitors data transmission metrics such as Netadapter Bytes Sent/Received, RDMA traffic, and VM-level network activity for early detection of bottlenecks or connectivity issues.

• Compute Metrics: Tracks memory usage (available, assigned, used, pressure) across host and guest environments, along with CPU utilization metrics for both host and virtual machines.

This centralized performance dashboard empowers administrators to proactively manage their Azure Local environments, facilitating data-driven decisions to maintain system efficiency and reliability.

Support for 4-node switchless configuration

Microsoft has introduced official documentation to support 4-node switchless configurations, expanding the deployment options for Azure Stack HCI and other Azure-integrated infrastructure solutions.

This update provides organizations with the flexibility to deploy smaller, cost-effective clusters without the need for dedicated network switches between nodes. The switchless architecture simplifies the physical setup and reduces hardware requirements while maintaining essential performance and connectivity capabilities for supported scenarios.

By adding support for this topology, Microsoft continues to enhance deployment versatility, especially for edge and branch environments where simplicity and space efficiency are crucial.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Local. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.