This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Local, as officially released by Microsoft in the past two weeks.

Azure

General

Availability of Microsoft Azure and related services

Microsoft has announced several generally available updates related to the expansion of Azure infrastructure and storage services. First, Microsoft has opened its new cloud region in Denmark, Denmark East, to support digital transformation and AI innovation for customers in the country. This new region provides local, secure cloud infrastructure with support for data residency, low-latency access, and access to advanced cloud and AI services. In addition, Azure Premium SSD v2 is now available in US Gov Arizona, a region without Availability Zones, extending access to this next-generation general-purpose block storage option for Azure virtual machines in government environments. Azure Premium SSD v2 offers sub-millisecond latency and strong price-performance characteristics for IO-intensive workloads such as SQL Server, Oracle, MariaDB, SAP, Cassandra, MongoDB, big data and analytics platforms, and gaming workloads running on virtual machines or stateful containers. Azure Premium SSD v2 is also now available in South India, further expanding regional access to this storage option for enterprise production workloads that require high performance and cost efficiency.

Compute

Ephemeral OS Disk with full caching for VM/VMSS (preview)

Ephemeral OS Disk with full caching is now available in public preview for Azure Virtual Machines and Virtual Machine Scale Sets, delivering significantly faster and more reliable OS disk performance for supported workloads. This capability works by caching the entire OS disk image on local VM storage, including cache disk, resource disk, or NVMe disk, which results in improved I/O performance, consistently low latency, and greater resilience in scenarios involving remote storage disruptions. The feature is especially beneficial for stateless and I/O-sensitive workloads such as AI applications, quorum-based databases, data analytics platforms, and large-scale stateless services running on General Purpose VM families. It is currently available on most General Purpose VM SKUs, excluding 2-core and 4-core virtual machines, in Central US. Customers can enable it by setting the

Networking

Unlock client-side configuration at scale with Azure App Configuration and Azure Front Door (preview)

Azure App Configuration, integrated with Azure Front Door, is now available in public preview and enables organizations to deliver dynamic configuration directly to client-side applications securely and at CDN scale. This new capability brings greater flexibility to modern application architectures and is particularly relevant for AI-powered and agentic client applications. It supports a wide range of client experiences, including Single Page Applications built with frameworks such as React, Vue, Angular, and Next.js, as well as mobile and desktop applications developed with .NET MAUI, browser-based JavaScript components, embedded widgets, and other web applications capable of running JavaScript. With this integration, customers can centrally manage feature flags and configuration settings and propagate updates to browsers and mobile apps in real time without redeploying applications. Azure Front Door provides low-latency delivery for large global audiences, while the design ensures that secrets are not exposed to clients, as only scoped configuration values are delivered through managed identity. This built-in approach also simplifies application architecture by removing the need for custom proxy layers.

Storage

Azure Data Box enhancements

Azure Data Box now includes two generally available enhancements designed to improve compliance, transparency, and data transfer flexibility. First, Azure Data Box automatically generates a downloadable Secure Erasure Certificate for every completed order, verifying that all data on the device has been securely erased in accordance with NIST 800-88 Revision 2 standards. The certificate is produced as part of the standard cleanup process and is available directly through the Azure portal, reducing audit complexity, eliminating the need for manual validation, and simplifying compliance requirements for organizations working with sensitive data, including those in government, law enforcement, and financial services. In addition, Azure Data Box now supports data ingestion into Azure Files Provisioned v2 storage accounts. This allows customers to transfer data directly into a storage model where capacity, IOPS, and throughput are provisioned independently, offering greater flexibility and cost control for file share workloads across most public Azure regions.

Azure NetApp Files storage with cool access enhancement (preview)

The cool access enhancement for Azure NetApp Files storage is now in public preview and introduces an updated Quality of Service (QoS) behavior for Premium and Ultra service levels. This enhancement improves the way Azure NetApp Files balances performance and cost for environments that combine hot and cool data workloads. As data moves to cool storage, throughput is automatically adjusted to preserve hot-tier performance while still allowing customers to take advantage of cool access at scale. The capability continuously optimizes pool and volume throughput according to changing cool access patterns, delivering a more seamless operational experience and reducing the need for manual tuning. As a result, organizations can better align storage performance with workload demand while improving cost efficiency for mixed-use datasets.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Local. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Local, as officially released by Microsoft in the past two weeks.

Azure

Compute

Retirement: Azure VMware Solution AV36P and AV52 node retirement on June 30, 2029

Microsoft has announced the retirement of Azure VMware Solution (AVS) AV36P and AV52 nodes effective June 30, 2029. The company stated that existing Reserved Instance (RI) terms for AV36P and AV52 are not affected by this announcement, but customers should review their RI expiration timelines and plan the transition to newer AVS node types. To support this migration, Microsoft will offer AV36P and AV52 VMware Cloud Foundation (VCF) Bring Your Own License (BYOL) 3-year Reserved Instances until June 30, 2026, and 1-year Reserved Instances until June 30, 2028. All migrations away from AV36P and AV52—including Pay-As-You-Go subscriptions—must be completed by June 30, 2029. Microsoft also clarified that this change affects only AV36P and AV52 nodes, while AV48 and AV64 remain available with AVS VCF BYOL options. Customers are advised to move to a supported AVS node type before the end of their current AV36P or AV52 RI term and to use available AVS documentation and HCX migration guidance to plan the transition.

