Category Archives: Azure Management

Azure Hybrid Management & Security: What’s New and Insights from the Field – June 2025

Once again this month, I’m back with my recurring series focused on the evolution of Azure management and security services, with a special focus on hybrid and multicloud scenarios enabled by Azure Arc and enhanced by the use of Artificial Intelligence.

This monthly series aims to:

Provide an overview of the most relevant updates released by Microsoft;
Share operational tips and field-proven best practices to help architects and IT leaders manage complex and distributed environments more effectively;
Follow the evolution towards a centralized, proactive, and AI-driven management model, in line with Microsoft’s vision of AI-powered Management.

The key areas we will cover in this series, along with the corresponding tools and services, include:

🔹 Hybrid and multicloud environment management – with Azure Arc, which extends policy, security, management, and automation capabilities to on-premises and multicloud resources.

🔹 AI and intelligent automation – enabled by Microsoft Copilot in Azure, AIOps capabilities, and predictive tools to streamline operations and support smarter decision-making.

🔹 Security posture across hybrid and multicloud infrastructures – using Microsoft Defender for Cloud and other native services for vulnerability management and advanced threat protection.

🔹 Governance and policy management – leveraging tools such as Azure Policy, Azure Cost Management, and Resource Graph to ensure control, standardization, and cost/resource optimization.

🔹 Update & Patching – through Azure Update Management, Azure Automation, and native patching capabilities across Azure Arc-enabled environments.

🔹 Backup & Resilience – using Azure Backup and Azure Site Recovery to ensure business continuity, data protection, and disaster recovery.

🔹 Monitoring – with tools like Azure Monitor, Log Analytics, and Application Insights for comprehensive visibility and effective troubleshooting.

Security posture across hybrid and multicloud infrastructures

Microsoft Defender for Cloud

New features, bug fixes, and deprecated features of Microsoft Defender for Cloud

The development of Microsoft Defender for Cloud is constantly evolving, with improvements being introduced on an ongoing basis. To stay updated on the latest developments, Microsoft maintains this page, which provides information on new features, bug fixes, and deprecated functionalities. Below are the main updates for the month:

Optional index tags for malware scan results in Defender for Storage (preview) – Microsoft has announced a new feature in Public Preview for Defender for Storage that introduces support for optional index tags in malware scan results, both during file uploads and on-demand scans. This option allows users to choose whether or not to publish scan results in the blob index tags, providing greater flexibility in managing stored information. The activation or deactivation of tags can be configured at the subscription or storage account level, via the Azure portal or API. This feature enables the service to be adapted to specific needs in terms of governance, compliance, and performance.

API discovery and security posture assessment for Function Apps and Logic Apps (preview) – Defender for Cloud extends its API Discovery and API Security Posture Management capabilities to Azure Function Apps and Logic Apps, previously supported only through Azure API Management. Thanks to this extension, security teams can gain a centralized and up-to-date view of the entire API attack surface within the organization. Key features include:

automatic inventory of APIs,
risk assessment of outdated, exposed, or unencrypted endpoints,
targeted remediation suggestions.

Agentless File Integrity Monitoring (preview) – File Integrity Monitoring (FIM) is now available in Public Preview in agentless mode, complementing the existing agent-based solution via Microsoft Defender for Endpoint. This new mode allows monitoring of file and registry key changes without the need to install agents, making monitoring simpler and more scalable—ideal for environments that require reduced operational complexity. Key features include:

custom definition of paths to monitor,
consolidation of events (agentless and agent-based) into a single table within the workspace, with clear source identification.

Agentless code scanning: GitHub support and customizable coverage (preview) – The agentless code scanning capability has been enhanced with new features, now available in Public Preview, to offer broader coverage and greater control over development environments. Notable updates include:

native support for GitHub repositories, in addition to Azure DevOps,
ability to choose scanning tools (e.g., Bandit, Checkov, ESLint),
granular configuration of scan scope (projects, repositories, or entire organizations).

Governance and policy management

Azure Advisor

Azure Advisor improves VM right-sizing with new SKUs and families

Azure Advisor has expanded the scope of its virtual machine right-sizing recommendations, now including a broader range of SKUs and support for the latest VM families in the D, E, and F series.
This update enables more accurate analysis of CPU performance and provides more precise suggestions for optimizing workloads. Organizations can identify oversized VMs and resize them based on actual usage, achieving tangible benefits in terms of:

reduced operational costs,
minimized resource waste,
contribution to environmental sustainability.

Azure Cost Management

Support for FOCUS 1.2 standard in Microsoft Cost Management (preview)

Microsoft has announced the Public Preview availability of support for the FinOps Open Cost and Usage Specification (FOCUS) 1.2 standard in Microsoft Cost Management. This update marks a significant step forward for FinOps teams by simplifying reporting, unifying multi-cloud billing data, and enabling financial analysis across multiple currencies.

FOCUS 1.2 is a standardized, cloud-agnostic schema designed to improve cost management across IaaS, PaaS, and SaaS services. Key updates include:

improved column naming conventions,
introduction of new fields to support future extensions,
alignment with key billing constructs such as InvoiceId, ServiceModel, and AmortizationClass.

The main benefits include unified and consistent reporting, enhanced support for multi-currency scenarios, improved data quality and integrity, and streamlined FinOps workflows thanks to the schema’s increased extensibility.

Backup & Resilience

Azure Backup

Increased disk capacity for Azure virtual machine backup

Microsoft has announced the availability of extended disk capacity support for Azure VM Backup. It is now possible to protect virtual machines with individual disks up to 64 TB, with a total limit of up to 512 TB per VM. This update enhances business continuity and disaster recovery scenarios by enabling native protection—within the Azure ecosystem—even for the largest and most critical workloads.

Long-term backup for Azure Database for PostgreSQL – Flexible Server

Azure Database for PostgreSQL – Flexible Server introduces a new long-term backup capability through integration with Azure Backup. This development addresses compliance and data protection requirements by allowing custom backup policies, individual backup management, and a simplified configuration process. Key highlights include the ability to retain data for up to 10 years—an essential feature for regulated or audit-driven scenarios. These new options strengthen the data protection strategy in hybrid and multicloud environments, providing administrators with greater granularity in managing backup retention and accessibility, while ensuring regulatory and operational compliance.

Azure Site Recovery

Azure Site Recovery supports Linux VMs with Trusted Launch

Azure Site Recovery (ASR) support for Linux virtual machines with Trusted Launch is now generally available. This feature enables automated protection for Azure Generation 2 VMs that leverage the advanced security capabilities of Trusted Launch, including Secure Boot and vTPM (Virtual Trusted Platform Module). With this update, Linux VMs can now benefit from a fully managed and integrated disaster recovery solution in Azure, enhancing the resilience of environments that require high security standards. Support for Windows VMs with Trusted Launch was already available, and this extension to Linux completes the coverage, making ASR an even more robust choice for hybrid and mission-critical scenarios.

Azure Site Recovery support for virtual machines with Premium SSD v2 disks (preview)

Microsoft has announced the Public Preview of Azure Site Recovery (ASR) support for virtual machines using Premium SSD v2 disks. This enhancement extends disaster recovery capabilities to workloads that require high performance, such as SQL Server, Oracle, SAP, and big data environments. ASR enables efficient VM replication across Azure regions or from on-premises environments to the cloud, offering automated failover and the ability to run disaster recovery drills. The introduction of support for Premium SSD v2 disks—known for low latency, consistent performance, and independent scalability of IOPS and throughput—further increases flexibility and efficiency in protecting critical environments.

Support for Ultra Disks in Azure Site Recovery (preview)

Support for Azure Site Recovery (ASR) for virtual machines using Ultra Disks is now available in Public Preview. This enhancement enables advanced disaster recovery scenarios for performance-intensive workloads, extending resilience to VMs equipped with disks that offer sub-millisecond latency and extremely high throughput. Ultra Disks represent the highest-performing block storage in Azure, ideal for critical systems such as SAP HANA, enterprise-grade databases, and high-intensity transactional environments. With this update, ASR continues to strengthen its integrated workload protection offering, enabling replication across Azure regions or from on-premises environments, with features like automated failover and test failovers. It’s a key extension for organizations aiming for robust business continuity using native Azure tools for mission-critical workloads.

Monitoring

Azure Monitor

Ingestion issue monitoring with Azure Monitor Workspace (preview)

A new feature for proactive data ingestion issue monitoring in Azure Monitor Workspace is now available in Public Preview. This innovation enhances visibility into incoming data streams, allowing administrators to more easily detect errors, anomalies, or slowdowns in the monitoring pipeline. In complex and distributed environments, the ability to promptly identify such issues is essential to ensure the continuity of observability processes, improve operational responsiveness, and reduce the risk of losing critical data.

Query Editor in Azure Monitor Metrics now generally available

Microsoft has announced the General Availability of the new Query Editor within Azure Metric Explorer, now integrated with Azure Monitor Workspace. This feature enables direct querying of metric data collected from Prometheus using the PromQL language, all accessible directly from the Azure portal. This update introduces a more powerful and flexible way to explore and analyze monitoring data, allowing users to quickly gain targeted insights to optimize resources and improve performance in both cloud and hybrid environments. The native integration of PromQL in Metric Explorer represents a significant step toward more efficient, analytical, and data-driven management of distributed systems.

Conclusions

The landscape of hybrid and multicloud environment management and security continues to evolve with significant innovations. The updates introduced by Microsoft in June 2025 further strengthen organizations’ ability to protect, optimize, and effectively govern their infrastructures—both in the cloud and on-premises. The preview features of Microsoft Defender for Cloud, along with new resilience tools such as support for Ultra and Premium SSD v2 disks in Azure Site Recovery, represent a tangible step forward toward more secure, scalable, and high-performance architectures. At the same time, improvements in monitoring, cost management, and proactive resource recommendations enable more granular and informed control of distributed environments. It is essential for IT and security teams to stay up to date with these developments, adopt a data-driven approach, and progressively integrate new capabilities into their processes to ensure strong security posture and efficient governance in increasingly dynamic and complex scenarios.

Azure Hybrid Management & Security: What’s New and Insights from the Field – May 2025

This monthly series aims to:

Provide an overview of the most relevant updates released by Microsoft;
Share operational tips and field-proven best practices to help architects and IT leaders manage complex and distributed environments more effectively;
Follow the evolution towards a centralized, proactive, and AI-driven management model, in line with Microsoft’s vision of AI-powered Management.

