This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Local, as officially released by Microsoft in the past two weeks.
Azure
General
Azure Integrated HSM (preview)
Azure is releasing Azure Integrated Hardware Security Module (HSM), a built-in HSM cache and cryptographic accelerator designed to improve both security and performance for cryptographic operations within virtual machines. Targeted at crypto-intensive workloads, the feature provides secure key storage with fast, in-boundary retrieval and uses specialized hardware engines for encryption, decryption, signing, and verification while keys remain protected inside the integrated HSM. Azure Integrated HSM is part of the AMD D- and E-series v7 preview, designed to meet Federal Information Processing Standards (FIPS) 140-3 Level 3 requirements, and is available on the Dasv7, Dadsv7, Easv7, and Eadsv7 series with 8 vCores and above. The preview initially supports Windows (Linux support is coming soon) and is offered at no additional cost.
Compute
Retirement of F, Fs, Fsv2, Lsv2, G, Gs, Av2, Amv2, and B-series VMs in 2028
Microsoft has announced that the F, Fs, Fsv2, Lsv2, G, Gs, Av2, Amv2, and B-series Azure Virtual Machines will retire on November 15, 2028, and will no longer be usable or purchasable after that date. Customers should plan migrations of affected workloads to newer VM series to ensure continuity. Three-year reserved instances for these series cannot be purchased or renewed starting November 15, 2025, and one-year reserved instances will not be available for purchase or renewal after November 15, 2027. Existing three-year reservations will continue to provide benefits until their contracted end date; after expiration, usage will be billed at pay-as-you-go rates. Customers are advised to review current reservations to identify impacted VMs and expiration timelines and to plan migration accordingly.
Networking
Prescaling in Azure Firewall
Azure Firewall now supports prescaling, enabling administrators to provision and reserve capacity units ahead of anticipated demand—such as seasonal peaks or planned business events—to maintain consistent throughput, accelerate scaling response, and gain tighter control over capacity. In addition, a new Observed Capacity metric surfaces current and historical capacity usage to inform planning, while flexible billing ensures organizations pay only for the provisioned capacity units and can adjust them as needs evolve. Prescaling is available for Azure Firewall Standard and Premium Stock Keeping Unit (SKU) tiers in all public regions.
Observed capacity metric in Azure Firewall
Azure Firewall introduces the Observed Capacity metric to help teams understand how their firewalls scale in real-world conditions by tracking the number of actively utilized capacity units over time. With this signal, operators can validate that prescaling or autoscaling configurations behave as expected, set proactive alerts as usage approaches defined thresholds, diagnose whether scaling is keeping pace with demand, and forecast future capacity requirements using both historical and current traffic trends.
Azure Firewall updates – Customer-provided public IP address support in secured hubs
Azure Firewall in Virtual WAN secured hubs now supports customer-provided public IP addresses, allowing organizations to “bring their own” IPs already allocated within their Azure subscription. This gives teams greater control over egress identity and simplifies compliance, security policy enforcement, and third-party integrations that depend on stable, preapproved public IPs. Instead of relying on Azure-managed addresses, customers can assign their own, enabling consistent addressing across environments and reducing operational friction.
Azure Firewall updates – IP Group limit increased to 600 per Firewall Policy
Azure Firewall Policy now supports up to 600 IP Groups per policy (previously 200), enabling administrators to better organize large rule sets and reduce rule complexity. With more IP Groups, enterprises managing extensive, segmented networks can model application tiers and subnets more cleanly, while named groups improve readability and speed up troubleshooting and audits by clarifying rule intent in logs and reviews.
Private Link Service Direct Connect (preview)
Azure is introducing Private Link Service Direct Connect, which extends Azure Private Link by allowing a private link service to connect directly to any routable destination IP address—removing the previous requirement to place applications behind a Standard Load Balancer. This enhancement preserves the same private and secure access model while simplifying architectures for publishing services to customers. The limited public preview is initially available in North Central US, East US 2, Central US, South Central US, West US, West US 2, West US 3, Asia Southeast, Australia East, and Spain Central, with additional regions to follow.
Storage
Azure NetApp Files short-term clones
Azure NetApp Files short-term clones are now generally available, providing space-efficient, instant read/write copies created from existing volume snapshots without requiring full data duplication. The clones persist for up to 32 days and consume capacity only for incremental changes, accelerating development, analytics, disaster recovery drills, and testing with large datasets. By enabling rapid refreshes from the latest snapshots and minimizing operational overhead, this capability improves workflow velocity, quality, and cost efficiency across data-intensive scenarios.
Azure Storage Discovery
Azure Storage Discovery delivers enterprise-wide visibility across the Azure Storage data estate, allowing organizations to deeply analyze used capacity and activity, optimize costs, strengthen security posture, and improve operational efficiency. Integrated with Azure Copilot, it lets stakeholders—from cloud architects to storage administrators and data governance leads—unlock insights with natural language prompts and quickly answer questions such as total data stored across all accounts, regions with the fastest growth, and where to reduce costs via tiering adjustments or cleanup of stale data. The service is offered in two plans—Free for basic insights and Standard for full capabilities—and can begin analyzing data across subscriptions within hours, providing some pre-deployment history and up to 18 months of retention to reveal long-term patterns like workload peaks and valleys.
Conclusion
Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Local. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.