Networking

Default Rule Set 2.2 and updates to ruleset support policy

Microsoft is updating the managed ruleset support policy for Azure Web Application Firewall (WAF) following the general availability of Default Rule Set (DRS) 2.2 on Azure Application Gateway and Azure Front Door. Starting with DRS 2.2, Azure WAF will support the latest three managed ruleset versions at any given time (N, N-1, and N-2). When a new ruleset version is released, the version that becomes N-3 will enter a final one-year support period, during which it may receive only critical security updates if necessary. With the release of DRS 2.2, CRS 3.1 and CRS 3.0 in Azure Application Gateway, as well as DRS 1.2, DRS 1.1, and DRS 1.0 in Azure Front Door, have entered their final support year, which ends on February 26, 2027. Microsoft recommends that customers upgrade to a supported ruleset version to continue receiving full protection coverage, enhanced detections, and improvements aimed at reducing false positives.

Storage

Azure Storage Mover enables private data transfers from AWS S3 to Azure Blob (preview)

Azure Storage Mover now supports direct, private data transfers from Amazon Web Services (AWS) Simple Storage Service (S3) in a Virtual Private Cloud (VPC) to Azure Blob Storage in Public Preview. This capability enables organizations to migrate data securely without relying on manual pipelines or third-party tools, while also supporting automation through the Azure portal and providing real-time monitoring of migration jobs. Following the earlier general availability announcement for AWS-to-Azure transfers over public networks, this update extends Azure Storage Mover with private networking support to address stricter security and compliance requirements. Microsoft highlights automated and scalable workflows through centralized job orchestration and dashboards, secure and compliant transfers aligned with Azure governance frameworks, and faster modernization by making data available in Azure for analytics, AI, and other cloud innovation scenarios as soon as it arrives.

Entra ID-based access for Azure Blob Storage SFTP (preview)

Microsoft Entra ID-based access for Azure Blob Storage SFTP is now available in Public Preview, enabling users to connect securely to Azure Blob Storage over Secure File Transfer Protocol (SFTP) by using Microsoft Entra identities instead of creating and managing local user accounts. This capability also supports guest users through Entra External Identities, allowing organizations to collaborate more securely with partners and vendors. The new model introduces Single Sign-On (SSO) and Multi-Factor Authentication (MFA) support, enables the use of Conditional Access policies based on context such as location, device compliance, and risk, and aligns SFTP access with existing identity lifecycle processes so permissions can be updated or revoked automatically when users change roles or leave the organization. In addition, SFTP authorization integrates natively with Azure Role-Based Access Control (RBAC), Attribute-Based Access Control (ABAC), and Access Control Lists (ACLs), ensuring consistent permissions across SFTP, REST APIs, Azure CLI, and other Azure access methods.

Azure Local

Azure Local: Features and improvements in 2603

Microsoft has released the March 2026 update for hyperconverged deployments of Azure Local, identified as version 12.2603.1002.15. This release includes general reliability improvements and bug fixes, while also introducing updates across the operating system, Kubernetes support, GPU enablement, security readiness, and provisioning workflows. From 2603 onward, all new and existing Azure Local deployments run the updated OS version 26100.32522, available from the Azure portal, and customers must ensure they use a driver compatible with OS version 26100.32522 or Windows Server 2025. For Integrated System or Premier solution hardware purchased through the Azure Local Catalog, the OS remains preinstalled, and Microsoft recommends working with the Original Equipment Manufacturer (OEM) to obtain compatible OS images and drivers. The build also updates both .NET Runtime and ASP.NET Core to version 8.0.25.

For Azure Kubernetes Service (AKS) enabled by Azure Arc, this release supports Kubernetes versions 1.31.12, 1.31.13, 1.32.8, 1.32.9, 1.33.4, and 1.33.5, while Kubernetes 1.30 is no longer supported. Microsoft also notes that KMS v1 will be deprecated soon and that KMS v2 is included in this Azure Local release, so customers should plan to redeploy clusters by using KMS v2. In addition, support for the Windows Server 2019 SKU for node pools ends in March 2026, and administrators should verify that AKS clusters are on a supported Kubernetes version before upgrading Azure Local.

This release also introduces support for the NVIDIA RTX PRO 6000 Blackwell Server Edition GPU on Azure Local VMs and on AKS enabled by Azure Arc, enabling GPU-accelerated workloads on Azure Local with this new NVIDIA platform. On the security side, Microsoft has improved Secure Boot certificate readiness by adding built-in orchestration to deploy the new Secure Boot 2023 certificates, helping customers prepare for upcoming Secure Boot changes while reducing update risk. Finally, simplified machine provisioning is now available, allowing customers to install the operating system and register Azure Local machines together through a single streamlined workflow.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Local. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Local, as officially released by Microsoft in the past two weeks.

Azure

General

Microsoft Sovereign Cloud adds governance, productivity, and support for large AI models in fully disconnected environments

Microsoft has expanded Microsoft Sovereign Cloud capabilities to help organizations meet digital sovereignty requirements while maintaining governance, productivity, and AI innovation even in fully disconnected scenarios. The update introduces a “Sovereign Private Cloud” stack that unifies Azure Local, Microsoft 365 Local, and Foundry Local across connected, intermittently connected, and air-gapped environments, enabling consistent policy enforcement and operational continuity within strict sovereign boundaries. Key additions include Azure Local disconnected operations (now available) to run and govern mission-critical infrastructure without cloud connectivity, Microsoft 365 Local disconnected (now available) to keep core productivity services—such as Exchange Server, SharePoint Server, and Skype for Business Server—running entirely inside the customer’s boundary, and Foundry Local enhancements that add modern infrastructure support and enable large, multimodal AI models to run locally on customer-owned hardware (including partner platforms such as NVIDIA) for in-boundary inferencing and APIs without external dependencies.