The key areas we will cover in this series, along with the corresponding tools and services, include:

🔹 Hybrid and multicloud environment management – with Azure Arc, which extends policy, security, management, and automation capabilities to on-premises and multicloud resources.

🔹 AI and intelligent automation – enabled by Microsoft Copilot in Azure, AIOps capabilities, and predictive tools to streamline operations and support smarter decision-making.

🔹 Update & Patching – through Azure Update Management, Azure Automation, and native patching capabilities across Azure Arc-enabled environments.

🔹 Backup & Resilience – using Azure Backup and Azure Site Recovery to ensure business continuity, data protection, and disaster recovery.

🔹 Monitoring – with tools like Azure Monitor, Log Analytics, and Application Insights for comprehensive visibility and effective troubleshooting.

Hybrid and multicloud environment management

Measure, manage, and reduce carbon emissions in Azure

Microsoft has announced the general availability of the carbon optimization feature in Azure, a native solution designed to help organizations measure, manage, and reduce the carbon emissions generated by their cloud workloads. Integrated directly into the Azure portal, this feature provides preconfigured dashboards and KPIs to monitor environmental impact over time. Emission data is available at the individual resource level, offering a high level of detail and the ability to identify concrete optimization opportunities. Role-Based Access Control (RBAC) ensures that only authorized users can view relevant information. Additionally, operational recommendations are provided to support both emission reduction and cost savings. This announcement reaffirms Microsoft’s commitment to supporting customers in achieving more sustainable cloud management by offering integrated tools for more environmentally conscious IT decisions. A significant step forward for organizations that prioritize these aspects.

AI and intelligent automation

Microsoft Copilot in Azure

GitHub Copilot for Azure: smarter, more integrated cloud development

GitHub Copilot for Azure is now generally available—a solution that revolutionizes cloud development through an AI assistant seamlessly integrated with Azure resources. Designed to simplify and accelerate developers’ work, this tool supports Infrastructure as Code (IaC) using languages such as Bicep and Terraform, helps proactively identify and resolve issues, and provides contextual recommendations to improve code quality in real time. Copilot proves to be a valuable ally for those designing resilient and modern architectures, transforming how code is written, distributed environments are managed, and new cloud skills are acquired. Its availability marks a concrete step toward adopting an AI-enhanced cloud management model.

AI-powered Investigation for troubleshooting in Azure Monitor (preview)

The AI-powered Investigation feature is now available in Public Preview in Azure Monitor, aimed at improving the troubleshooting experience and speeding up the detection and resolution of issues in applications and infrastructure. Artificial intelligence deeply analyzes telemetry collected by Azure Monitor—including metrics, logs, resource status, alerts, and application topology—to identify anomalies and suggest potential root causes and solutions. Analyses are personalized through direct interaction with the AI, making results more accurate and relevant. A new entity, called an “issue,” aggregates all information related to a problem, seamlessly integrating these capabilities into the alert management workflow. Currently available for Application Insights, this feature will soon expand to other resources.

Copilot in SQL Server Management Studio (preview)

The new Copilot integration in SQL Server Management Studio (SSMS) is also now in Public Preview. This AI assistant is designed to help developers and administrators write, modify, and troubleshoot T-SQL queries using natural language. Copilot leverages the database context to provide personalized responses based on the specific environment, covering areas such as maintenance, configuration, and database management—whether in the cloud or on-premises. This innovation is part of Microsoft’s broader journey toward increasingly intelligent and proactive management tools, powered by AI to boost productivity and reduce the complexity of day-to-day operations.

Security posture across hybrid and multicloud infrastructures

Microsoft Defender for Cloud

New features, bug fixes, and deprecated features of Microsoft Defender for Cloud

The development of Microsoft Defender for Cloud is constantly evolving, with continuous improvements being introduced. To stay updated on the latest developments, Microsoft updates this page, which provides information on new features, bug fixes, and deprecated features. Specifically, this month’s main news includes:

Active User (Public Preview): a new feature designed to help administrators quickly identify the most relevant users for each recommendation, based on recent control plane activity. For each recommendation, up to three active users are suggested at the resource, resource group, or subscription level. You can assign the recommendation, set a due date, and directly notify the assigned user, streamlining remediation workflows and reducing investigation time.
General Availability of Defender for AI Services: runtime protection is now available for Azure AI services, previously known as threat protection for AI workloads. This protection covers specific AI-related scenarios such as jailbreak attempts, wallet abuse, data exposure, and suspicious access patterns, leveraging signals from Microsoft Threat Intelligence and Azure AI Prompt Shields.
Security Copilot now GA in Defender for Cloud: the general availability of Microsoft Security Copilot enables faster risk response through AI-generated summaries, remediation suggestions, and automated notifications. Administrators can quickly summarize recommendations, generate remediation scripts, and delegate tasks via email, boosting the operational efficiency of security teams.
Data and AI Security Dashboard: the new dashboard provides a unified and centralized view for monitoring the security posture of data and AI resources. It includes capabilities such as sensitive data discovery, identification of active AI resources (including containers, datasets, and models), and highlighting critical issues based on high-severity recommendations, alerts, and attack paths.
Defender CSPM: Billing for MySQL and PostgreSQL Flexible Server starting June 2025: starting June 1, 2025, Microsoft will begin billing for Azure Database for MySQL Flexible Server and PostgreSQL Flexible Server workloads protected by Defender CSPM. No action is required from users, but monthly billing may change depending on the protected resources.
Customizable filters for malware scanning on upload in Defender for Storage: Microsoft Defender for Storage now officially supports customizable filters for on-upload malware scanning. Users can define exclusion rules based on blob path prefixes or suffixes, as well as blob size. This update allows non-critical or temporary files, such as logs or transient files, to be excluded from scanning—optimizing security processes and helping reduce operational costs.

Governance and policy management

Azure Cost Management

Advanced Exports in Cost Management

Advanced exports in Cost Management are now generally available across all Azure regions and clouds. This feature introduces significant improvements in how organizations can automate the analysis of cost and usage data. Key enhancements include an expanded set of exportable datasets (including price sheets, recommendations, and reservation details), new export formats (CSV with Gzip compression, Parquet with Snappy compression), and support for the FinOps Open Cost and Usage Specification (FOCUS) version 1.0. Organizations can now configure partitioned files, enable overwrites, retrieve historical data (up to thirteen months via the portal, seven years through the REST API), and export to storage accounts protected by firewalls or network policies. Schema versioning is also supported, ensuring compatibility with existing data pipelines. This update is extremely valuable for streamlining FinOps workflows, managing costs at scale, and aligning with enterprise security and compliance requirements.

Improvements to Purchase Details in Cost Management for MCA Customers (Preview)

By June, new preview features will enhance purchase details in Cost Management for customers under the Microsoft Customer Agreement (MCA). The improvements primarily focus on reserved instances (RIs), Azure savings plans (ASPs), and third-party purchases made through the Azure Marketplace. Users will be able to view the subscription ID associated with RIs and ASPs, simplifying showback and chargeback activities. Start and end dates will display the full duration of the offer, and cost data will be available in both the billing currency and US dollars, facilitating comparison with list prices. For monthly-billed offers, the pricingCurrency and costInPricingCurrency fields will show values for each installment. For Marketplace purchases completed through the Azure portal, tag support will be added, and fields such as the resource URI, subscription ID, and resource group name (where supported) will be visible. Additionally, the “Effective Price” field will be available, expressed in the pricing currency. Partner customers will also be able to view purchases and refunds at the subscription level, improving transparency in cost management.

Backup & Resilience

Azure Backup

Backup for Azure Database for PostgreSQL – Flexible Server

The Vaulted Backup feature for Azure Database for PostgreSQL – Flexible Server is now generally available and managed through Azure Backup. This solution offers scalable and secure backups with fully automated management via scheduled policies, eliminating the need for manual intervention. Key benefits include enhanced security through immutable vaults and role-based access controls, long-term retention (LTR) of up to 10 years to meet global regulatory requirements, and enterprise-level management via the Azure Business Continuity Center, which enables unified operations and governance of all protected resources from a single console. This is an ideal solution for businesses and developers who require operational continuity and regulatory compliance in critical environments.

GRS and CRR Support for Azure Backup with Premium SSD v2 Expanded to New Regions

Geo-Redundant Storage (GRS) and Cross-Region Restore (CRR) support in Azure Backup for virtual machines using Premium SSD v2 is now available in even more regions. Premium SSD v2 is a high-performance block storage solution that offers low latency, high IOPS, and high throughput at a cost-effective rate. With GRS and CRR, data can be protected from irreversible loss and restored on demand in a secondary region, making this functionality ideal for audit or disaster recovery scenarios. Newly supported regions include Brazil South, South Central US, North Central US, East US 2, Central US, UK West, UK South, Canada East, Canada Central, West US, West Central US, West US 2, Australia Southeast, and Australia East. A strategic solution for ensuring the resilience of critical workloads.

Azure Backup for Elastic SAN (Preview)

Microsoft has announced the public preview of Azure Backup support for Elastic SAN—a fully managed solution for protecting and restoring Elastic SAN volumes. This integration allows data to be safeguarded against accidental deletion, ransomware attacks, and application updates by exporting Elastic SAN volumes into incremental Managed Disk snapshots, independent of the lifecycle of the original volumes. The snapshots are stored using locally redundant storage (LRS) and support up to 450 recovery points with a backup frequency of up to every 24 hours. Currently, the feature is available only in select Azure regions and supports volumes up to 4 TiB. During this preview phase, long-term vault backups and hourly backups are not available. There is no Azure Backup Protected Instance cost, but standard rates apply for incremental snapshots. This marks an important step toward native, scalable protection of modern SAN environments hosted in Azure.

Monitoring

Azure Monitor

Cross-region replication for Log Analytics Workspace

Cross-region replication for Log Analytics Workspace is now generally available. This feature enhances the resilience of distributed monitoring environments by allowing administrators to enable a replica of the workspace in a secondary geographic region. Once activated, the replication enables simultaneous log ingestion in both regions, ensuring uninterrupted visibility through dashboards, alerts, and advanced solutions like Microsoft Sentinel—even in the event of a regional outage. This represents a significant advancement in business continuity management for critical or geographically distributed environments.

Increased record limit per query in Log Analytics to 100,000

Azure Monitor Log Analytics has increased the record limit per query in the UI to 100,000, up from the previous limit of 30,000. This enhancement enables deeper analysis and more detailed investigations directly within the Azure portal, without the need for external tools to process large volumes of data. To enable this option, simply select “Max. limit” from the “Show” menu in the Logs interface or set it as the default value. Microsoft is actively monitoring usage and performance to assess future extensions. For even larger-scale analysis, exports of up to 500,000 records via API remain available.

