Category Archives: Datacenter Management

Azure Management services: what’s new in March 2025

This month, Microsoft introduced a series of significant updates related to Azure management services. Through this series of monthly articles, the aim is to provide an overview of the most relevant new features. The goal is to keep you constantly informed about these developments, providing you with essential information to further explore these topics.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Figure 1 – Overview of Management Services in Azure

Monitor

Azure Monitor

Support for Azure Managed Prometheus Horizontal Pod Autoscaling in AKS Replica Set Pods

Azure Monitor’s managed service for Prometheus now supports Horizontal Pod Autoscaling (HPA) for the ama-metrics replica set pods within Azure Kubernetes Service (AKS). This new capability enables automatic scaling of the ama-metrics pod based on memory usage, allowing for more efficient management of Prometheus metrics and custom jobs.
By default, HPA is configured with a minimum of 2 replicas and a maximum of 12, with users having the flexibility to define a custom range within these limits. Thanks to this enhancement, the platform can dynamically adapt to monitoring demands, preventing memory exhaustion issues (OOM kills) and improving the overall reliability and scalability of AKS infrastructures.

Azure Monitor Managed Service for Prometheus on Azure Arc-enabled Kubernetes Clusters

Azure Monitor now offers a generally available managed Prometheus service tailored for Azure Arc-enabled Kubernetes environments. This fully managed service brings together the strengths of Prometheus’ open-source ecosystem with automation of complex tasks such as scaling, high availability, and data retention of up to 18 months.
It enables monitoring of Kubernetes clusters wherever they are running, providing native collection, storage, rule evaluation, and querying of Prometheus data. Backed by the same infrastructure as Azure Monitor Metrics—extended to support Prometheus format—and integrated with Azure Managed Grafana, this service is a key component for observability in cloud-native containerized workloads.

New API for Deleting Data in Log Analytics

Microsoft has introduced the Delete Data API for Log Analytics, allowing asynchronous requests to remove sensitive, personal, or corrupted data from Log Analytics workspaces. Unlike the more resource-intensive Purge API, this new API takes a more efficient approach by marking logs as deleted instead of physically removing them.
This improves performance and reduces system impact. It is recommended for deletion tasks not subject to GDPR regulations, offering a scalable and effective solution for log data management.

Govern

Azure Cost Management

Updates related to Microsoft Cost Management

Microsoft is constantly seeking new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns, and optimize costs. This article reports some of the latest improvements and updates regarding this solution:

  • Retirement of AWS Connector:
    Microsoft has announced the retirement of the AWS connector in Microsoft Cost Management, effective March 31, 2025. This connector previously enabled centralized integration and visualization of cost data across Microsoft Azure and AWS environments.
    After this date, the connector will no longer be available, and all AWS-related cost and usage data—including historical data—will be removed from the service. However, previously exported Cost and Usage Reports (CURs) stored in the user’s Amazon S3 bucket will remain intact.
    Microsoft recommends migrating to a new AWS cost management solution and removing the connector via the Azure Portal by following the official instructions. As an alternative, users can export data in the FOCUS (FinOps Cost and Usage Specification) format and leverage advanced analysis tools such as Microsoft Fabric to achieve unified and detailed cost reporting across multi-cloud environments.
  • Reservation Exchange for Azure OpenAI Service:
    Starting from February 2025, Microsoft has introduced a new feature enabling users to exchange reservations for Azure OpenAI Service directly through the Azure Portal. Reservations offer discounted rates compared to pay-as-you-go pricing and guarantee dedicated capacity for high-performance AI model execution.
    This new option allows users to adjust reservations more flexibly to align with evolving operational needs. Refund requests remain available under applicable conditions. This capability marks another step forward in streamlining cost management for AI resources in Azure.

Azure Advisor

New Performance Recommendations in Azure Advisor for Azure Database for PostgreSQL (Preview)

Azure Advisor introduces new capabilities to proactively support performance management for Azure Database for PostgreSQL – Flexible Server. With three new recommendations and improvements to existing ones, users can now identify and resolve critical database performance scenarios more accurately.
For instance, long-running transactions now include the Process ID (PID) to simplify analysis, while high bloat scenarios highlight the affected database name and provide tailored resolution suggestions.
This update empowers database administrators with more detailed insights and actionable guidance for timely intervention and performance optimization.

Secure

Microsoft Defender for Cloud

New features, bug fixes, and deprecated features of Microsoft Defender for Cloud

The development of Microsoft Defender for Cloud is constantly evolving, with continuous improvements being introduced. To stay updated on the latest developments, Microsoft updates this page, which provides information on new features, bug fixes, and deprecated features. Specifically, this month’s main news includes:

  • General Availability of Agentless Scanning for VMs with Customer-Managed Key (CMK) Encrypted Disks

Agentless scanning is now generally available for Azure virtual machines with disks encrypted using Customer Managed Keys (CMK). This capability is supported by both the Defender Cloud Security Posture Management (CSPM) plan and the Defender for Servers Plan 2, and applies across multi-cloud environments.
Agentless scanning provides visibility into VM vulnerabilities and risks without requiring agent installation—even when using customer-managed encrypted disks—thus simplifying security management and ensuring broader coverage.

  • New Severity Levels for Security Recommendations

Microsoft has introduced an update to the severity levels used for security recommendations to enhance risk assessment and prioritization. In addition to the existing Low, Medium, and High levels, a new Critical severity level has been added.
This change enables more granular classification of security issues, allowing organizations to better focus on the most urgent threats. Customers may notice changes in the severity ratings of existing recommendations.
For those using the Defender CSPM plan, the overall risk score may also be impacted, as it now factors in both the updated severity ratings and asset context. These improvements contribute to a more effective and accurate risk management model.