Compute

DCesv6, DCedsv6, ECesv6, and ECedsv6 confidential VMs

The DCesv6, DCedsv6, ECesv6, and ECedsv6 series are Azure’s next generation of confidential virtual machines (VMs), built on 5th Gen Intel® Xeon® processors with Intel® Trust Domain Extensions (Intel® TDX). Available now for production deployments, these VM families target both general-purpose scenarios (DCesv6, DCedsv6) and memory-optimized workloads (ECesv6, ECedsv6), helping organizations move highly sensitive workloads to the cloud with hardware-enforced isolation and without requiring application code changes. Microsoft positions this release as combining improved performance and scalability with confidential computing protections designed for security-critical enterprise workloads.

Networking

Draft & Deploy on Azure Firewall

Azure Firewall Policy now includes Draft & Deploy, a new capability that introduces a two-phase workflow to reduce deployment time and minimize disruption when updating firewall policies. Previously, any policy change could trigger a full deployment of both the policy and the attached firewall, often taking 2–4 minutes per update. With Draft & Deploy, users can collaboratively prepare multiple edits in a draft version cloned from the current policy without impacting the live environment, and then apply all changes in a single deployment, replacing the existing policy once the draft is finalized.

WAF Insights for Application Gateway (preview)

Application Gateway WAF Insights is now available in Public Preview, providing an interactive experience for exploring Web Application Firewall (WAF) logs and metrics directly within Azure Application Gateway. WAF Insights helps security and operations teams investigate blocked requests more quickly, analyze attack patterns, and drill into key details such as rule IDs and client IPs. With enhanced filters and visualizations, the capability is intended to improve troubleshooting efficiency, support faster identification of false positives, and streamline WAF policy tuning.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Local. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Local, as officially released by Microsoft in the past two weeks.

Azure

Compute

Encryption at host and disk encryption sets now supported in node auto-provisioning

Node auto-provisioning enabled clusters now support both Encryption at Host and Disk Encryption Sets, removing a previous limitation that prevented some security-sensitive deployments from using node auto-provisioning. With this update, customers can adopt node auto-provisioning while still meeting required encryption controls, and can also benefit from its associated improvements in compute efficiency, resiliency, and cost-management capabilities.

Networking

Azure Front Door Premium now supports Azure Private Link origins in UAE North

Azure Front Door Premium now supports Azure Private Link-enabled origins in the UAE North region, allowing customers to select UAE North as the origin region for Private Link connectivity within their Front Door Premium profiles. With Private Link-enabled origins, customers can deliver content to end users through public Azure Front Door endpoints while keeping the origin service inaccessible from the public internet, strengthening network isolation without sacrificing global edge delivery.

Storage

Instant access support for incremental snapshots of Azure Premium SSD v2 and Ultra Disk

Instant access support for incremental snapshots of Azure Premium SSD v2 (Pv2) and Ultra Disk is now Generally Available (GA), enabling customers to restore new disks immediately after snapshot creation. With this capability, newly restored disks provide high performance right away while data hydration continues in the background, accelerating backup and recovery workflows and reducing downtime for restore scenarios. Common use cases include taking instant backups before software updates and quickly reverting if needed, rapidly scaling stateful applications by cloning primary datasets (for example, adding read-only SQL Server replicas), and performing fast nightly refreshes of training or testing environments from production. Instant access for incremental snapshots is available in all public regions where Premium SSD v2 and Ultra Disk are supported.

Azure Premium SSD v2 Disk now available in Brazil Southeast and in a third Availability Zone in Malaysia West and Indonesia Central

Azure Premium SSD v2 Disk is now available in Brazil Southeast (a region without Availability Zones) and is now supported in a third Availability Zone in both Malaysia West and Indonesia Central, expanding regional and zonal options for customers running IO-intensive workloads. Premium SSD v2 is a next-generation, general-purpose block storage option for Azure virtual machines designed to deliver sub-millisecond latency and strong price-performance, and it is suited for enterprise production scenarios such as SQL Server, Oracle, MariaDB, SAP, Cassandra, MongoDB, big data/analytics, and gaming, both on virtual machines and stateful containers.

Azure Local

Features and improvements in 2602

Microsoft has released the February 2026 update for hyperconverged deployments of Azure Local, identified as version 12.2602.1002.7. This release includes general reliability improvements and bug fixes, and it also updates the underlying platform components. From 2602 onward, all new and existing Azure Local deployments run the updated OS version 26100.32370, which is available for download from the Azure portal, and customers must also ensure they have a driver compatible with OS version 26100.32370 (or Windows Server 2025). For Integrated System or Premier solution hardware purchased through the Azure Local Catalog, the OS is preinstalled, and Microsoft recommends working with the Original Equipment Manufacturer (OEM) to obtain compatible OS images and drivers. The build also updates the runtime to .NET 8.0.24 for both .NET Runtime and ASP.NET Core. In addition, the Azure portal update workflow now provides richer, more detailed information to improve the update experience. Finally, Microsoft notes that for environments running OS version 20349.xxxx (Windows Server 22H2), it is no longer possible to purchase Windows Server Subscription or Extended Security Updates (ESU).

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Local. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Local, as officially released by Microsoft in the past two weeks.