Managed Prometheus visualizations and enhanced monitoring for AKS

Managed Prometheus-based visualizations in Azure Monitor are now generally available, offering a unified and enhanced monitoring experience for Azure Kubernetes Service (AKS). This update allows users to centralize all critical information for AKS cluster management in a single view, overcoming the limitations of previous Log Analytics-based dashboards. With integrated managed Prometheus, customers benefit from a more cost-effective and responsive observability solution. Key capabilities include: cost optimization by migrating from Log Analytics to Prometheus, improved query performance, integration with recommended Prometheus-based alerts, visibility into control plane components for deeper diagnostics, and an optimized multi-cluster view for large-scale monitoring. A significant step forward for managing containerized environments in Azure.

Recommended Prometheus alerts now available for AKS cluster

Recommended community Prometheus alerts are now directly available for Azure Kubernetes Service (AKS) clusters through the Azure portal. This feature significantly simplifies monitoring management by eliminating the need to download templates or use command-line tools. The predefined alerts provide comprehensive coverage across all layers of the cluster—infrastructure, nodes, and pods. The goal is to deliver a powerful tool for timely anomaly detection, simplified diagnostics, and enhanced reliability for containerized applications. Integration with managed Prometheus metrics further strengthens Microsoft’s strategy for centralized, proactive, and cloud-native operations management.

Simple Log Alerts in Azure Monitor (Preview)

As of May, the new Simple Log Alerts feature in Azure Monitor is available in Public Preview. Designed to simplify alert creation and improve event detection timeliness, this feature differs from Log Search-based alerts, which evaluate sets of rows over a time window. Simple Log Alerts evaluate each row individually, enabling near real-time notifications. With simplified use of KQL, alerts can be defined quickly and intuitively. This solution also supports log tiers previously excluded from alerting, such as Basic Logs and Analytics. The pricing model is similar to traditional alerts, with minute-based evaluation billing. This is a particularly useful feature in operational scenarios that require fast and granular responses.

Prometheus Community Recommended Alerts for Arc-enabled Kubernetes Clusters (Preview)

In Public Preview, one-click activation of Prometheus community recommended alerts is now available for Kubernetes clusters managed via Azure Arc. Accessible directly from the Azure portal, these alerts provide comprehensive coverage for cluster, node, and pod metrics, based on community-refined Prometheus rules. Previously, enabling these alerts required manual operations via CLI and templates. To activate them, the Azure Monitor managed service for Prometheus must be enabled on the cluster.

Managed Prometheus for Arc-enabled Kubernetes Clusters in Azure Monitor (Preview)

A new Azure Monitor feature is now in Public Preview, allowing telemetry data visualization for Arc-enabled Kubernetes clusters using Managed Prometheus. This integration offers a more performant and cost-effective alternative to collecting metric data via Log Analytics. With this update, customers can: reduce costs by migrating to Prometheus-managed metrics, improve query performance, adopt preconfigured Prometheus-based alert rules, and centrally monitor multiple clusters at scale. This marks an important evolution for managing distributed containerized environments, simplifying monitoring while maintaining high levels of control and resource optimization.

Granular RBAC in Log Analytics Workspaces (Preview)

A new feature in Public Preview enables more granular access control in Azure Monitor’s Log Analytics Workspaces. Through integration with Azure Attribute-Based Access Control (ABAC), it is now possible to define row-level RBAC within the same centralized workspace. This allows organizations to segment data access based on criteria such as job role, organizational unit, geographic location, or data sensitivity. This approach enables more precise governance aligned with least-privilege principles while retaining the advantages of a centralized log platform. It is especially well-suited for complex enterprise environments with high security requirements.

Conclusions

The latest updates from Microsoft for Azure confirm a clear and strategic direction: making the cloud increasingly sustainable, secure, and governable. The integration of artificial intelligence into tools such as GitHub Copilot for Azure, SQL Server Management Studio, and Azure Monitor is no longer a future promise—it is a concrete reality that is transforming the way developers, administrators, and analysts work every day. At the same time, the focus on sustainability—with native features for monitoring and reducing carbon emissions—marks a significant step toward more responsible and environmentally conscious IT. In parallel, improvements in security posture—thanks to Microsoft Defender for Cloud—and advancements in monitoring and backup help strengthen the resilience of hybrid and multicloud environments. Lastly, the latest innovations in governance and FinOps provide increasingly advanced tools for cost optimization and consumption transparency, benefiting both IT teams and financial decision-makers.

Azure Hybrid Management & Security: What’s New and Insights from the Field – April 2025

With this article, I’m launching a new monthly series focused on the management and security of hybrid and multicloud environments with Azure, which takes over from the previous “Azure Management Services: What’s New” series.

The evolution of IT architectures and the growing adoption of hybrid models require a shift in how we approach operations, governance, and resource protection. Tools like Azure Arc, the integration of Artificial Intelligence into management processes, and new models for automation now form the foundation for modern, scalable IT control.

This new series, “Azure Hybrid Management & Security: What’s New and Insights from the Field”, is designed to follow this transformation closely. Every month, I will share:

the most relevant updates and announcements from Microsoft;
a selection of hands-on recommendations and field-proven practices;
a focus on the key tools that enable effective and secure management.

The goal is twofold: to keep you up to date, and to offer practical guidance for architects, IT leaders, and operational teams dealing with complex and distributed environments.

The key areas we will cover in this series, along with the corresponding tools and services, include:

🔹 Hybrid and multicloud environment management – with Azure Arc, which extends policy, security, management, and automation capabilities to on-premises and multicloud resources.

🔹 AI and intelligent automation – enabled by Microsoft Copilot in Azure, AIOps capabilities, and predictive tools to streamline operations and support smarter decision-making.

🔹 Update & Patching – through Azure Update Management, Azure Automation, and native patching capabilities across Azure Arc-enabled environments.

🔹 Backup & Resilience – using Azure Backup and Azure Site Recovery to ensure business continuity, data protection, and disaster recovery.

🔹 Monitoring – with tools like Azure Monitor, Log Analytics, and Application Insights for comprehensive visibility and effective troubleshooting.

AI and intelligent automation

Microsoft Copilot in Azure

Microsoft Copilot in Azure is now available!

Microsoft has announced the general availability of Copilot in Azure, marking a significant milestone in the evolution of intelligent cloud management. Copilot in Azure introduces an AI-based assistant that leverages Large Language Models (LLMs), the Azure control plane, and real-time information from the user’s environment. This enables the optimization of operational tasks, improved productivity, and full realization of the benefits offered by the cloud. With its production release, users can now enjoy enhanced performance, greater response accuracy, and full localization support across all languages of the Azure portal. The currently available features come at no additional cost, although Microsoft has indicated that future enhancements may introduce a pricing model. To ensure fair and sustainable use, protective mechanisms such as temporary throttling in case of excessive use of generative services have been implemented.

Security posture across hybrid and multicloud infrastructures

Microsoft Defender for Cloud

Threat Detection in Azure Backup with Microsoft Defender for Cloud (Private Preview)

A new Threat Detection feature for Azure Backup, integrated with Microsoft Defender for Cloud (MDC), has been released in Private Preview. This innovative capability allows for the assessment of the health status of Azure VM recovery points (RPs), distinguishing between secure and potentially compromised restore points. The analysis relies on signals from real-time scans performed by Microsoft Defender for Endpoint (MDE), as part of Microsoft Defender for Servers plans. Azure Backup uses behavioral and heuristic signals detected by MDE to identify anomalies that may indicate the presence of ransomware in backup data.

New features, bug fixes, and deprecated features of Microsoft Defender for Cloud

AI Posture Management in GCP Vertex AI (Preview): support has been extended to AI workloads on Google Cloud Platform (GCP) via Vertex AI. Key features introduced include:

Automatic discovery of AI components, data, and artifacts.
Detection of misconfigurations with integrated suggestions and remediation actions.
Attack path analysis to identify and mitigate security risks.

Integration with Mend.io (Preview): a new integration designed to enhance application security by identifying and mitigating vulnerabilities in third-party software dependencies.

GitHub Permissions Update: GitHub connectors can now request administrative permissions for Custom Properties, useful for enabling new contextualization capabilities. Permissions can be granted:

Directly from the GitHub Apps section in the organization settings.
Or via an automated email from GitHub Support.

Defender for SQL Server on Machines Plan Update: a new lightweight agent has been introduced, which no longer requires the Azure Monitor Agent. This simplifies onboarding and improves coverage.

Note: after the update, costs may increase if additional SQL Server instances are protected.

New Malware Scanning Limit in Defender for Storage: the default limit for on-upload malware scanning has been increased from 5,000GB to 10,000GB. This applies to:

New subscriptions
Reactivated subscriptions
The limit can be customized based on specific needs.

API Security Posture Management (General Availability): this capability is now generally available (GA) within the Defender CSPM Plan. Key features include:

Unified API inventory
Identification of new risk types, such as unauthenticated or unencrypted APIs
Mapping of exposed APIs via Azure API Management to Kubernetes Ingress and VMs
Support for Attack Path Analysis to better manage and mitigate risks

Improvements to Defender for App Service Alerts (effective April 30, 2025):

New alerts introduced for suspicious code execution and access to internal or remote endpoints
Detection optimized to reduce false positives
Deprecated alert: “Suspicious WordPress theme invocation detected”

Governance and policy management

Azure Cost Management

AKS Cost Optimization with Azure Advisor

Azure Advisor introduces a new feature designed to support cost optimization in Azure Kubernetes Service (AKS) clusters. Thanks to AKS-specific recommendations, it is now possible to identify concrete saving opportunities through actionable suggestions based on container cost management best practices. The recommendations are tailored to the cluster’s configuration and cover key scenarios such as rightsizing, autoscaling, consumption visibility, and SKU selection.

Environmental Sustainability

New Enhancements for Carbon Optimization in Azure (Preview)

The Carbon Optimization feature in Azure is enriched with new capabilities in Public Preview, aimed at improving the analysis and visibility of emissions data generated by cloud workloads. Key updates include a new version of the API (2024-02-01-preview), which surpasses the previous limit of 5,000 items, enabling the processing of much larger datasets for in-depth analysis. Additionally, the access model has been expanded: users with the Subscription Reader role can now view emissions data, promoting a more collaborative approach to sustainability. Another important update involves the categorization of emissions: data is now organized by resource type (e.g., virtual machines or Azure Data Explorer) rather than by service, offering more useful granularity to identify critical areas. Finally, new filters by resource type and geographic region make it easier to focus on specific segments of the infrastructure for environmental optimization.