  • General Availability of File Integrity Monitoring via Defender for Endpoint in Azure Government

File Integrity Monitoring (FIM) powered by Microsoft Defender for Endpoint is now generally available in the Azure Government (GCCH) environment, as part of the Defender for Servers Plan 2.
This implementation enables real-time monitoring of critical files and system logs, helping organizations meet compliance requirements and detect suspicious activity by identifying file content changes.
This FIM experience replaces the legacy solution based on the Log Analytics Agent (MMA), which is being retired. While MMA-based FIM will continue to be supported in Azure Government until the end of March 2025, this release also introduces a new portal experience to streamline the migration of FIM configurations from MMA to the Defender for Endpoint-based solution.

Protect

Azure Backup

Vaulted Backup Support for Azure Files Standard Shares

Azure Backup has introduced general availability of Vaulted Backup support for Azure Files Standard Shares. This new capability enhances data protection by allowing the configuration of both snapshots and vaulted backups under a single policy, while also enabling cross-account and cross-region restore.

With this release, users benefit from:

  • Compliance with the 3-2-1 data protection rule, thanks to immutable backups and centralized management via the Azure Business Continuity Center, which provides monitoring for jobs, alerts, and reports.

  • Advanced protection against ransomware and malicious activities, enabled by features such as immutable backups and soft delete within the Recovery Services Vault.

  • Long-term retention for compliance and audit needs, with daily, monthly, and yearly backup tiers that can be retained in cost-effective storage for up to 99 years.

Vaulted Backup support for Azure Files Premium is currently available in public preview.
Please note that pricing for vaulted backups of both Standard and Premium Azure Files will be effective starting April 1, 2025.

Azure Site Recovery

Azure Site Recovery Support for Azure Trusted Launch Linux VMs (Preview)

Azure Site Recovery now supports Azure Trusted Launch virtual machines running Linux, currently available in public preview. Azure Trusted Launch VMs offer an enhanced level of security for Azure Generation 2 VMs, enabling features such as Secure Boot and vTPM (Virtual Trusted Platform Module).
With this update, customers can now protect Linux-based VMs with the same robust security guarantees already available for Windows VMs, which are already supported by Azure Site Recovery.
This enhancement improves the resilience and security of mission-critical workloads hosted in the cloud.

Azure Site Recovery: Update Rollup 77

Update Rollup 77 for Azure Site Recovery is now available, bringing key updates and optimizations to the latest platform components.
Notably, the Mobility Service now supports additional Linux distributions in Azure-to-Azure replication scenarios, including:

  • Oracle Enterprise Linux 8.10

  • AlmaLinux 8 and 9

  • Ubuntu 24.04

Additionally, support has been extended for newer kernel versions of the following distributions:

  • Debian 11 and 12

  • SUSE Linux Enterprise Server (SLES) 12 and 15

This update also includes general improvements and bug fixes, further enhancing the reliability and compatibility of Azure Site Recovery for disaster recovery scenarios.

Migrate

Azure Migrate

MySQL Discovery and Assessment in Azure Migrate (Preview)

Azure Migrate has introduced public preview support for discovery and assessment of MySQL workloads, streamlining cloud migration planning.
This new capability enables the identification of MySQL instances in on-premises environments, providing detailed insights into their configurations and assessing their suitability for migration to Azure Database for MySQL – Flexible Server.

In addition to technical assessment, the service offers detailed recommendations on the most appropriate compute and storage options, including cost estimates.
With this enhancement, Azure Migrate continues to evolve as a centralized hub for the discovery, assessment, and migration of on-premises assets to Azure—whether targeting PaaS or IaaS deployment models.

Azure Evaluation

For those who wish to explore and personally evaluate the services offered by Azure, a unique opportunity is available: by accessing this page, you can test various features and services for free. This will allow you to better understand how Azure can adapt and improve your IT operations, while ensuring security and innovation.

Azure IaaS and Azure Local: announcements and updates (March 2025 – Weeks: 11 and 12)

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Local, as officially released by Microsoft in the past two weeks.

Azure

General

Microsoft Named a Leader in The Forrester Wave: Public Cloud Platforms, Q4 2024

Microsoft has once again been recognized as a Leader in The Forrester Wave™: Public Cloud Platforms, Q4 2024. This acknowledgment highlights Microsoft’s continued commitment to building a trusted and comprehensive cloud platform with Azure, capable of supporting enterprise innovation at scale in today’s AI-driven landscape.

Forrester’s evaluation focused on both current capabilities and strategic direction, citing Microsoft’s generative AI (genAI) strategy and AI offerings such as Azure OpenAI Service, Azure AI Studio, GitHub Copilot Enterprise, and Microsoft Fabric as key differentiators. The report noted that “Azure is a good fit for organizations seeking quick uptake of AI innovation as well as core cloud offerings for longstanding Microsoft environments.”

This recognition reaffirms Microsoft’s position as a cloud leader committed to enabling customers to migrate, modernize, and innovate with AI, all on a secure and scalable cloud foundation.

OpenAI Global Provisioned Now Available in ItalyNorth

OpenAI Global Provisioned services are now available in the ItalyNorth region. This enables customers to access OpenAI capabilities, including services like Azure OpenAI, from a closer geographic location for improved performance.

⚠️ Note: This deployment does not offer data residency guarantees—data may still be processed globally.