Azure

Compute

AMD v6 confidential VMs (DCa/ECa v6) now available in additional regions

AMD-based confidential virtual machines in the DCa v6 and ECa v6 series are now generally available in 11 additional Azure regions: Canada Central, Canada East, Norway East, Norway West, Italy North, Germany North, France South, Australia East, West US, West US 3, and Germany West Central. This expansion builds on the initial availability announced at launch, which included Korea Central, South Africa North, Switzerland North, UAE North, UK South, and West Central US, giving customers more regional options for running confidential computing workloads backed by hardware-based memory encryption and isolation.

Azure AMD Turin Dasv7, Dalsv7, Easv7, and Fasv7-series Virtual Machines

The Azure AMD Turin-based Dasv7/Dalsv7 (general purpose), Easv7/Eadsv7 (memory optimized), and Fasv7/Falsv7/Famsv7 (compute optimized) virtual machines are now Generally Available (GA), offered both with and without local disk support. These VM families are available in Australia East, Central US, Germany West Central, Japan East, North Europe, South Central US, Southeast Asia, UK South, West Europe, West US 2, and West US 3, with the large 160 vCPU Easv7/Eadsv7 sizes available in North Europe, South Central US, West Europe, and West US 2, and additional regions planned for 2026. Compared to prior-generation v6 instances, Microsoft states these VMs provide up to 35% higher CPU performance and substantial gains for common workload types, including up to 25% for Java workloads, up to 65% for in-memory cache applications, up to 80% for crypto workloads, and up to 130% for web server workloads. The release also introduces new local-disk-enabled variants—Fadsv7, Faldsv7, and Famdsv7—to broaden configuration flexibility for performance-sensitive scenarios.

Intel-based 7th generation Dlsv7/Dsv7/Esv7 Virtual Machines (preview)

Microsoft has announced the Public Preview of new Dlsv7/Dsv7 (general purpose) and Esv7 (memory optimized) virtual machines powered by Intel® Xeon® 6 processors (Granite Rapids). These v7 Intel-based VMs are designed to meet growing datacenter compute requirements and target a broad range of workloads, including traditional enterprise applications and AI-driven scenarios. Compared to v6, Microsoft states they deliver up to 15% better general compute performance, supported by turbo frequencies up to 4.2 GHz and up to 2x higher memory bandwidth. The new series also expands scalability, with Dsv7 and Esv7 scaling up to 372 vCPUs and Esv7 offering up to 2.8 TiB of memory. Networking and remote storage performance are also increased through the latest Azure Boost capabilities, with up to 400 Gbps networking bandwidth on the largest sizes and up to 800k IOPS and 20 GBps throughput to Premium SSD v2 and Ultra Disk remote storage on the largest sizes.

Networking

Default Rule Set (DRS) 2.2 for WAF on Azure Application Gateway

Default Rule Set (DRS) 2.2 for Web Application Firewall on Azure Application Gateway is now Generally Available (GA), providing Azure-managed protections against common web vulnerabilities and exploits. DRS 2.2 includes Microsoft Threat Intelligence collection rules—authored in collaboration with Microsoft intelligence teams—to extend coverage, target emerging exploit patterns, and reduce false positives over time. This release is based on OWASP Core Rule Set 3.3.4 and introduces refinements and new protections such as detections for content types declared outside the actual Content-Type header and enhanced remote code execution (RCE) detections, while adding additional Microsoft Threat Intelligence rules that broaden coverage across SQL injection, cross-site scripting (XSS), and other application-layer attack patterns. To help minimize legitimate traffic being blocked, DRS 2.2 ships with Paranoia Level (PL) 1 enabled by default, while PL2 rules remain disabled by default due to their more aggressive behavior and typical need for tuning.

Azure Virtual Network routing appliance (preview)

The Azure Virtual Network routing appliance is now available in Public Preview, providing private connectivity for workloads across virtual networks using specialized hardware designed for low latency and high throughput. Deployed into a private subnet, the appliance acts as a managed forwarding router, enabling traffic steering through User Defined Routes (UDR) to support scenarios such as spoke-to-spoke communication in traditional hub-and-spoke topologies. As an Azure resource, it integrates with Azure’s management and governance model, allowing customers to adopt appliance-based routing without relying on self-managed virtual machine routers.

X-Forwarded-For (XFF) grouping for rate limiting on Application Gateway WAF v2 (preview)

Application Gateway Web Application Firewall (WAF) v2 now supports additional rate-limiting GroupBy options based on the X-Forwarded-For (XFF) HTTP header in Public Preview. This capability helps customers running Application Gateway behind proxies or Content Delivery Networks (CDNs) apply rate limits using the original client IP rather than the TCP source IP, reducing the risk of throttling legitimate users that share the same proxy egress address. In this preview, custom rate-limit rules can be grouped by Client Address (XFF) or Geo Location (XFF), allowing security teams to more accurately identify and mitigate abusive or high-volume traffic patterns while continuing to use the existing Application Gateway WAF v2 custom rate-limit rules and policy model.

Storage

Azure Container Storage v2.1.0 with Elastic SAN integration and on-demand installation

Azure Container Storage v2.1.0 is now Generally Available (GA), adding native integration with Elastic SAN and introducing a modular, on-demand installation model to simplify deployment and ongoing operations for Kubernetes workloads on Azure. With Elastic SAN supported as a native storage type, customers can provision scalable volume groups and consolidate large numbers of Kubernetes volumes under a single SAN resource, improving attach/detach performance, increasing throughput, and reducing management overhead for stateful applications. The release also includes streamlined setup, improved defaults, and enhanced automation for Elastic SAN resource creation and volume group configuration. In addition, the new modular installation approach allows clusters to deploy only the components required for the chosen storage type, reducing footprint and accelerating rollout, while node selector support provides more precise placement of Azure Container Storage components—useful for dedicated storage node pools or mixed cluster topologies.