Backup & Resilience

Azure Backup

Backup for Azure File Share in AKS with Azure Backup (Private Preview)

Microsoft has announced the start of the Private Preview for backup support of Persistent Volumes based on Azure File Share in Azure Kubernetes Service (AKS) environments. This new feature extends protection coverage for stateful workloads running on AKS, adding support for SMB-based Azure File Shares in addition to the existing support for Azure Disks.
Through snapshot-based backup mechanisms, it’s now possible to enable application-level protection for a broader range of workloads, maintaining an instant backup and restore experience with retention of up to 30 days.

Vaulted Backup for Azure Data Lake Storage (Public Preview)

Vaulted backup for Azure Data Lake Storage is now available in Public Preview, enabling more comprehensive and resilient data protection using Azure Backup vaults. The vault stores recovery points over time and allows for the definition of a backup schedule (daily or weekly), with retention options of up to 10 years to meet the most stringent compliance requirements.
This new feature introduces an effective off-site copy strategy, safeguarding backups from accidental deletion or malicious attacks through source-data isolation, soft-delete, immutability, and data encryption. In the event the source storage is compromised, recovery can be performed on an alternate account, ensuring business continuity even in critical scenarios.

Azure Site Recovery

Shared Disk Protection

Azure Site Recovery for Shared Disk is now generally available, enabling protection, monitoring, and recovery of workloads running on Windows Server Failover Clusters (WSFC) hosted on Azure virtual machines with shared disks. This new capability extends business continuity and disaster recovery options to mission-critical scenarios such as SQL Server with Failover Cluster Instance (FCI), SAP ASCS, and Scale-out File Server.
The feature supports Windows Server 2016 and later, up to four nodes per cluster, and allows an unlimited number of shared disks per environment. Additionally, support for high write-frequency scenarios and PowerShell integration ensures scalable and automated management. This represents a significant advancement for organizations looking to implement advanced disaster recovery solutions in complex and distributed Azure environments.

Monitoring

Azure Monitor

I/O Performance Analysis for SQL Server on Azure Virtual Machines

I/O performance analysis for SQL Server running on Azure virtual machines is now available. This feature enables the identification and resolution of I/O-related bottlenecks. From the Azure portal, users can view detailed metrics and receive operational guidance to improve SQL Server instance performance, particularly when delays are caused by disk or VM throttling.
This feature allows immediate assessment of storage health and application of best practice rules. When no issues are detected, a green visual indicator is shown; otherwise, the system identifies the impact level and the exact moment of the anomaly, which may relate to disk or cache latency. It is also possible to run a subset of SQL Server best practice assessment rules and compare results over time, gaining a useful historical perspective for performance tuning.

Monitoring Java and Node.js Microservices on AKS (Preview)

A new integration between Azure Monitor Application Insights and Java and Node.js microservices deployed on AKS is now available in Public Preview. This enables automatic monitoring without any code changes.
Thanks to auto-instrumentation built into the AKS cluster, immediate visibility into Java and Node.js applications running on Linux nodes is now possible, using specific libraries. Log data, metrics, and tracing—compliant with the OpenTelemetry standard—are sent directly to the Application Insights resource.
This integration also allows application telemetry to be linked with infrastructure signals through OpenTelemetry Resource attributes, simplifying root cause analysis and improving correlation with Container Insights data. The result is faster and more effective application performance diagnostics.

Conclusions

The growing complexity of IT environments—now increasingly hybrid and distributed—requires an evolved approach to management and security. With this new monthly column, Azure Hybrid Management & Security: updates and field insights, I aim to provide a reliable reference point for navigating updates, tools, and best practices, with a practical and concrete focus.
The proposed insights not only help keep pace with Microsoft’s ongoing innovations but are especially designed to support IT professionals in the conscious adoption of scalable, secure, and sustainable solutions. I encourage you to follow this article series regularly to stay up to date and more effectively tackle the challenges of multi-cloud management.

Azure Management services: what’s new in March 2025

This month, Microsoft introduced a series of significant updates related to Azure management services. Through this series of monthly articles, the aim is to provide an overview of the most relevant new features. The goal is to keep you constantly informed about these developments, providing you with essential information to further explore these topics.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Figure 1 – Overview of Management Services in Azure

Monitor

Azure Monitor

Support for Azure Managed Prometheus Horizontal Pod Autoscaling in AKS Replica Set Pods

Azure Monitor’s managed service for Prometheus now supports Horizontal Pod Autoscaling (HPA) for the ama-metrics replica set pods within Azure Kubernetes Service (AKS). This new capability enables automatic scaling of the ama-metrics pod based on memory usage, allowing for more efficient management of Prometheus metrics and custom jobs.
By default, HPA is configured with a minimum of 2 replicas and a maximum of 12, with users having the flexibility to define a custom range within these limits. Thanks to this enhancement, the platform can dynamically adapt to monitoring demands, preventing memory exhaustion issues (OOM kills) and improving the overall reliability and scalability of AKS infrastructures.

Azure Monitor Managed Service for Prometheus on Azure Arc-enabled Kubernetes Clusters

Azure Monitor now offers a generally available managed Prometheus service tailored for Azure Arc-enabled Kubernetes environments. This fully managed service brings together the strengths of Prometheus’ open-source ecosystem with automation of complex tasks such as scaling, high availability, and data retention of up to 18 months.
It enables monitoring of Kubernetes clusters wherever they are running, providing native collection, storage, rule evaluation, and querying of Prometheus data. Backed by the same infrastructure as Azure Monitor Metrics—extended to support Prometheus format—and integrated with Azure Managed Grafana, this service is a key component for observability in cloud-native containerized workloads.

New API for Deleting Data in Log Analytics

Microsoft has introduced the Delete Data API for Log Analytics, allowing asynchronous requests to remove sensitive, personal, or corrupted data from Log Analytics workspaces. Unlike the more resource-intensive Purge API, this new API takes a more efficient approach by marking logs as deleted instead of physically removing them.
This improves performance and reduces system impact. It is recommended for deletion tasks not subject to GDPR regulations, offering a scalable and effective solution for log data management.

Govern

Azure Cost Management

Updates related to Microsoft Cost Management

Microsoft is constantly seeking new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns, and optimize costs. This article reports some of the latest improvements and updates regarding this solution:

Retirement of AWS Connector:
Microsoft has announced the retirement of the AWS connector in Microsoft Cost Management, effective March 31, 2025. This connector previously enabled centralized integration and visualization of cost data across Microsoft Azure and AWS environments.
After this date, the connector will no longer be available, and all AWS-related cost and usage data—including historical data—will be removed from the service. However, previously exported Cost and Usage Reports (CURs) stored in the user’s Amazon S3 bucket will remain intact.
Microsoft recommends migrating to a new AWS cost management solution and removing the connector via the Azure Portal by following the official instructions. As an alternative, users can export data in the FOCUS (FinOps Cost and Usage Specification) format and leverage advanced analysis tools such as Microsoft Fabric to achieve unified and detailed cost reporting across multi-cloud environments.

Reservation Exchange for Azure OpenAI Service:
Starting from February 2025, Microsoft has introduced a new feature enabling users to exchange reservations for Azure OpenAI Service directly through the Azure Portal. Reservations offer discounted rates compared to pay-as-you-go pricing and guarantee dedicated capacity for high-performance AI model execution.
This new option allows users to adjust reservations more flexibly to align with evolving operational needs. Refund requests remain available under applicable conditions. This capability marks another step forward in streamlining cost management for AI resources in Azure.

Azure Advisor

New Performance Recommendations in Azure Advisor for Azure Database for PostgreSQL (Preview)

Azure Advisor introduces new capabilities to proactively support performance management for Azure Database for PostgreSQL – Flexible Server. With three new recommendations and improvements to existing ones, users can now identify and resolve critical database performance scenarios more accurately.
For instance, long-running transactions now include the Process ID (PID) to simplify analysis, while high bloat scenarios highlight the affected database name and provide tailored resolution suggestions.
This update empowers database administrators with more detailed insights and actionable guidance for timely intervention and performance optimization.

Secure

Microsoft Defender for Cloud

New features, bug fixes, and deprecated features of Microsoft Defender for Cloud

General Availability of Agentless Scanning for VMs with Customer-Managed Key (CMK) Encrypted Disks

Agentless scanning is now generally available for Azure virtual machines with disks encrypted using Customer Managed Keys (CMK). This capability is supported by both the Defender Cloud Security Posture Management (CSPM) plan and the Defender for Servers Plan 2, and applies across multi-cloud environments.
Agentless scanning provides visibility into VM vulnerabilities and risks without requiring agent installation—even when using customer-managed encrypted disks—thus simplifying security management and ensuring broader coverage.

New Severity Levels for Security Recommendations

Microsoft has introduced an update to the severity levels used for security recommendations to enhance risk assessment and prioritization. In addition to the existing Low, Medium, and High levels, a new Critical severity level has been added.
This change enables more granular classification of security issues, allowing organizations to better focus on the most urgent threats. Customers may notice changes in the severity ratings of existing recommendations.
For those using the Defender CSPM plan, the overall risk score may also be impacted, as it now factors in both the updated severity ratings and asset context. These improvements contribute to a more effective and accurate risk management model.

General Availability of File Integrity Monitoring via Defender for Endpoint in Azure Government

File Integrity Monitoring (FIM) powered by Microsoft Defender for Endpoint is now generally available in the Azure Government (GCCH) environment, as part of the Defender for Servers Plan 2.
This implementation enables real-time monitoring of critical files and system logs, helping organizations meet compliance requirements and detect suspicious activity by identifying file content changes.
This FIM experience replaces the legacy solution based on the Log Analytics Agent (MMA), which is being retired. While MMA-based FIM will continue to be supported in Azure Government until the end of March 2025, this release also introduces a new portal experience to streamline the migration of FIM configurations from MMA to the Defender for Endpoint-based solution.

Protect

Azure Backup

Vaulted Backup Support for Azure Files Standard Shares

Azure Backup has introduced general availability of Vaulted Backup support for Azure Files Standard Shares. This new capability enhances data protection by allowing the configuration of both snapshots and vaulted backups under a single policy, while also enabling cross-account and cross-region restore.