This availability supports broader AI adoption for organizations operating in or near Italy, reducing latency and enhancing responsiveness for AI-powered applications.

ARM-Based VMs (EPsv5/DPsv5) Now Available in ItalyNorth

Azure has expanded the availability of its ARM-based virtual machines, EPsv5 and DPsv5 series, to the ItalyNorth region. These VMs are powered by Ampere Altra processors and are designed for energy-efficient, cost-optimized performance, especially for scale-out workloads.

Key benefits include:

  • High core density and predictable performance

  • Ideal for web servers, microservices, Java applications, and open-source databases

  • Lower total cost of ownership due to energy efficiency

This expansion brings greater architectural diversity and performance options to customers in ItalyNorth looking to optimize both cost and compute performance.

Compute

VM Hibernation Now Generally Available for GPU Virtual Machines

Azure has announced the general availability of VM hibernation for GPU Virtual Machines, offering a cost-efficient method to pause GPU-intensive workloads while preserving the in-memory state.

This feature is now supported on select sizes in the NVv4 and NVadsA10v5 VM series and is available for both Linux and Windows operating systems across all public regions.

Key Benefits

  • Cost Optimization: Save on compute costs by deallocating the VM, paying only for storage and networking resources.

  • State Preservation: Resume VMs from the exact state they were in before hibernation—ideal for long-running GPU workloads.

  • Broad Availability: Supported on both new and existing GPU VMs, making it easy to integrate into existing environments.

This feature enhances flexibility and efficiency for organizations leveraging GPU-based workloads such as AI/ML training, rendering, and visualization.

Networking

Azure Virtual Network Manager – Network Verifier

Azure has introduced Network Verifier, a powerful feature within Azure Virtual Network Manager that helps validate whether your network policies and configurations are enabling or blocking desired traffic flows between Azure resources.

With multiple factors like connectivity rules, network security, routing, and resource-specific settings influencing traffic flow, Network Verifier helps users answer critical questions about reachability, diagnose issues, and ensure compliance with security requirements.

Key Capabilities

  • Reachability Analysis: Create a verifier workspace and define intents that specify the traffic flow you want to evaluate.

  • Visual and JSON Results: Run analyses to get a visual representation of the network path or parse detailed JSON output.

  • Broad Scope Evaluation: Analyze network reachability across multiple Azure resources and policies within a Virtual Network Manager scope.

  • Delegated Access: Non-network manager users can be given access to run network verifier analyses without needing elevated subscription or management group permissions, allowing broader teams to troubleshoot network issues effectively.

Network Verifier helps organizations simplify network diagnostics, validate policy effectiveness, and improve network governance across complex Azure environments.

Storage

Azure NetApp Files Application Volume Group for SAP HANA – Extension 1

Azure has released Extension 1 for Azure NetApp Files Application Volume Group (AVG) for SAP HANA, introducing several enhancements to further simplify and optimize SAP HANA infrastructure deployments.

Key Enhancements

  • Zonal Deployments for All HANA Volumes: Customers can now deploy all SAP HANA volumes across availability zones, aligning with Microsoft’s High Availability (HA) recommendations for SAP virtual machines.

  • Simplified Deployment: The use of Proximity Placement Groups (PPG) and manual AVset pinning is no longer required, reducing deployment complexity.

  • Standard Network Features: Support for standard networking allows customers to benefit from features like NSGs, UDRs, and ExpressRoute FastPath.

  • Customer-Managed Keys (CMK): Improved security with support for user-provided encryption keys, enhancing data protection and compliance posture.

These updates make SAP HANA deployments on Azure more resilient, secure, and easier to manage, while ensuring optimal performance and HA readiness.

Azure NetApp Files Application Volume Group for Oracle Now Available

Azure has introduced Application Volume Group (AVG) for Oracle, a feature designed to streamline, standardize, and accelerate the deployment of storage infrastructure for Oracle databases using Azure NetApp Files.

Key Capabilities

  • One-Step Deployment: Automatically deploy all required volumes for Oracle databases in a single, optimized workflow, ensuring best practices and optimal performance.

  • Zonal Placement: All volumes are automatically deployed in the same availability zone as the associated VMs, minimizing latency and maximizing consistency.

  • Scalable Architecture: Supports a wide range of Oracle workloads, from small single-volume setups to multi-hundred TiB databases with up to 8 data volumes.

  • High Performance: Leverages Azure NetApp Files to deliver latency-optimized performance, only limited by the network capabilities of the database VM.

  • Multi-Endpoint Support: Designed for enterprise-scale deployments, including complex configurations and multiple storage endpoints.

Application Volume Group for Oracle is now available in all Azure NetApp Files enabled regions, enabling faster deployments and improved performance and stability for critical Oracle workloads in Azure.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Local. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

Azure IaaS and Azure Local: announcements and updates (March 2025 – Weeks: 09 and 10)

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Local, as officially released by Microsoft in the past two weeks.

Azure

General

Custom Secure Boot UEFI Keys for Azure Trusted Launch VM Now Generally Available

Azure Trusted Launch VMs now support customizing Secure Boot UEFI keys, offering greater flexibility to enhance workload security. Customers can fully replace or update one or more of the Secure Boot UEFI keys and databases (PK, KEK, DB, or DBX) to align with their security policies and compliance requirements.

Key Benefits:

  • Enhanced Security: Protect against persistent boot/kernel malware.
  • Trusted Boot State: Ensures VMs always boot to a defined and trusted state.
  • Compliance with Standards: Meets NIST security best practices, Microsoft security benchmarks, and industry standards.

This enhancement strengthens workload protection for organizations using Trusted Launch VMs in Azure.