Azure NetApp Files support in OpenShift Virtualization (preview)

Azure NetApp Files support in OpenShift Virtualization is now available in Public Preview, enabling faster virtual machine provisioning, instant cloning, and live migration for VM workloads running on OpenShift Virtualization. Microsoft positions Azure NetApp Files as providing scalable storage with predictable performance and enterprise data management capabilities for scenarios ranging from infrastructure VMs to business-critical databases. This preview is available in all Azure regions where Azure NetApp Files and Azure Red Hat OpenShift are offered.

Azure NetApp Files Elastic zone-redundant service level (preview)

Azure NetApp Files Elastic zone-redundant storage (ANF Elastic ZRS) is now available in Public Preview as an advanced high-availability service level designed to keep data continuously accessible with zero data loss, even if an entire Availability Zone becomes unavailable. Built on Azure Zone-redundant storage (ZRS) architecture and compute infrastructure, ANF Elastic ZRS synchronously replicates file data across availability zones within a region, removing single points of failure without requiring special configuration or manual intervention. Microsoft positions this capability as particularly suitable for metadata-intensive workloads across VMs and containers—such as AI, analytics, and Kubernetes/OpenShift environments—while also offering operational simplicity and flexible sizing, including volumes as small as 1 GiB.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Local. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Local, as officially released by Microsoft in the past two weeks.

Azure

General

Microsoft named a Leader in IDC MarketScape for Unified AI Governance Platforms

Microsoft has been named a Leader in the 2025–2026 IDC MarketScape: Worldwide Unified AI Governance Platforms vendor assessment (Doc #US53514825, December 2025), reflecting the growing need for centralized governance as organizations adopt generative and agentic AI across multicloud and hybrid environments. Microsoft positioned this recognition as validation of its focus on delivering enterprise-ready governance that balances innovation speed with trust, transparency, and compliance, especially as regulatory scrutiny and operational risk concerns increase. In Microsoft’s approach, governance is anchored to its Responsible AI standard and is operationalized through integrated capabilities spanning model lifecycle management, observability, security, and compliance. Microsoft highlighted Microsoft Foundry as a primary control point for model development, evaluation, deployment, and monitoring—supported by curated model catalogs, machine learning operations (MLOps), robust evaluation, and embedded content safety guardrails—while emphasizing deep security integration via Microsoft Purview for data governance and compliance, Microsoft Entra for agent identity and access controls, and Microsoft Defender for AI-specific posture management and runtime threat protection. Microsoft also noted that Microsoft Purview Compliance Manager supports automated alignment to a broad set of regulatory frameworks, reinforced by granular audit logging and automated documentation to strengthen governance and forensic readiness in regulated industries.

Networking

StandardV2 NAT Gateway with zone-redundancy and StandardV2 public IPs

The StandardV2 SKU for Azure NAT Gateway is now Generally Available (GA), providing enhanced resiliency, higher performance, and dual-stack connectivity at the same price point as the Standard SKU. Alongside this release, StandardV2 Public IP addresses and public IP prefixes are also now generally available. StandardV2 NAT Gateway requires StandardV2 public IPs and does not support Standard SKU public IPs. With StandardV2, outbound connectivity is improved through zone redundancy, which automatically preserves outbound access during a single availability zone failure in zone-enabled regions. The new SKU also doubles capacity versus Standard, delivering up to 100 Gbps throughput and 10 million packets per second, and introduces dual-stack capabilities by allowing attachment of up to 16 IPv6 and 16 IPv4 public IP addresses. In addition, flow logs provide IP-level traffic insights to support troubleshooting activities and compliance verification.

Storage

Azure File Sync now available in Israel Central

Azure File Sync is now available in the Israel Central region, bringing the service closer to organizations that require lower latency, improved performance, and support for local data residency requirements. Azure File Sync enables hybrid file services by tiering data from on-premises Windows Servers into Azure Files, supporting both migration scenarios and ongoing hybrid operations. This approach allows customers to retain the compatibility and performance characteristics of on-premises file servers while leveraging the scalability and operational model of Azure Files.

User delegation SAS for Azure Tables, Azure Files, and Azure Queues (preview)

User delegation Shared Access Signature (SAS) for Azure Tables, Azure Files, and Azure Queues is now available in Public Preview, extending a capability that is already generally available for Azure Blob Storage. User delegation SAS enables a more secure authorization approach than account SAS or service SAS by binding the SAS token to the delegating identity, enabling stronger governance and reduced key exposure. With this extension, customers can issue SAS tokens at multiple granularities—including the table, table entity, queue, queue entity, file container, and individual file level—where higher-scope tokens provide access to all entities within scope, and lower-scope tokens restrict access to the specific entity. Microsoft notes that there is no additional charge to use user delegation SAS, and billing follows the standard read/write transaction pricing for the underlying storage account type.

Azure Local

Features and improvements in 2601

Microsoft has released the January 2026 update for hyperconverged deployments of Azure Local, identified as version 12.2601.1002.38. This release includes general reliability improvements and bug fixes, and it also introduces notable enhancements across operating system alignment, portal visibility, VM operations, security posture, and lifecycle validation capabilities.