With this release, users benefit from:

Compliance with the 3-2-1 data protection rule, thanks to immutable backups and centralized management via the Azure Business Continuity Center, which provides monitoring for jobs, alerts, and reports.
Advanced protection against ransomware and malicious activities, enabled by features such as immutable backups and soft delete within the Recovery Services Vault.
Long-term retention for compliance and audit needs, with daily, monthly, and yearly backup tiers that can be retained in cost-effective storage for up to 99 years.

Vaulted Backup support for Azure Files Premium is currently available in public preview.
Please note that pricing for vaulted backups of both Standard and Premium Azure Files will be effective starting April 1, 2025.

Azure Site Recovery

Azure Site Recovery Support for Azure Trusted Launch Linux VMs (Preview)

Azure Site Recovery now supports Azure Trusted Launch virtual machines running Linux, currently available in public preview. Azure Trusted Launch VMs offer an enhanced level of security for Azure Generation 2 VMs, enabling features such as Secure Boot and vTPM (Virtual Trusted Platform Module).
With this update, customers can now protect Linux-based VMs with the same robust security guarantees already available for Windows VMs, which are already supported by Azure Site Recovery.
This enhancement improves the resilience and security of mission-critical workloads hosted in the cloud.

Azure Site Recovery: Update Rollup 77

Update Rollup 77 for Azure Site Recovery is now available, bringing key updates and optimizations to the latest platform components.
Notably, the Mobility Service now supports additional Linux distributions in Azure-to-Azure replication scenarios, including:

Oracle Enterprise Linux 8.10
AlmaLinux 8 and 9
Ubuntu 24.04

Additionally, support has been extended for newer kernel versions of the following distributions:

Debian 11 and 12
SUSE Linux Enterprise Server (SLES) 12 and 15

This update also includes general improvements and bug fixes, further enhancing the reliability and compatibility of Azure Site Recovery for disaster recovery scenarios.

Migrate

Azure Migrate

MySQL Discovery and Assessment in Azure Migrate (Preview)

Azure Migrate has introduced public preview support for discovery and assessment of MySQL workloads, streamlining cloud migration planning.
This new capability enables the identification of MySQL instances in on-premises environments, providing detailed insights into their configurations and assessing their suitability for migration to Azure Database for MySQL – Flexible Server.

In addition to technical assessment, the service offers detailed recommendations on the most appropriate compute and storage options, including cost estimates.
With this enhancement, Azure Migrate continues to evolve as a centralized hub for the discovery, assessment, and migration of on-premises assets to Azure—whether targeting PaaS or IaaS deployment models.

Azure Evaluation

For those who wish to explore and personally evaluate the services offered by Azure, a unique opportunity is available: by accessing this page, you can test various features and services for free. This will allow you to better understand how Azure can adapt and improve your IT operations, while ensuring security and innovation.

Azure Management services: what’s new in February 2025

This month, Microsoft introduced a series of significant updates related to Azure management services. Through this monthly article series, we aim to provide an overview of the most relevant updates. The goal is to keep you constantly informed about these developments, offering essential information to explore these topics further.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Figure 1 – Overview of Management Services in Azure

Monitor

Azure Monitor

New Monitoring Experience for Azure Kubernetes Service (Preview)

Microsoft has announced the public preview of the new monitoring experience for Azure Kubernetes Service (AKS), designed to provide a unified and enhanced cluster management experience. This update marks a significant evolution of the current Insights experience, introducing more comprehensive monitoring features in a simplified interface.

The new monitoring experience offers two levels of insights: a basic, free tier available without configuration and an advanced tier, including Prometheus metrics and advanced logging capabilities. Thanks to this integration, users can monitor their clusters more effectively, quickly identify performance issues, and optimize resource management. With this innovation, Azure simplifies Kubernetes environment management, improving visibility and diagnostics for applications running on the platform.

Govern

Azure Cost Management

Copilot: Introduction of Nudges for an Optimized Experience

Copilot provides an efficient way to answer cost-related queries using natural language. Through the ‘View in Cost Analysis’ feature, users can directly access personalized analysis based on their prompts. Now, Microsoft has introduced a new feature to enhance the Copilot Assistant experience: nudges. These preconfigured suggestions, available on the overview page, encourage and guide users in interacting with Copilot. The nudges are designed to support key operations such as:

Detailed analysis of current costs
Cost comparisons across different periods
Expense forecasting

This innovation allows users to maximize Copilot’s features without worrying about prompt engineering challenges, making the experience more seamless and effective.

Updates related to Microsoft Cost Management

Secure

Microsoft Defender for Cloud

New features, bug fixes, and deprecated features of Microsoft Defender for Cloud

AWS EC2: Improved Resource Name Display

Microsoft has introduced an enhancement in displaying resource names for AWS EC2 instances within the platform. If an EC2 instance has a “name” tag, the Resource Name field will display its value. If the tag is absent, the field will continue to show the instance ID. The Resource ID remains available in the reference field.

Using the “name” tag allows users to quickly identify resources with meaningful, customized names, simplifying management and reducing the time needed to locate specific instances.

Microsoft Defender for Storage: On-Demand Malware Scanning

The on-demand malware scanning feature in Microsoft Defender for Storage is now Generally Available (GA). This capability allows scanning of existing blobs in Azure Storage accounts at any time via the Azure portal or REST API, with support for Logic Apps, Automation playbooks, and PowerShell scripts.

Key Use Cases:

Incident response: Scanning specific storage accounts after detecting suspicious activity.
Security baseline: Analyzing all stored data when enabling Defender for Storage.
Compliance: Automating scans to meet regulatory and data protection requirements.

Microsoft Defender for Storage: Support for Blobs up to 50GB

Microsoft Defender for Storage now supports scanning blobs up to 50GB, compared to the previous 2GB limit. For storage accounts handling large blobs, the new limit may result in higher monthly costs. To prevent unexpected expenses, users can set a cap on the total scanned GB per month.

Data and AI Security Dashboard (Preview)

Microsoft Defender for Cloud introduces the new Data and AI Security Dashboard, currently in preview. This tool provides a centralized platform for monitoring and managing data and AI resources while assessing risks and security status.

MDC Cost Calculator (Preview)

Microsoft introduces the MDC Cost Calculator, a preview tool for estimating cloud protection costs.

Expanded Coverage for 31 Multicloud Regulatory Standards

Microsoft Defender for Cloud now supports over 31 security and regulatory frameworks across Azure, AWS, and GCP.

Protect

Azure Backup

Vaulted Backups for Azure Database for PostgreSQL – Flexible Server

Microsoft has announced the availability of Vaulted Backups in Azure Backup for Azure Database for PostgreSQL – Flexible Server, a scalable and robust backup solution designed to meet the needs of businesses and developers. This new support expands the coverage of workloads managed by Azure Backup.

Key Benefits:

Regional Disaster Recovery: Cross-region restore ensures essential failover capabilities for business continuity and adherence to recovery protocols.
Regulatory Compliance: With long-term retention (LTR) of up to 10 years, organizations can meet international compliance requirements.
Advanced Security and Cyber Resilience: Backup data is protected from ransomware and unauthorized access through immutable vaults and role-based access control (RBAC).

Azure Backup for PostgreSQL Flexible Server is now available in East Asia, Central India, Southeast Asia, UK South, and UK West, while in other Azure regions, the service is currently in public preview. Customers can start using the service immediately by accessing the Business Continuity Center in the Azure portal and configuring backups.

Azure Site Recovery

Pricing Calculator for Azure Managed Disks

Microsoft has announced the general availability of the Pricing Calculator for Azure Site Recovery (ASR) in Azure-to-Azure use cases with Managed Disks. This new tool enables organizations to accurately estimate the total cost of ownership (TCO) for Disaster Recovery scenarios in Azure, providing greater transparency into pricing structures and simplifying financial planning. With this feature, ASR users can align with FinOps teams for more effective cost management. Currently, the Pricing Calculator is available only for Azure-to-Azure scenarios, while for VMware-to-Azure migrations, the Deployment Planner remains available to estimate Disaster Recovery costs.

Migrate

Azure Migrate

Modernization Advisor for SQL Server on Azure Virtual Machines (Preview)

Azure has introduced Modernization Advisor, now available in public preview, an integrated tool within the Azure portal designed to help organizations assess the migration from SQL Server on Azure Virtual Machines (VMs) to Azure SQL Managed Instance as a more efficient and cost-effective alternative.

How It Works

Modernization Advisor analyzes the configuration of a SQL Server instance running on an Azure VM and provides a detailed evaluation of the benefits of migration, including:

Cost Savings: Estimates the total cost of ownership (TCO) reduction achieved by switching to Azure SQL Managed Instance.
Performance Optimization: Suggests Azure SQL Managed Instance configurations tailored to the existing SQL Server workload.
Simplified Management: Helps businesses reduce administrative complexity by adopting a fully managed service.

Key SQL Server VM Resources Evaluated

Number of vCores
Memory per vCore
Storage size and type (Standard, Premium SSD, Premium SSD v2)

With Modernization Advisor, organizations can make data-driven decisions to optimize their database infrastructure, enhancing cost efficiency and overall performance. This tool represents a significant step forward in simplifying database management on Azure, providing users with clear and detailed insights to guide their modernization strategies.

Azure Migrate: Support for Premium SSD v2 (Preview)

Azure Migrate introduces support for migration to Premium SSD v2, providing users with advanced storage options featuring greater flexibility and optimized performance. These disks are ideal for mission-critical applications, thanks to high IOPS and throughput, low latency, scalability, reliability, and a competitive cost compared to previous versions. During assessments in regional datacenters where Premium SSD v2 is available, Azure Migrate will automatically suggest this option as the target for data disks, ensuring a migration experience aligned with other disks supported by the platform.

Azure Database Migration

Unified Migration Experience in Azure Database Migration Service

Microsoft has introduced the Unified Migration Experience in public preview within Azure Database Migration Service, streamlining the migration of MySQL workloads from on-premises environments, virtual machines (VMs), or other cloud providers to Azure Database for MySQL – Flexible Server. The new experience supports both physical and logical migration. With the physical approach, it is possible to quickly restore the source server’s backup files onto the destination server, enabling the migration of terabytes of data with minimal downtime and just a few clicks.