AutonomousDb Available on ItalyNorth

Microsoft has announced the availability of AutonomousDb in the ItalyNorth region. This expansion allows organizations operating in Italy to benefit from a fully managed database service with automated scaling, self-healing capabilities, and advanced security features. By leveraging AutonomousDb, customers can optimize performance, reduce operational overhead, and ensure high availability for their mission-critical workloads while complying with local data residency requirements.

Networking

Azure Load Balancer Health Event Logs Now Generally Available

Azure Load Balancer health event logs are now generally available across all public, Azure China, and Government regions. These logs enable users to collect, store, and analyze health-related data for their Azure Load Balancer resources, simplifying troubleshooting and availability monitoring. With built-in health event logs, customers can identify and address traffic distribution issues, detect SNAT port exhaustion that may impact outbound connectivity, and receive alerts when there are no healthy backend instances available. This feature enhances visibility into load balancer operations without requiring custom data ingestion pipelines or complex metric-based alerting configurations, ensuring a more proactive approach to maintaining application performance and availability.

Storage

Edit Network Features for Azure NetApp Files with No Downtime Now Generally Available

Azure has announced the general availability of Edit Network Features for Azure NetApp Files, allowing users to upgrade Basic network features to Standard network features without downtime.

Key Benefits of Standard Network Features:

  • Increased IP Limits: Virtual networks with Azure NetApp Files volumes now have IP limits on par with VMs, eliminating network topology constraints.
  • Enhanced Security: Network Security Groups (NSGs) are now supported on Azure NetApp Files delegated subnets for improved security controls.
  • Advanced Network Control: User-defined routes (UDRs) now enable custom routing to and from Azure NetApp Files subnets.
  • Active/Active VPN Gateway Support: Ensures high availability for on-premises to Azure NetApp Files connectivity.
  • ExpressRoute FastPath Support: Improves data path latency and bandwidth performance for ExpressRoute connectivity to Azure NetApp Files.

This zero-downtime upgrade allows organizations to enhance their network security, control, and performance for Azure NetApp Files across all Azure-enabled regions.

Azure Storage Object Replication Metrics for Visibility into Replication Progress (Preview)

Azure has introduced the public preview of Object Replication Metrics, providing enhanced visibility into the progress of Azure Storage object replication. The new metrics include:

  • Pending Operations: Displays the number of replication operations waiting to be processed.
  • Pending Bytes: Shows the amount of data pending replication.

Additionally, the Pending Operations metric categorizes data based on replication delay time, displaying replication wait times in intervals such as:

  • Less than 5 minutes
  • Between 5–10 minutes
  • Between 10–15 minutes, and so on.

These new metrics improve monitoring, troubleshooting, and performance optimization for object replication in Azure Storage.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Local. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

Azure Management services: what’s new in February 2025

This month, Microsoft introduced a series of significant updates related to Azure management services. Through this monthly article series, we aim to provide an overview of the most relevant updates. The goal is to keep you constantly informed about these developments, offering essential information to explore these topics further.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Figure 1 – Overview of Management Services in Azure

Monitor

Azure Monitor

New Monitoring Experience for Azure Kubernetes Service (Preview)

Microsoft has announced the public preview of the new monitoring experience for Azure Kubernetes Service (AKS), designed to provide a unified and enhanced cluster management experience. This update marks a significant evolution of the current Insights experience, introducing more comprehensive monitoring features in a simplified interface.

The new monitoring experience offers two levels of insights: a basic, free tier available without configuration and an advanced tier, including Prometheus metrics and advanced logging capabilities. Thanks to this integration, users can monitor their clusters more effectively, quickly identify performance issues, and optimize resource management. With this innovation, Azure simplifies Kubernetes environment management, improving visibility and diagnostics for applications running on the platform.

Govern

Azure Cost Management

Copilot: Introduction of Nudges for an Optimized Experience

Copilot provides an efficient way to answer cost-related queries using natural language. Through the ‘View in Cost Analysis’ feature, users can directly access personalized analysis based on their prompts. Now, Microsoft has introduced a new feature to enhance the Copilot Assistant experience: nudges. These preconfigured suggestions, available on the overview page, encourage and guide users in interacting with Copilot. The nudges are designed to support key operations such as:

  • Detailed analysis of current costs
  • Cost comparisons across different periods
  • Expense forecasting

This innovation allows users to maximize Copilot’s features without worrying about prompt engineering challenges, making the experience more seamless and effective.

Updates related to Microsoft Cost Management

Microsoft is constantly seeking new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns, and optimize costs. This article reports some of the latest improvements and updates regarding this solution.

Secure

Microsoft Defender for Cloud

New features, bug fixes, and deprecated features of Microsoft Defender for Cloud

The development of Microsoft Defender for Cloud is constantly evolving, with continuous improvements being introduced. To stay updated on the latest developments, Microsoft updates this page, which provides information on new features, bug fixes, and deprecated features. Specifically, this month’s main news includes:

AWS EC2: Improved Resource Name Display

Microsoft has introduced an enhancement in displaying resource names for AWS EC2 instances within the platform. If an EC2 instance has a “name” tag, the Resource Name field will display its value. If the tag is absent, the field will continue to show the instance ID. The Resource ID remains available in the reference field.

Using the “name” tag allows users to quickly identify resources with meaningful, customized names, simplifying management and reducing the time needed to locate specific instances.