From 2601 onward, all new and existing Azure Local deployments run the updated OS version 26100.32230, which is available for download from the Azure portal. Deployments also require a driver compatible with OS version 26100.32230 (or Windows Server 2025). For Integrated System or Premier solution hardware sourced via the Azure Local Catalog, the OS is preinstalled, and Microsoft recommends working with the Original Equipment Manufacturer (OEM) to obtain a compatible OS image and driver. The build continues to use .NET 8.0.22 for both .NET Runtime and ASP.NET Core.

Operationally, the infrastructure logical network created during Azure Local deployment is now surfaced in the Azure portal, enabling administrators to review the infrastructure network configuration while also reducing the risk of accidental workload provisioning on a network reserved for Azure Local infrastructure. In addition, VM Connect for Azure Local VMs (preview) is introduced, allowing administrators to connect to Windows and Linux VMs even when network connectivity is unavailable or when the VM experiences boot failures. Disk manageability also improves with a new Unique ID property for data disks, aligning with the disk UniqueId exposed via PowerShell (Get-Disk).

On resiliency, rack aware clustering is now Generally Available (GA), enabling administrators to define local availability zones aligned to physical racks in the datacenter and improving cluster resilience against rack-level failures. Supportability is enhanced through diagnostics log collection directly from the Azure portal, removing the need to manually gather logs from individual nodes during support investigations.

For configuration control and drift management, the release adds a Drift Detection framework for Azure PowerShell modules and Azure Command-line Interface (CLI), continuously validating component-level state against an approved baseline and identifying version mismatches during deployment and runtime. Administrators can also manually trigger validation with the Invoke-AzStackHciVSRDriftDetectionValidation cmdlet to produce detailed drift reports.

Security posture also evolves in this release: Azure Local instances deployed prior to 2504 now transition from Static Root of Trust for Measurement (SRTM) to Dynamic Root of Trust for Measurement (DRTM), enabling stronger defenses against firmware-level attacks (with new deployments since 2504 already having DRTM enabled by default). Additionally, customers upgrading an existing deployment can apply the 26100.XXXX (24H2) security baseline using new cmdlets to align the post-upgrade security posture with newly deployed systems. Finally, the upgrade process includes a new pre-upgrade CredSSP validation check to ensure CredSSP is not disabled, reducing the risk of upgrade failures.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Local. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Local, as officially released by Microsoft in the past two weeks.

Azure

General

Microsoft’s strategic AI datacenter planning for large-scale NVIDIA Rubin deployments

Microsoft stated that its long-range Azure datacenter strategy has been designed to enable seamless, large-scale deployment of NVIDIA’s Rubin platform, highlighted around CES 2026. The company explained that Azure’s next-generation AI datacenters and “superfactory” sites—such as its Fairwater locations in Wisconsin and Atlanta—were engineered in advance to accommodate next-gen rack-scale systems like NVIDIA Vera Rubin NVL72, including anticipated requirements for power delivery, cooling/thermal envelopes, memory density, and high-performance networking. Microsoft also emphasized a “systems approach,” where compute, networking, storage, and orchestration are tuned together to maximize utilization at massive cluster scale, with the goal of bringing new NVIDIA generations online quickly and efficiently as they become available.

Cloud-native apps on Kubernetes pricing calculator scenario

Microsoft has introduced a new cloud-native apps on Kubernetes scenario in the Azure pricing calculator to help teams estimate the Total Cost of Ownership (TCO) for a production-ready Azure Kubernetes Service (AKS) cluster. The scenario includes an architecture diagram and a detailed cost estimate that can be customized through workload-specific inputs, and it accounts for common supporting services such as Azure Container Registry (ACR), Azure monitoring capabilities (for example, Azure Monitor), and Microsoft Defender for Cloud. This addition is intended to support both legacy workload migrations and new application deployments—including microservices, web applications, artificial intelligence (AI), graphics processing unit (GPU) workloads, and databases—by providing a clearer baseline for planning and comparison.

Storage

Azure Premium SSD v2 Disk is now available in Austria East and in a second Availability Zone in Japan West

Azure Premium SSD v2 Disk is now available in the Austria East region and in a second Availability Zone (AZ) in Japan West, further expanding regional and zonal options for customers deploying IO-intensive workloads. Premium SSD v2 is positioned as a next-generation, general-purpose block storage offering that delivers sub-millisecond latency and strong price-performance characteristics for demanding production scenarios. It is designed to support a broad set of enterprise workloads—such as SQL Server, Oracle, MariaDB, SAP, Cassandra, MongoDB, big data/analytics, and gaming—running on Azure virtual machines or stateful containerized environments.

Azure Local

Features and improvements in 2512

Microsoft has released the December 2025 update for hyperconverged deployments of Azure Local, identified as version 12.2512.1002.16. This release includes general reliability improvements and bug fixes, and it also introduces several platform updates across operating system, deployment authentication, and Kubernetes/GPU support. From 2512 onward, all new and existing Azure Local deployments run the updated OS version 26100.7462 (following the new OS introduced in release 2504), and the 2512 OS image is available from the Azure portal. Microsoft notes that deployments require a driver compatible with OS version 26100.7462 (or Windows Server 2025); if such a driver is not available, customers can use the 2503 image. For Integrated System or Premier solution hardware purchased from the Azure Local Catalog through Microsoft hardware partners, the OS is preinstalled, and Microsoft recommends working with the Original Equipment Manufacturer (OEM) to obtain an OS image compatible with build 12.2512.1002.16 and appropriate drivers for OS 26100.7462 or Windows Server 2025.