Azure Evaluation

Azure Management services: what’s new in January 2025

This month, Microsoft has introduced a series of significant updates related to Azure management services. Through this series of monthly articles, we aim to provide an overview of the most relevant updates. Our goal is to keep you constantly informed about these developments, offering essential information to further explore these topics.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Figure 1 – Overview of Management Services in Azure

Monitor

Azure Monitor

Integration of Performance Diagnostics in Azure Monitor for VM Troubleshooting (Preview)

Microsoft has introduced a new integration between Azure Monitor and Performance Diagnostics, enhancing virtual machine (VM) performance troubleshooting capabilities. This feature is now available in the VM Overview Monitoring panel and the VM Insights section of Azure Monitor, providing a unified experience that combines monitoring and diagnostics in a single environment. Thanks to this integration, users can identify and resolve VM performance issues more efficiently within the Azure Monitor workflow, accessing detailed diagnostic data, recommendations, and continuous or on-demand insights. The continuous mode allows for timely identification of high resource utilization, providing useful indications for proactive performance management and reducing the risk of downtime. This evolution of Azure Monitor represents a step forward in ensuring the highest level of operational efficiency for cloud-based VMs, simplifying the diagnosis and optimization process.

Monitoring Azure Container Storage Metadata with Azure Monitor Managed Service for Prometheus (Preview)

Azure Container Storage offers a native experience for containers and is optimized for integration with Azure Kubernetes Service (AKS). With its launch in Public Preview, customers using Azure Container Storage in AKS clusters can now collect storage pool and disk metrics via Azure Monitor Managed Service for Prometheus. These metrics can be viewed and queried directly in Azure Managed Grafana. Once Azure Container Storage is enabled on an AKS cluster with managed Prometheus active, metrics will be automatically collected and integrated with other system metrics. This update enhances monitoring and simplifies storage resource management in AKS clusters.

Configure

Azure Automation

Revision of Service and Subscription Limits for Azure Automation

Starting January 15, 2025, Azure Automation will introduce a revision of service and subscription limits to ensure fair cloud resource distribution among all customers. This update aims to improve service reliability and performance while optimizing resource utilization. Given that organizations’ needs vary and evolve over time, customers will be able to configure their limits based on actual usage.

The resources affected by this revision include:

The maximum number of automation accounts per subscription in a single region.
The maximum number of concurrently running jobs per automation account.

Customers can check their current usage, review limits, and request quota changes by creating a support request under Service and Subscription Limits (Quotas) -> Azure Automation.

Retirement of Azure Automation Jobs on Agent-Based Hybrid Worker from April 1, 2025

Starting April 1, 2025, all Azure Automation jobs executed on Agent-Based Hybrid Worker (Windows and Linux) will be discontinued. This approach was officially retired on August 31, 2024, and no longer receives security updates, posing a potential security risk. Microsoft strongly recommends migrating to Extension-Based User Hybrid Runbook Worker (Windows and Linux) to continue running hybrid jobs.

The main advantages of the new solution include:

Enhanced security through access control with system-assigned managed identities, eliminating the need for manually managed certificates.
Improved operational productivity with automatic updates and large-scale VM management.
Simplified installation, removing the need to install the Log Analytics agent.

Retirement of PowerShell Runbooks Using AzureRM Modules from February 1, 2025

As of February 1, 2025, Azure Automation will stop executing all runbooks using AzureRM modules. The PowerShell AzureRM module was retired on February 29, 2024, in favor of the Az PowerShell module, which offers greater security, stability, and advanced features.

To avoid disruptions, it is necessary to update all runbooks using AzureRM to the Az PowerShell module and remove AzureRM modules from automation accounts. This transition will ensure continuous support and access to the latest PowerShell features in the Azure Automation environment.

Blocking of Resources Interacting with Azure Automation Using TLS 1.0/1.1 Protocols from March 1, 2025

Starting March 1, 2025, resources interacting with Azure Automation via TLS 1.0 and TLS 1.1 protocols will no longer be supported. These protocols, used for establishing encryption channels, no longer meet modern security standards.

All interactions, including Webhooks, Hybrid Runbook Workers (Agent-Based and Extension-Based), and Automation DSC, using TLS 1.0 or 1.1 will be blocked. Scheduled or running jobs on Hybrid Workers using these protocols will not be completed.

To ensure continuity, it is recommended to update resources to use TLS 1.2 or higher. Microsoft has provided guidance for disabling obsolete TLS protocols and enabling TLS 1.2 or higher on Windows and Linux machines.

Secure

Microsoft Defender for Cloud

New features, bug fixes, and deprecated features of Microsoft Defender for Cloud

Update to Container Registry Scanning Policies (Preview): Microsoft has updated image scanning policies for container registries, modifying the re-evaluation period for cloud and external registries, including Azure, AWS, GCP, Docker, and JFrog. Previously, Defender for Cloud scanned images for 90 days after their publication in the registry; with this change, the scanning period will now be limited to the last 30 days. This change only affects the preview recommendation for scanning images in registries and does not impact General Availability (GA) recommendations related to vulnerability assessment (VA) in container registries.
New Permissions for the GCP Connector to Support AI Platforms: Microsoft has expanded the GCP connector’s permissions to enhance support for artificial intelligence platforms, particularly Vertex AI. With this update, Defender for Cloud can now monitor and protect AI workloads on Google Cloud more effectively. The new permissions introduced include privileges for managing batch prediction jobs, custom jobs, datasets, endpoints, models, pipeline jobs, and tuning jobs, as well as specific permissions for Discovery Engine and Google Notebooks. This update ensures broader protection for AI services hosted on GCP.
Improvements to GC-Based Linux Baselines Recommendation: The GC-powered Linux Baselines feature has been enhanced to provide greater accuracy and coverage in analyzing Linux operating systems. Starting in February, Defender for Cloud will introduce a series of updates, including new rule names for existing checks and additional security controls. These improvements will ensure more precise and up-to-date assessments, allowing organizations to strengthen the security of their Linux environments. Users wishing to exclude this recommendation can do so by exempting their resources or removing the GC extension.

Azure Evaluation

Azure Management services: what’s new in December 2024

This month, Microsoft introduced a series of significant updates to Azure management services. Through this monthly series of articles, the aim is to provide an overview of the most relevant updates, keeping you informed of these developments and equipping you with essential insights to explore these topics further.

The diagram below shows the various management areas covered in this series:

Figure 1 – Overview of Management Services in Azure

Configure

Azure Automation

Service and Subscription Limits for Azure Automation (Private Preview)

Starting January 7, 2025, Azure Automation will introduce a revision of service and subscription limits. This change aims to ensure fair distribution of cloud resources among all customers, optimizing usage and improving the overall service experience. Interested users can consult the current service and subscription limits for Azure Automation on the official site to prepare for these changes and plan any necessary adjustments to their cloud resources.

Govern

Azure Cost Management

Microsoft Cost Management: 2024 Highlights

2024 has been a year full of innovations for Microsoft Cost Management, with significant improvements aimed at optimizing cloud expenses and enhancing FinOps capabilities. Here are the main updates introduced:

Cost Visibility A new tabbed interface for cost analysis in the Azure portal simplifies switching between views, creating reports, and analyzing expenses. Additionally, loading times have been improved, ensuring a smoother experience.
Data Export New datasets related to reservations, price lists, and combined cost formats have been added. The Parquet format with file compression reduces storage and network costs. Integration with Microsoft Fabric (preview) enables advanced analytics and reporting.
Copilot Enhancements AI has been further integrated with Cost Analysis to provide detailed cost insights. New features include estimating Azure OpenAI costs in simulation scenarios.
Azure OpenAI Costs New visualizations allow monitoring deployments based on tokens and PTUs, along with reservations.
Cost Allocation Billing tags with inheritance have been launched for more efficient cost management. Tagging functionalities have also been introduced for billing sections and payment profiles.
AKS Cost Views Kubernetes namespace cost tracking is now available, enabling application-specific cost allocation.
Cost Optimization One-month and one-year reservations for Azure OpenAI are now available, offering significant savings. New RBAC roles have been introduced to manage Azure savings plans.
Cloud Sustainability In preview, Azure’s carbon optimization tool helps monitor emissions data and propose eco-friendly and cost-effective actions.

Thanks to these updates, Microsoft Cost Management has enhanced FinOps efficiency, improved cost visibility, and supported sustainability initiatives, positioning itself as a key tool for cloud expense management in 2025.

Secure

Microsoft Defender for Cloud

Sensitivity Scanning Now Available for Azure File Shares

The “Sensitivity Scanning” feature in Microsoft Defender for Cloud, designed for security posture management (CSPM), now includes Azure file shares, available in General Availability. Previously, enabling the Defender CSPM plan on a subscription allowed automatic scanning of blob containers within storage accounts to identify sensitive data. This extension now includes file shares, improving risk analysis and protection for sensitive storage accounts.

Defender for Cloud CLI Integration with CI/CD Tools (Preview)

The CLI integration feature for Microsoft Defender for Cloud with CI/CD tools is now available in public preview. This integration allows CLI usage in CI/CD pipelines to scan and identify security vulnerabilities in containerized source code. Scans help development teams detect and resolve vulnerabilities during pipeline execution without disrupting workflows. Results are uploaded to Defender for Cloud, enabling security teams to correlate data with containers in container registries.

Use Cases:

Pipeline Scanning: Securely monitor all pipelines using the CLI.
Early Vulnerability Detection: Results are displayed in the pipeline and sent to Defender for Cloud.
Continuous Security: Improved visibility and quick response capabilities during development cycles without compromising productivity.

Defender for Cloud Configuration Experience

Microsoft Defender for Cloud introduces a new configuration experience that simplifies the initial setup for connecting cloud environments, including cloud infrastructure, code repositories, and external container registries. This feature allows for advanced security plan protection, quick actions to improve coverage at scale, and notifications about connectivity issues or new security features.

Updated Cloud Environment Scan Interval Options

The scan interval options for cloud connectors associated with AWS, GCP, Jfrog, and DockerHub have been updated. Scanning intervals can now be set to 4, 6, 12, or 24 hours when adding or modifying a cloud connector. By default, new connectors continue to use a 12-hour scan interval.

Defender for Endpoint Client Update for File Integrity Monitoring

To continue leveraging the File Integrity Monitoring (FIM) functionality in Microsoft Defender for Cloud, the Defender for Endpoint (MDE) client must meet specific minimum versions.

Protect

Azure Backup

Vaulted Backup for AKS

Azure Backup introduces support for vaulted backups for AKS, now generally available. This new feature enables cross-regional disaster recovery, long-term data retention, and immutability for backups, improving resilience and simplifying compliance for cloud-native applications. Customers can protect AKS clusters during regional disaster recovery events, store backup data for up to 10 years to meet regulatory requirements, and secure data in an offsite location to safeguard against ransomware threats.