Microsoft Defender for Storage: On-Demand Malware Scanning

The on-demand malware scanning feature in Microsoft Defender for Storage is now Generally Available (GA). This capability allows scanning of existing blobs in Azure Storage accounts at any time via the Azure portal or REST API, with support for Logic Apps, Automation playbooks, and PowerShell scripts.

Key Use Cases:

  • Incident response: Scanning specific storage accounts after detecting suspicious activity.
  • Security baseline: Analyzing all stored data when enabling Defender for Storage.
  • Compliance: Automating scans to meet regulatory and data protection requirements.
Microsoft Defender for Storage: Support for Blobs up to 50GB

Microsoft Defender for Storage now supports scanning blobs up to 50GB, compared to the previous 2GB limit. For storage accounts handling large blobs, the new limit may result in higher monthly costs. To prevent unexpected expenses, users can set a cap on the total scanned GB per month.

Data and AI Security Dashboard (Preview)

Microsoft Defender for Cloud introduces the new Data and AI Security Dashboard, currently in preview. This tool provides a centralized platform for monitoring and managing data and AI resources while assessing risks and security status.

MDC Cost Calculator (Preview)

Microsoft introduces the MDC Cost Calculator, a preview tool for estimating cloud protection costs.

Expanded Coverage for 31 Multicloud Regulatory Standards

Microsoft Defender for Cloud now supports over 31 security and regulatory frameworks across Azure, AWS, and GCP.

Protect

Azure Backup

Vaulted Backups for Azure Database for PostgreSQL – Flexible Server

Microsoft has announced the availability of Vaulted Backups in Azure Backup for Azure Database for PostgreSQL – Flexible Server, a scalable and robust backup solution designed to meet the needs of businesses and developers. This new support expands the coverage of workloads managed by Azure Backup.

Key Benefits:

  • Regional Disaster Recovery: Cross-region restore ensures essential failover capabilities for business continuity and adherence to recovery protocols.
  • Regulatory Compliance: With long-term retention (LTR) of up to 10 years, organizations can meet international compliance requirements.
  • Advanced Security and Cyber Resilience: Backup data is protected from ransomware and unauthorized access through immutable vaults and role-based access control (RBAC).

Azure Backup for PostgreSQL Flexible Server is now available in East Asia, Central India, Southeast Asia, UK South, and UK West, while in other Azure regions, the service is currently in public preview. Customers can start using the service immediately by accessing the Business Continuity Center in the Azure portal and configuring backups.

Azure Site Recovery

Pricing Calculator for Azure Managed Disks

Microsoft has announced the general availability of the Pricing Calculator for Azure Site Recovery (ASR) in Azure-to-Azure use cases with Managed Disks. This new tool enables organizations to accurately estimate the total cost of ownership (TCO) for Disaster Recovery scenarios in Azure, providing greater transparency into pricing structures and simplifying financial planning. With this feature, ASR users can align with FinOps teams for more effective cost management. Currently, the Pricing Calculator is available only for Azure-to-Azure scenarios, while for VMware-to-Azure migrations, the Deployment Planner remains available to estimate Disaster Recovery costs.

Migrate

Azure Migrate

Modernization Advisor for SQL Server on Azure Virtual Machines (Preview)

Azure has introduced Modernization Advisor, now available in public preview, an integrated tool within the Azure portal designed to help organizations assess the migration from SQL Server on Azure Virtual Machines (VMs) to Azure SQL Managed Instance as a more efficient and cost-effective alternative.

How It Works

Modernization Advisor analyzes the configuration of a SQL Server instance running on an Azure VM and provides a detailed evaluation of the benefits of migration, including:

  • Cost Savings: Estimates the total cost of ownership (TCO) reduction achieved by switching to Azure SQL Managed Instance.
  • Performance Optimization: Suggests Azure SQL Managed Instance configurations tailored to the existing SQL Server workload.
  • Simplified Management: Helps businesses reduce administrative complexity by adopting a fully managed service.

Key SQL Server VM Resources Evaluated

  • Number of vCores
  • Memory per vCore
  • Storage size and type (Standard, Premium SSD, Premium SSD v2)

With Modernization Advisor, organizations can make data-driven decisions to optimize their database infrastructure, enhancing cost efficiency and overall performance. This tool represents a significant step forward in simplifying database management on Azure, providing users with clear and detailed insights to guide their modernization strategies.

Azure Migrate: Support for Premium SSD v2 (Preview)

Azure Migrate introduces support for migration to Premium SSD v2, providing users with advanced storage options featuring greater flexibility and optimized performance. These disks are ideal for mission-critical applications, thanks to high IOPS and throughput, low latency, scalability, reliability, and a competitive cost compared to previous versions. During assessments in regional datacenters where Premium SSD v2 is available, Azure Migrate will automatically suggest this option as the target for data disks, ensuring a migration experience aligned with other disks supported by the platform.

Azure Database Migration

Unified Migration Experience in Azure Database Migration Service

Microsoft has introduced the Unified Migration Experience in public preview within Azure Database Migration Service, streamlining the migration of MySQL workloads from on-premises environments, virtual machines (VMs), or other cloud providers to Azure Database for MySQL – Flexible Server. The new experience supports both physical and logical migration. With the physical approach, it is possible to quickly restore the source server’s backup files onto the destination server, enabling the migration of terabytes of data with minimal downtime and just a few clicks.

Azure Evaluation

For those who wish to explore and personally evaluate the services offered by Azure, a unique opportunity is available: by accessing this page, you can test various features and services for free. This will allow you to better understand how Azure can adapt and improve your IT operations, while ensuring security and innovation.

Azure IaaS and Azure Local: announcements and updates (February 2025 – Weeks: 07 and 08)

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Local, as officially released by Microsoft in the past two weeks.