This build also standardizes on .NET 8.0.22 for both .NET Runtime and ASP.NET Core. In addition, Azure Local deployment now supports simplified cluster registration by removing the requirement for a Service Principal Name (Microsoft Entra ID app) with a self-signed certificate; instead, the cluster uses a system-assigned managed identity (SMI) to authenticate to Azure during deployment through the Azure portal. Finally, in Public Preview, Azure Local now supports NVIDIA L-series GPUs on Azure Kubernetes Service (AKS) enabled by Azure Arc, enabling GPU-accelerated workloads on AKS clusters running on Azure Local with NVIDIA L-series hardware. The release also includes documentation updates, including newly published guidance for SDN upgrade infrastructure and removal of Azure Stack HCI renaming banners from feature overview articles to align with updated Azure portal experiences.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Local. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Local, as officially released by Microsoft in the past two weeks.

Azure

General

Microsoft named a Leader in the 2025 Gartner® Magic Quadrant™ for AI Application Development Platforms

Microsoft has been recognized as a Leader in the 2025 Gartner® Magic Quadrant™ for Artificial Intelligence (AI) Application Development Platforms, and the company reports it is positioned furthest for Completeness of Vision. Microsoft attributes this recognition to a focus on building production-ready, agentic applications that are grounded in enterprise data and tools, integrated into real business workflows, and governed with end-to-end observability. According to Microsoft, Microsoft Foundry is its unified platform for building, deploying, and governing AI applications, with emphasis on four pillars: secure grounding to enterprise data and tools (including Foundry IQ and Foundry Tools with a large set of connectors), multi-agent orchestration and workflow execution via Foundry Agent Service, organization-wide visibility and policy enforcement through Foundry Control Plane, and the ability to build and run models from cloud to edge using Foundry Models and Foundry Local. Microsoft also highlights deep integration with common developer and productivity tooling such as Visual Studio Code, GitHub, Azure, and Microsoft 365 to support building and operating AI applications at enterprise scale.

Storage

Azure NetApp Files cross-zone-region replication (CZRR)

Azure NetApp Files (ANF) cross-zone-region replication (CZRR) extends the existing cross-region replication and cross-zone replication capabilities by enabling volume replication both across regions and across Availability Zones within the same region. This combined approach helps organizations strengthen disaster recovery and business continuity for critical cloud volumes. To set up protection, two protection volumes are established by creating the appropriate replication relationships—such as one cross-zone replication relationship and one cross-region replication relationship, two cross-region replication relationships, or two cross-zone replication relationships—while ensuring the source volume is placed in an Availability Zone when configuring a cross-zone replication relationship.

Azure NetApp Files advanced ransomware protection (preview)

Azure NetApp Files (ANF) advanced ransomware protection (ARP) is available in Public Preview and is designed to help organizations proactively detect, respond to, and recover from ransomware threats affecting cloud volumes. The feature monitors Azure NetApp Files volumes for suspicious behavior using file extension profiling, entropy analysis, and Input/Output Operations Per Second (IOPS) patterns. When potential ransomware activity is detected, the system automatically creates a point-in-time snapshot to support rapid assessment and recovery. Notifications are delivered through the Azure Activity log, and attack reports are retained for 30 days. The capability is available in Public Preview in all regions, and while there is no specific additional charge for ANF ARP, deployment sizing should account for the considerations required to support the feature.

Azure Storage Mover: Azure Blob container-to-container migration (preview)

Azure Storage Mover has introduced Azure Blob container-to-container migration in Public Preview, enabling organizations to move data between two Blob containers within the same or different storage accounts, subscriptions, or Azure regions in a secure and scalable way. With this capability, customers can reduce reliance on custom pipelines or third-party tools by automating cloud-to-cloud migrations directly from the Azure portal, while also gaining real-time visibility into migration jobs and progress. As a fully managed service, Azure Storage Mover handles the underlying infrastructure, scaling, and reliability to lower operational overhead, and—because it is a cloud-to-cloud scenario—no agent deployment is required. The feature also supports high-speed, parallel transfers, helping accelerate large dataset migrations, especially when moving data across regions or between storage accounts where high throughput is required.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Local. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Local, as officially released by Microsoft in the past two weeks.

Azure

General

Perth Azure Extended Zone

Microsoft has announced the General Availability (GA) of the Perth Azure Extended Zone. Azure Extended Zones are small-footprint extensions of Azure placed in metro areas, industry hubs, or specific jurisdictions to support low-latency and data residency workloads. They offer a selection of services across virtual machines (VMs), containers, networking, storage, and other Azure capabilities, enabling latency-sensitive and throughput-intensive applications to run closer to end users while staying within data residency boundaries.

Networking

Default outbound access retirement date extended to March 31, 2026

Microsoft has extended the retirement date for default outbound access to March 31, 2026, replacing the previously communicated September 30, 2025 deadline and aligning the change with the broader Azure Virtual Network (VNet) updates. Starting on March 31, 2026, newly created VNets will default to using private subnets, meaning customers must configure explicit outbound connectivity (for example, through Azure NAT Gateway, User Defined Routes (UDR), or other outbound methods) to reach public internet endpoints or Microsoft services. Default outbound access will be disabled by default (but not removed), and environments that do not implement an outbound method may lose internet connectivity—particularly impacting Azure Batch pools and nodes configured with simplified node communication without public IP addresses. Microsoft recommends reviewing current Batch pool configurations and planning the deployment of an explicit outbound method ahead of the March 2026 deadline.