Azure Evaluation

Azure Management services: what’s new in November 2024

This month, thanks in part to the Microsoft Ignite event, significant updates have been announced for Azure Management Services. Through this series of monthly articles, we aim to provide an overview of the most relevant news, keeping you informed about these developments and offering essential information to explore these topics further.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Figure 1 – Overview of Management Services in Azure

Govern

Azure Cost Management

Updates for Microsoft Cost Management

Microsoft continually strives to improve Microsoft Cost Management, a solution designed to provide greater visibility into cloud spending, identify and prevent incorrect spending patterns, and optimize costs. This article highlights some of the latest enhancements and updates to this solution, including:

Exports to Microsoft Fabric (preview): With a new connection to Microsoft Fabric, users can export cost and pricing datasets directly into OneLake. This feature simplifies data integration into the Fabric system, eliminating the need for manual transfers from storage accounts.

Azure OpenAI Cost View: Managing Azure OpenAI Service costs is now easier with a new integrated view in Cost Analysis. This feature allows users to:

View execution costs for OpenAI models over specific periods.
- Include costs of reserved purchases within the selected subscription.
- Access the new view quickly under “Smart Views” in Cost Analysis.

Cost Simulations with Copilot: Azure Copilot now includes cost estimates for OpenAI deployments based on tokens. For example, users can simulate scenarios like a 15% increase to predict cost impacts, helping with better budget management.

Copilot-Cost Analysis Integration: The Copilot experience for Cost Management is enhanced with Cost Analysis integration in generated responses. Using the “View in Cost Analysis” button, users can:

Access a custom view based on their request.
Analyze costs with specific parameters.
Share the view with their team and set up email alerts.

Secure

Microsoft Defender for Cloud

AI Security Posture Management for Multicloud Environments

Microsoft Defender for Cloud expands its capabilities to manage the security of generative AI models. New features include:

Extended Support for Amazon Bedrock: Enables deep discovery of AWS AI technologies, including new recommendations and attack paths to enhance security.
AI Grounding Data Insights: Provides detailed analysis of datasets used for AI models, identifying associated risks and offering tools for vulnerability prioritization.

These capabilities ensure robust security for AI models, improving data governance and reducing associated risks.

Enhanced Container Security Features (preview)

In addition to existing container capabilities, significant new features include:

Detection and Response to Suspicious Activity: Defender for Cloud allows custom queries to detect anomalous behavior, improving runtime vulnerability management.
Rapid Containment: Enables limiting communication between pods or isolating networks to prevent unauthorized access to sensitive data.
AI Support for SOC: AI provides guided remediation, assisting security teams with step-by-step instructions to resolve incidents efficiently, even with limited expertise.

These features represent a further step toward comprehensive container protection.

API Security Enhancements with Microsoft Defender for Cloud (preview)

Microsoft Defender for Cloud introduces advanced features to enhance API security, addressing the growing importance of these interfaces in modern application models. New capabilities include:

Native Integration with CSPM: Provides complete API visibility through Azure API Management, mapping both front-end and back-end elements for holistic risk management.
API Data Classification: Now includes query strings and URL path parameters, supporting in-depth analysis and triage of data in transit.
Security Recommendations: Highlights exploitable attack paths, providing specific context for data exposure scenarios.

These features help organizations mitigate API risks and strengthen application security posture.

New features, bug fixes, and deprecated features of Microsoft Defender for Cloud

The development of Microsoft Defender for Cloud is constantly evolving, with continuous improvements being introduced. To stay updated on the latest developments, you can refer to this page, which provides information about new features, bug fixes, and deprecated functionalities.

Protect

Azure Backup

Regional Disaster Recovery with Azure Backup for AKS

Azure announces the availability of Vaulted Backup support for Azure Kubernetes Service (AKS), an important innovation that ensures protection, compliance, and resilience for cloud-native applications against regional disasters.

Key benefits for Azure customers:

Cross-Regional Recovery: The Cross-Region Restore functionality enables critical failover, ensuring business continuity and compliance with disaster recovery regulations.
Regulatory Compliance: Support for long-term retention (LTR) of data for up to 10 years, adhering to major global compliance frameworks.
Enhanced Security and Resilience: With immutable vaults and role-based access control, backup data is protected from ransomware and unauthorized access.

With the GA support for AKS Vaulted Backup, Azure Backup simplifies compliance, improves resilience, and strengthens the security of cloud-native environments.

Default Security with Soft Delete in Azure Backup (Preview)

Azure Backup introduces soft delete functionality, a default-enabled security measure that allows deleted backup data to be recovered for a period of 14 days. By enabling soft delete at the vault level, Azure provides default protection for all customers, preventing accidental or intentional data loss.

Immutable WORM Storage for Backups in Recovery Services Vaults (Preview)

Azure Backup introduces immutable WORM (Write Once, Read Many) storage for backups in Recovery Services Vaults. Once immutability is enabled and activated, Recovery Points cannot be deleted or have their retention periods reduced before expiration.

Key features:

Meets compliance requirements with immutable storage.
Applicable to both existing and new vaults with locked immutability.
Currently available in preview in limited regions.

This feature ensures advanced protection for backup data, reducing the risk of tampering and meeting regulatory compliance needs.

Migrate

Azure Migrate

New Capabilities of Azure Migrate for Hybrid Cloud Migration and Management

Azure Migrate introduces advanced tools to support the planning and management of migrations to Azure and hybrid environments. Customers can now create a detailed business case to compare the Total Cost of Ownership (TCO) of on-premises workloads versus Azure, as well as view annual financial analyses during the transition process.

Key updates:

Azure Arc Value Assessment: Customers can compare the current TCO of on-premises environments with the estimated TCO using Azure Arc, evaluating savings and benefits such as Extended Security Updates (ESUs) and SQL Pay-As-You-Go on Azure Arc-enabled SQL Server.
Hybrid Cloud Management: Visualize the benefits of security and management tools like Microsoft Defender for Cloud, Azure Monitor, and Azure Update Manager applied to on-premises environments via Azure Arc.
Customized Planning: For those not migrating everything or planning a phased migration, it’s possible to compare combined on-premises and Azure costs to optimize strategy.

These tools offer greater flexibility and transparency, enabling customers to download reports and involve stakeholders in the decision-making process.

New Releases and Features of Azure Migrate

To stay updated on the latest developments, visit this page, which provides information on new releases and features. This month, notable highlights include:

Cost Assessments for AVS: Support for the AV64 SKU and the external storage option with Azure NetApp Files.
Enterprise Linux Machine Migration: Capability to transfer RHEL and SLES machines from VMware and Hyper-V environments to Azure, leveraging the Azure Hybrid Benefit.

Azure Evaluation

Azure Management services: what’s new in October 2024

The following diagram shows the different areas related to management, which are covered in this series of articles:

Figure 1 – Overview of Management Services in Azure

Monitor

Azure Monitor

VM Health Monitoring with VM Watch for Azure VMs (preview)

VM Watch, now available in public preview, is a lightweight and adaptable service for monitoring the health of virtual machines (VMs) and VM Scale Sets in Azure. This service performs health checks within the VM at configurable intervals, sending results to Azure via a uniform data model. The collected data is used by Azure’s AI Operations (AIOps) engines to detect and prevent regressions. VM Watch is deployed through the Application Health VM extension, simplifying management and adoption for customers, and it is offered at no additional cost. The service is compatible with both Linux and Windows environments, suitable for individual VMs or VMSS. Additionally, VM Watch ensures efficient monitoring without compromising system performance, thanks to limits on CPU and memory usage. The service includes a set of predefined tests, easily configurable for specific scenarios, making monitoring ready-to-use right out of the box.

Govern

Azure Cost Management

Updates related to Microsoft Cost Management

Secure

Microsoft Defender for Cloud

New features, bug fixes, and deprecated features of Microsoft Defender for Cloud

Security Findings for GitHub Repositories without GitHub Advanced Security: Starting October 21, 2024, GitHub offers security findings for repositories even without GitHub Advanced Security. This new feature enables users to identify and fix Infrastructure-as-Code (IaC) misconfigurations, container vulnerabilities, and code weaknesses, providing greater protection and visibility without the advanced license. However, secret scanning, code scanning with CodeQL, and dependency scanning remain exclusive to GitHub Advanced Security.
Deprecation of Compliance Standards in Defender for Cloud: Starting November 17, 2024, three compliance standards will be removed from Defender for Cloud: SWIFT CSP-CSCF 2020 (replaced by version 2022), CIS Microsoft Azure Foundations 1.1.0 and 1.3.0 (updated to versions 1.4.0 and 2.0.0, respectively). These updates reflect the latest best practices, and users can consult the Defender for Cloud documentation for an overview of currently supported standards.
Deprecation of Defender for Cloud Standards for AWS and GCP: As of November 17, 2024, Defender for Cloud will deprecate three standards specific to AWS and GCP (AWS CSPM, GCP CSPM, and GCP Default). These checks have been integrated into the Microsoft Cloud Security Benchmark (MCSB), which becomes the default, unified standard for all multi-cloud security assessments.
Binary Drift Detection in Containers: Since October 9, 2024, binary drift detection is available for Defender for Containers. This feature detects any suspicious changes within containers in real-time, ensuring greater security for deployments on all versions of Azure Kubernetes Service (AKS).
Updated Recommendations for Container Runtime (Preview): Recommendations for addressing vulnerabilities in containers running on AWS, Azure, and GCP have been unified to reduce duplication and optimize result analysis.
Kubernetes Identity and Access View in the Security Graph (Preview): Kubernetes identities and access configurations are now visible in the security graph, showing nodes, service accounts, roles, and connections illustrating permissions among Kubernetes objects.
Identity-Based Kubernetes Attack Paths (Preview): Using RBAC data, Defender for Cloud can identify attack paths across Kubernetes clusters, detecting lateral movement.
Enhanced Attack Path Analysis for Containers: Attack path analysis now also supports containers, providing a more detailed view of potential attack patterns in cloud environments.
Complete Discovery of Container Images in Supported Registries: Defender for Cloud now detects all container images in supported registries, improving visibility and allowing in-depth searches through Cloud Security Explorer to identify images based on metadata.
Container Software Inventory with Cloud Security Explorer: Cloud Security Explorer now provides a comprehensive inventory of software installed within containers and images, facilitating the quick identification of potential vulnerabilities, including zero-day threats, before CVEs are published.