Azure

Compute

6th Generation Intel-Based VMs – Dv6/Ev6 Now Generally Available

Azure has announced the general availability of the Dv6 and Ev6 series Virtual Machines (VMs), powered by the 5th Gen Intel® Xeon® Platinum 8537C (Emerald Rapids) processor. These new Intel-based VMs offer three different memory-to-core ratios and come in 84 different sizes, ranging from 2 to 192 vCPUs with up to 1.8TB of memory. Customers can choose options with or without local SSDs across the new VM families, including:

  • General Purpose: Dsv6, Dlsv6, Ddvs6, and Dldsv6 series.
  • Memory Optimized: Esv6 and Edsv6 series, with constrained core variants for high data throughput workloads.

These next-generation VMs deliver:

  • Up to 27% higher vCPU performance and 3x larger L3 cache compared to previous Intel-based Dl/D/Ev5 VMs.
  • Azure Boost capabilities, including:
    • Up to 400K IOPS and 12 GB/s remote storage throughput.
    • Up to 200 Gbps VM network bandwidth.
    • 46% larger local SSD capacity with 3x read IOPS.
    • NVMe interface for local and remote disks.
  • Enhanced security through Total Memory Encryption (TME) technology.

These improvements significantly extend Intel-based VM performance in Azure, providing customers with high-throughput, high-memory, and high-security computing options. The new Dv6/Ev6 VMs are now available in multiple regions across North America, Europe, and Asia, with further expansion planned.

Upgrade Existing Azure Gen1 VMs to Gen2-Trusted Launch (preview)

Azure has introduced public preview support for upgrading existing Azure Generation 1 VMs to Generation 2-Trusted Launch, improving security without requiring full VM redeployment.

Trusted Launch VMs enhance security by enabling:

  • Secure Boot: Protects against rootkits and bootkits.
  • Virtual Trusted Platform Module (vTPM): Strengthens OS integrity and enables attestation by measuring the VM’s boot chain.

This upgrade option provides foundational compute security for existing workloads, allowing organizations to strengthen their virtual infrastructure without disrupting operations.

Networking

New Pricing for Azure Virtual Network Manager Now Generally Available

Azure has introduced new pricing for Azure Virtual Network Manager (AVNM), a centralized network management service that enables users to manage virtual network connectivity, security, and routing at scale.

Starting February 11, 2025, all newly created Azure Virtual Network Manager instances will be charged based on the number of virtual networks where an active AVNM configuration is deployed. This replaces the previous subscription-based pricing model. Charges will only apply when using configuration features such as:

  • Connectivity
  • Security Admin
  • Routing

This new virtual network-based pricing aligns costs more closely with actual usage, providing greater flexibility for a broader range of customers.

Transition for Existing AVNM Instances:

  • Existing Azure Virtual Network Manager instances can opt-in to the new pricing model.
  • No automatic changes will be applied to existing AVNM instances before February 2028, allowing businesses to maintain their current billing structure until then.

This pricing adjustment ensures a more scalable and cost-effective approach for organizations managing large virtual network infrastructures in Azure.

Fallback to Internet on Private DNS Zones Now Generally Available

Azure has introduced Fallback to Internet on Private DNS Zones, a new feature that simplifies network isolation and enhances Private Link and Private DNS adoption. This fully managed solution eliminates the need for IaaS-based DNS servers, providing seamless public DNS resolution when a Private DNS Zone returns an authoritative NXDOMAIN response.

Key Benefits:

  • Automatic Public DNS Recursion: When an authoritative NXDOMAIN response is received, Azure’s recursive resolver fleet provides public DNS resolution.
  • Fully Managed Native Solution: No need to deploy and maintain IaaS-based DNS servers.
  • Simplified Private Link Integration: Enhances usability and adoption of Private Link and Private DNS configurations.
  • Configurable via API, CLI, and PowerShell: The feature is already available, with Azure Portal support rolling out in the next two weeks.

This resolution policy is enabled at the Virtual Network Link level. In the Azure Portal, users can enable this feature by selecting “Enable fallback to internet” in the virtual network link configuration.

With this enhancement, Azure provides a more flexible and efficient DNS resolution experience for customers implementing private networking solutions.

Azure Firewall Updates – Increased IP Group Limits Now Generally Available

Azure has doubled the IP Group limit in Azure Firewall policies, increasing the maximum from 100 to 200 per policy.

Key Benefits:

  • Better Policy Organization: Allows management of more IP addresses within a single firewall policy.
  • Greater Flexibility: Optimizes configurations for complex network security needs.

This enhancement improves scalability and efficiency in managing large-scale network security policies, providing greater flexibility for enterprises using Azure Firewall.

Azure Firewall Updates – BYOIP Support for Secured Virtual Hubs (Preview)

Azure Firewall now supports Customer Provided Public IP (BYOIP) for Secured Virtual Hub deployments, allowing administrators to assign and manage customer-managed public IPs for new firewall instances.

Key Benefits

  • Full Control: Customers can own and manage the lifecycle of their firewall’s public IPs.
  • Enhanced Security: Enables DDoS mitigation for better protection against cyber threats.
  • IP Address Flexibility: Public IPs can be allocated from an IP prefix pool, offering more control over network configurations.

This update enhances security, flexibility, and manageability for customers leveraging Azure Firewall in Secured Virtual Hubs.

Storage

Azure File Sync v20 Agent Now Available

The Azure File Sync v20 agent is now flighting and available on the Microsoft Update Catalog. Servers configured for automatic updates will receive the latest version when available.