FIPS compliant mode for Application Gateway V2 SKUs

Azure Application Gateway v2 now supports Federal Information Processing Standard (FIPS) 140-2 mode, a US government standard that defines minimum security requirements for cryptographic modules in IT products and systems. FIPS mode can be enabled during deployment or at any time afterward; when enabled, the gateway uses only FIPS-compliant Transport Layer Security (TLS) policies (both predefined and custom), strengthening cryptographic posture and helping organizations meet security and compliance expectations such as those associated with the Federal Risk and Authorization Management Program (FedRAMP).

Azure Load Balancer bandwidth metrics now support Protocol dimension

Bandwidth metrics for Azure Load Balancer are now published with the metric dimension Protocol, providing more granular visibility into traffic characteristics. When viewing or retrieving Byte, Packet, and SYN Count metrics in the Azure portal, users can now filter and analyze results by protocol, where Transmission Control Protocol (TCP) traffic is identified as Protocol=6 and User Datagram Protocol (UDP) traffic as Protocol=17. This added dimension improves alerting, monitoring, and troubleshooting by making it easier to differentiate traffic patterns, and it is available across all Azure public regions, China cloud regions, and Government cloud regions.

Storage

Zonal placement for Azure file shares in Azure Files Premium LRS in select regions

Zonal placement for Azure Files Premium Locally Redundant Storage (LRS) is now Generally Available (GA) in select regions, providing explicit control over zone locality by pinning storage accounts to a specific availability zone. This capability helps customers build more resilient architectures with improved fault isolation and more predictable low-latency performance for mission-critical workloads. By aligning compute and storage within the same zone, deployments can achieve 10–40% lower latency compared to cross-zone configurations, while also enabling more consistent zone-aware design for higher availability.

Azure Blob Storage Secure File Transfer Protocol (SFTP) – Resumable Uploads

Resumable uploads for Azure Blob Storage Secure File Transfer Protocol (SFTP) are now Generally Available (GA). This feature allows users to resume file uploads from the point of failure after a partial transfer interruption by reopening the partially uploaded file and continuing to write the remaining content. The capability helps optimize transfer time and conserve network bandwidth, especially in environments with unreliable connectivity or when moving large datasets such as multimedia or seismic files. Azure Blob Storage SFTP supports multiple transfer modes for this feature—Write, Write + Create, and Append—to enable resuming uploads by continuing from a specific offset, creating the file if it does not exist, or appending data to the end of an existing file.

Azure Local

Azure Local: Features and improvements in 2511

Microsoft has released the November 2025 update for hyperconverged deployments of Azure Local, identified as version 12.2511.1002.502. Starting with release 2511, both new and existing Azure Local deployments run on the new Operating System (OS) version 26100.7171, introduced with the 2504 release, and the 2511 OS image is available for download from the Azure portal. Microsoft notes that deployments also require a driver compatible with OS version 26100.7171 (or Windows Server 2025); if a compatible driver is not available, customers can use the 2503 image. For customers who purchased Integrated System or Premier solution hardware from the Azure Local Catalog via a Microsoft hardware partner, the OS is expected to be preinstalled, and Microsoft recommends working with the Original Equipment Manufacturer (OEM) to obtain an OS image compatible with build 12.2511.1002.502 and a driver compatible with OS version 26100.7171 or Windows Server 2025. Build 12.2511.1002.502 also improves the reliability of deployment and update administrative actions, and both 12.2511.1002.5 and 12.2511.1002.502 remain supported (with no additional action required for environments already on 12.2511.1002.5). In addition, the release updates the platform to .NET 8.0.22 for both .NET Runtime and ASP.NET Core, and includes broader reliability improvements and bug fixes.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Local. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Local, as officially released by Microsoft in the past two weeks. Last week marked an important milestone with Microsoft Ignite, which brought a wealth of key updates and innovations from Microsoft. To explore the specific developments announced at the conference in these areas, I invite you to read the dedicated article.

Azure

General

Azure Load Testing available in Italy North

Azure Load Testing within Azure App Testing is now generally available in the Italy North region. This fully managed load-testing service enables customers to generate high-scale load and run realistic simulations to assess application performance and resilience. Through a rich dashboard combining client-side and server-side metrics, customers can quickly identify performance bottlenecks and leverage AI-powered actionable insights to optimize their applications. The service integrates seamlessly into CI/CD workflows, enabling automated performance validation as part of release pipelines. Customers can get started without prior knowledge of load-testing tools or reuse their existing Apache JMeter and Locust scripts to accelerate adoption.

Networking

Managed identity support in Network Watcher VNET flow logs, traffic analytics, and packet capture (preview)

In this public preview, Azure Network Watcher adds support for managed identities to VNET flow logs, Traffic Analytics, and packet capture. Traffic Analytics leverages VNET flow logs to aggregate, process, and enrich network flows, providing insights into network activity, visualization, security posture, and performance. Network Watcher packet capture enables the collection of network packets directly from virtual machines, supporting deep network analysis and troubleshooting. With this update, managed identities provided by Microsoft Entra ID allow VNET flow logs and Traffic Analytics to securely access Azure Blob Storage and Log Analytics workspaces without storing or managing credentials. Once managed identity is enabled for Network Watcher components and the appropriate permissions are granted, the managed identity is used to obtain an access token from Microsoft Entra ID to access the configured resources.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Local. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.