Protect

Azure Backup

Reduced Rates for SAP HANA Backup Protected Instances

As of September 1, 2024, Azure introduced a significant rate reduction for Protected Instances (PIs) related to the SAP HANA backup service on Azure VMs. This update is aimed at enhancing cost efficiency, offering a more affordable service for protecting critical data for companies without compromising quality or performance. Specifically, the backup streaming rate for SAP HANA has been set at a standard price of $80 per instance (in the East US2 region), with a standard regional surcharge, regardless of the HANA database size. For snapshot backups, the cost is $80 per 5 TB increment, with the same regional surcharge. This change allows enterprises to protect their data in a more economically sustainable way.

GRS and CRR Support for Azure VMs with Premium SSD v2 and Ultra Disk in Azure Backup

Azure has announced support for the backup of virtual machines on Premium SSD v2 and Ultra Disk using GRS (Geo-Redundant Storage) vaults. These offerings represent the most advanced storage solutions, designed to meet the needs of IO-intensive enterprise applications requiring sub-millisecond latencies, high IOPS, and throughput. With GRS support and cross-region restore capabilities, users can protect their virtual machines from data loss during disaster events, as well as perform periodic audits by restoring data on demand in the secondary region. Currently, GRS vault enablement for virtual machines using Premium SSD v2 and Ultra Disk is available in various regions, including Southeast Asia, East Asia, North Europe, West Europe, East US, West US, and West US 3. Support will be extended to other public regions in the coming months.

Immutable WORM Storage for Backups in Azure Recovery Services Vaults (preview)

Azure backup introduces the capability to use immutable WORM (Write Once, Read Many) storage for backups within Recovery Services Vaults. This option ensures that a recovery point, once created, cannot be deleted or altered during its retention period, up to the designated expiration date, helping to meet compliance requirements. WORM support will be applicable to all vaults, both new and existing, and is currently available in preview in specific regions.

Transition to Azure Business Continuity Center for Large-Scale BCDR Management (preview)

Starting October 3, 2024, Azure made the new “Azure Business Continuity Center” (ABCC) available in public preview, a centralized solution for large-scale backup and disaster recovery management. This tool arises from evolving customer needs, influenced by the growing threat of ransomware attacks, which have led many companies to seek out multiple vendors for data protection. The ABCC, which will replace the previous Backup Center, offers unified management for Azure and hybrid environments, integrating the functionalities of Azure Backup and Azure Site Recovery. The transition is immediate and at no additional cost: users can immediately view their protection status in the new center without needing to take specific actions. Simply log into the Azure portal and search for the Business Continuity Center. The Backup Center has been removed from global search results in the Azure portal but remains accessible through an option within the ABCC.

Migrate

Azure Migrate

New releases and features of Azure Migrate

Azure Migrate is the service in Azure that includes a broad portfolio of tools that can be used, through a guided user experience, to effectively address the most common migration scenarios. To stay updated on the latest developments of the solution, you can consult this page, which provides information on new releases and new features. This month’s main update is that the import of the RVTools XLSX file enables reading storage data, where available, from the vPartition and vMemory sheets (for storage space required for unreserved memory).

Azure Database Migration

Azure Evaluation

Azure Management services: what’s new in September 2024

The following diagram shows the different areas related to management, which are covered in this series of articles:

Figures 1 – Overview of Management Services in Azure

Monitor

Azure Monitor

Azure Monitor Metrics Export (preview)

Azure Monitor Metrics Export is now available in Public Preview and configurable via Data Collection Rules (DCR), allowing Azure resource metric data to be directed to Azure Storage Accounts, Azure Event Hubs, and Azure Log Analytics Workspaces for 18 types of resources and in 10 public Azure regions. Some of the key benefits of Azure Monitor Metrics Export include:

Scalability: DCR, the data collection configuration mechanism in Azure Monitor, allows you to configure collection once and apply it at scale to many resources, supporting management across multiple subscriptions.
Flexibility in data collection: Customers can select specific metrics or all metrics for a given set of resources, thus controlling volumes and associated costs.
Full-fidelity, low-latency export: Metric data is exported with dimensional information to facilitate correlation, significantly improving export latency (~70%) compared to diagnostic settings.

Configure

Update management

Retirement of Automated Patching and introduction of Azure Update Manager

As of September 15, 2027, the Automated Patching feature has been retired and replaced with Azure Update Manager. This decision was made to ensure a more efficient and centralized update management process. Azure Update Manager is an enterprise-level tool that offers several advanced features:

Centralized update management: Provides a unified dashboard to view and manage updates across the entire environment, including virtual machines, on-premises servers, and hybrid scenarios.
Custom scheduling: You can create custom update schedules based on business needs, whether they are weekly, monthly, or scheduled on specific dates.
Patch compliance reports: Azure Update Manager generates detailed reports on patch compliance, keeping users informed about the status of updates across the entire infrastructure.

Govern

Azure Cost Management

Updates related to Microsoft Cost Management

Azure Arc

Azure Container Storage enabled by Azure Arc Edge Volumes (preview)

Microsoft has announced the Public Preview of Azure Container Storage enabled by Azure Arc Edge Volumes, a versatile new feature designed to improve data management in edge environments. Azure Arc Edge Volumes offers two main functionalities: Local Shared Volume and Cloud Ingest Volume. Local Shared Volume provides high-availability storage with failover capabilities, remaining operational even without cloud connectivity, making it ideal for temporary storage and local application state data. Cloud Ingest Volume, on the other hand, allows transparent ingestion of unlimited file data from edge environments into Blob Storage, including ADLSgen2 and OneLake. The storage capacity for ingestion is user-defined, ensuring available space even during disconnections, with the option to delete local data once uploading to Blob is complete. Both solutions are based on advanced features to maintain data integrity, optimize the use of local resources, and are ideal for IoT applications. With Edge Volumes, it is possible to write to a local file system using standard I/O APIs, simplifying application code.

Secure

Microsoft Defender for Cloud

New features, bug fixes, and deprecated features of Microsoft Defender for Cloud

Improvements to Cloud Security Explorer experience: Increased performance, enriched data for each cloud asset, and enhanced CSV export with more details on exported assets.
General Availability of File Integrity Monitoring (FIM): Now available as part of Defender for Servers Plan 2, allowing real-time monitoring of critical files and logs to comply with regulations and detect suspicious changes.
FIM migration experience: A new in-product feature has been released to migrate FIM configurations from the Log Analytics Agent (MMA) to Defender for Endpoint, easing the transition.
Deprecation of MMA auto-provisioning: Starting in September 2024, MMA auto-provisioning will be progressively disabled, with full deactivation by November 2024.
Integration with Power BI: Allows the creation of custom reports and dashboards to analyze security posture and compliance recommendations.
Updates to multicloud CSPM requirements: New IP addresses to improve multicloud discovery services, requiring IP whitelist updates by October 2024.
Deprecation of Defender for Servers features: Adaptive application controls and Adaptive network hardening are now deprecated.
Compliance with the Spanish ENS standard: Added the ability to monitor compliance with the National Security Scheme (ENS) standard in Defender for Cloud’s compliance dashboard.
Remediation of system updates and patches: It is now possible to apply update recommendations to Azure Arc machines and Azure VMs via Azure Update Manager.
Integration with ServiceNow: The integration now includes the configuration compliance module, enabling the identification and resolution of cloud asset configuration issues.
Deprecation of Defender for Storage (classic): As of February 5, 2025, transaction protection plans will no longer be available for new subscriptions.
General availability of Azure Policy guest configuration: Now available for multicloud customers of Defender for Servers Plan 2, offering unified management of security configurations on Windows and Linux machines.
Support for Docker Hub in Defender for Containers: In public preview, enabling the scanning of Docker Hub images to identify and mitigate security threats.

Protect

Azure Backup

Backup Center will no longer be available in Azure portal’s global search

The new Azure Business Continuity Center (ABCC), introduced in Public Preview in November 2023, offers centralized and simplified management for data protection and recovery in Azure and hybrid environments, progressively replacing the previous Backup Center. Designed as an advanced evolution of Backup Center, ABCC allows unified management of solutions like Azure Backup and Azure Site Recovery. Access to the service is immediate, with no prerequisites or additional costs. Even for Backup Center users, no specific actions are required: Azure Business Continuity Center is already available directly from the Azure portal.

Azure Site Recovery

Update Rollup 75 for Azure Site Recovery has been released, addressing various issues and introducing some improvements. The relevant details and procedure for installation can be found in the specific KB.

Automatic certificate renewal for Azure Site Recovery from on-premises to Azure

Azure Site Recovery has introduced a new feature that enables automatic certificate renewal for data protection from on-premises to Azure in disaster recovery scenarios. Certificates are crucial to ensure communication between the various components involved in the recovery process and must be regularly renewed to avoid interruptions in Azure Site Recovery operations, such as data replication. As of August 2024, certificates used for replication from VMware to Azure, introduced in the 2021 Public Preview, will begin to expire. Thanks to this new automatic renewal capability, customers can avoid interruptions during data replication as long as the mobility agent and components within the appliance are updated to the latest available version. If communications or updates are missed, automatic renewal may fail, generating errors in the health of the appliance or agent. Customers are encouraged to follow official documentation to manually renew certificates if needed.

Support for Azure Trusted Launch VMs – Linux OS (preview)

Support for Azure Site Recovery for Azure Trusted Launch virtual machines running Linux operating systems is available in Private Preview. Azure Trusted Launch VMs offer advanced security for Azure generation 2 VMs, enabling features such as Secure Boot and vTPM. This Private Preview focuses exclusively on supporting virtual machines with Linux operating systems, while support for Windows OS VMs is already in General Availability. This new feature provides enhanced protection and recovery options for businesses using virtual machines with advanced security requirements in Linux environments.

Retirement of Classic Alerts

Azure Site Recovery recently introduced a new and improved alert management solution based on Azure Monitor. This solution offers several advantages, including:

Notification configuration: Allows notifications to be sent using a wide range of channels.
Notification scenario selection: Enables you to choose which scenarios to receive notifications for.
Programmable alert management: Offers the ability to programmatically manage alerts and notifications.
Consistent alert management experience: Ensures consistent alert management across various Azure services, including backup.

The next step involves retiring the previous Classic Alerts solution for Azure Site Recovery, set for September 23, 2027. If you are using the old classic alert solution, it is recommended to migrate to Azure Monitor Alerts. A guided experience is available through the Business Continuity Center and the Recovery Services Vault to migrate to Azure Monitor Alerts in a few clicks.