Managed Identities Preview Enhancements

Azure File Sync support for managed identities (preview) was first announced in November 2024. Since then, Microsoft has introduced the following improvements:

  • Portal Integration:
    • You can now configure Azure File Sync with managed identities via the Azure Portal.
    • This feature will be gradually enabled across all regions in the next few weeks.
  • Storage Account Security Improvements:
    • The following settings on your storage account are no longer required and can now be disabled:
      • Allow storage account key access
      • Allow Azure services on the trusted services list to access this storage account

These updates enhance security and simplify management by enabling a more secure, identity-based authentication approach for Azure File Sync deployments.

Modern Version of the Azure Storage Data Movement Library Now Generally Available

The modern version of the Azure Storage Data Movement Library has reached General Availability, delivering a streamlined and efficient data transfer experience for Azure Blob and Azure File Storage users.

This update introduces enhanced capabilities, including:

  • Progress Tracking: Monitor real-time transfer status.
  • Pause and Resume: Gain flexibility in managing data transfers.
  • Checkpointing: Resume transfers from the last saved state in case of interruptions.

Additionally, the library now shares infrastructure with the modern v12 Azure Storage libraries, improving integration with Azure Identity packages to align with modern security standards. These improvements simplify and enhance data movement in Azure.

Azure Premium SSD v2 Disk Storage and Azure Ultra Disk Storage Now Available in New Zealand North

Azure Premium SSD v2 Disk Storage and Azure Ultra Disk Storage are now generally available in the New Zealand North region, enhancing Azure’s global storage capabilities. Premium SSD v2 delivers sub-millisecond latencies for IO-intensive workloads at a low cost, offering the best price-performance ratio for general-purpose block storage. Optimized for demanding workloads like SQL Server, Oracle, SAP, big data analytics, and gaming, it ensures high performance, enterprise readiness, and cost efficiency. For regions where Premium SSD v2 is unavailable, Microsoft provides a survey for customers to express interest. Additionally, Azure Ultra Disk Storage, now available in the same region, offers high throughput, high IOPS, and consistently low latency, further empowering enterprises with scalable and performant storage solutions.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

Azure IaaS and Azure Local: announcements and updates (February 2025 – Weeks: 05 and 06)

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Local, as officially released by Microsoft in the past two weeks.

Azure

General

Azure VMware Solution Now Available on Two Availability Zones in ItalyNorth

Azure VMware Solution (AVS) in the ItalyNorth cloud region now supports deployment across two availability zones, enhancing resiliency and disaster recovery capabilities.

With this update, AVS hosts can be provisioned across two availability zones, enabling organizations to implement robust Disaster Recovery (DR) scenarios through VMotion, ensuring seamless workload mobility between zones. This advancement strengthens business continuity for critical infrastructures, making ItalyNorth a viable and secure option for hosting VMware workloads in Azure.

Azure AI Speech Service Now Available in ItalyNorth

Azure AI Speech Service is now accessible in the ItalyNorth region. This expansion allows businesses and developers in Italy to leverage the capabilities of Azure AI Speech Service closer to their operations, enhancing performance and reducing latency for speech-to-text, text-to-speech, and other speech-enabled applications. By being available in the ItalyNorth region, Azure AI Speech Service provides improved compliance with local data residency requirements, offering organizations greater control and assurance when handling sensitive data. This development underscores Azure’s commitment to meeting regional needs while delivering world-class AI capabilities.

Defender for Storage v2 Now Available in ItalyNorth

Defender for Storage v2, featuring Antimalware Scanning and Data Threat Detection, is now available in the ItalyNorth region. Part of Microsoft Defender for Cloud, this Azure-native security layer provides advanced threat detection and protection for storage accounts, enhancing the security of your data and workloads. Defender for Storage v2 helps prevent malicious file uploads, sensitive data exfiltration, and data corruption by analyzing telemetry from Azure Blob Storage, Azure Files, and Azure Data Lake Storage services. Powered by Microsoft Threat Intelligence, Microsoft Defender Antivirus, and Sensitive Data Discovery, it offers robust security capabilities, enabling organizations to detect and mitigate potential threats effectively. This service ensures both the integrity and security of your storage environments in ItalyNorth.

Compute

Changes to Instance Size Flexibility Ratios for Azure Reserved Virtual Machine Instances for M-series

Microsoft has updated the instance size flexibility ratios for Azure Reserved Virtual Machine Instances for M-series. This update, effective December 6, 2024, aims to optimize the reservation discounts within instance size flexibility groups and their corresponding SKUs. As Azure continues to expand its range of SKUs for M-series Virtual Machines, this adjustment ensures customers can maximize the value of their reservations while maintaining flexibility in their deployments. These changes reflect Azure’s commitment to providing cost-efficient and adaptable solutions for memory-intensive workloads.

Enhanced Support for Generation 2 VMs in Azure DevTest Labs (Preview)

Azure DevTest Labs now supports enhanced capabilities for Generation 2 Virtual Machines (VMs), allowing users to choose between Generation 1 and Generation 2 versions of the same marketplace image. Generation 2 VMs offer key advantages over their Generation 1 counterparts, including:

  • Increased memory support for workloads that require higher RAM capacity.
  • Intel Software Guard Extensions (Intel SGX) for enhanced security and confidential computing.
  • Virtualized Persistent Memory (vPMEM) to improve storage performance for applications that benefit from persistent memory.

With this enhancement, Azure DevTest Labs continues to expand its flexibility and efficiency for developers and testers working with virtualized environments.

Reduce Costs with Hibernation in Azure DevTest Labs (Preview)

Azure DevTest Labs now offers hibernation for virtual machines (VMs), a feature designed to help organizations optimize cloud costs. With this public preview, customers can pause VMs while preserving their state, allowing them to resume work seamlessly without losing progress.

Key benefits of the hibernation feature include:

  • Cost Savings: Hibernated VMs do not incur compute costs, similar to a stopped (deallocated) state.
  • Resource Optimization: Users only pay for storage (OS disk, data disks) and networking resources (such as IP addresses) attached to the VM.
  • Seamless Resumption: VMs can quickly return to their previous state, improving workflow efficiency.

This feature provides a cost-effective way to manage virtualized environments while maintaining productivity.

Networking

New Origin Types for Azure Front Door Premium Private Link-Enabled Origins (Preview)

Azure Front Door Premium now supports additional Private Link-enabled origin types, including Application Gateway, API Management, and Container Apps. This enhancement allows organizations to securely deliver content through public Front Door endpoints while keeping their origins isolated from the public internet.

By leveraging Private Link-enabled origins, customers can enhance security, reduce exposure to external threats, and maintain a seamless and reliable content delivery experience. This update expands the flexibility of Azure Front Door Premium, providing more options for securely integrating backend services with Front Door’s global edge network.

Storage

Next-Generation Azure Data Box Devices (Preview)

Azure has announced the public preview of Azure Data Box 120 and Azure Data Box 525, the next-generation NVMe-based Data Box devices designed to accelerate offline data transfers to Azure. These new devices offer several enhancements, including:

  • Fast Copy: NVMe drives provide high-speed transfers, improved reliability, and support for faster network connections.
  • Ease of Use: The compact design includes a larger capacity option of up to 525 TB for simplified handling.
  • Resilience: Ruggedized devices are built to withstand harsh transport conditions.
  • Enhanced Security: Advanced physical, hardware, and software security features ensure data protection.
  • Broader Availability: The devices are now available in the US, Canada, EU, UK, and US Gov Azure regions, with plans to expand further.

These improvements make Azure Data Box an efficient and secure solution for large-scale data migration to Azure.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

Azure Management services: what’s new in January 2025

This month, Microsoft has introduced a series of significant updates related to Azure management services. Through this series of monthly articles, we aim to provide an overview of the most relevant updates. Our goal is to keep you constantly informed about these developments, offering essential information to further explore these topics.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Figure 1 – Overview of Management Services in Azure

Monitor

Azure Monitor

Integration of Performance Diagnostics in Azure Monitor for VM Troubleshooting (Preview)

Microsoft has introduced a new integration between Azure Monitor and Performance Diagnostics, enhancing virtual machine (VM) performance troubleshooting capabilities. This feature is now available in the VM Overview Monitoring panel and the VM Insights section of Azure Monitor, providing a unified experience that combines monitoring and diagnostics in a single environment. Thanks to this integration, users can identify and resolve VM performance issues more efficiently within the Azure Monitor workflow, accessing detailed diagnostic data, recommendations, and continuous or on-demand insights. The continuous mode allows for timely identification of high resource utilization, providing useful indications for proactive performance management and reducing the risk of downtime. This evolution of Azure Monitor represents a step forward in ensuring the highest level of operational efficiency for cloud-based VMs, simplifying the diagnosis and optimization process.

Monitoring Azure Container Storage Metadata with Azure Monitor Managed Service for Prometheus (Preview)

Azure Container Storage offers a native experience for containers and is optimized for integration with Azure Kubernetes Service (AKS). With its launch in Public Preview, customers using Azure Container Storage in AKS clusters can now collect storage pool and disk metrics via Azure Monitor Managed Service for Prometheus. These metrics can be viewed and queried directly in Azure Managed Grafana. Once Azure Container Storage is enabled on an AKS cluster with managed Prometheus active, metrics will be automatically collected and integrated with other system metrics. This update enhances monitoring and simplifies storage resource management in AKS clusters.

Configure

Azure Automation

Revision of Service and Subscription Limits for Azure Automation

Starting January 15, 2025, Azure Automation will introduce a revision of service and subscription limits to ensure fair cloud resource distribution among all customers. This update aims to improve service reliability and performance while optimizing resource utilization. Given that organizations’ needs vary and evolve over time, customers will be able to configure their limits based on actual usage.

The resources affected by this revision include:

  • The maximum number of automation accounts per subscription in a single region.
  • The maximum number of concurrently running jobs per automation account.

Customers can check their current usage, review limits, and request quota changes by creating a support request under Service and Subscription Limits (Quotas) -> Azure Automation.

Retirement of Azure Automation Jobs on Agent-Based Hybrid Worker from April 1, 2025

Starting April 1, 2025, all Azure Automation jobs executed on Agent-Based Hybrid Worker (Windows and Linux) will be discontinued. This approach was officially retired on August 31, 2024, and no longer receives security updates, posing a potential security risk. Microsoft strongly recommends migrating to Extension-Based User Hybrid Runbook Worker (Windows and Linux) to continue running hybrid jobs.

The main advantages of the new solution include:

  • Enhanced security through access control with system-assigned managed identities, eliminating the need for manually managed certificates.
  • Improved operational productivity with automatic updates and large-scale VM management.
  • Simplified installation, removing the need to install the Log Analytics agent.

Retirement of PowerShell Runbooks Using AzureRM Modules from February 1, 2025

As of February 1, 2025, Azure Automation will stop executing all runbooks using AzureRM modules. The PowerShell AzureRM module was retired on February 29, 2024, in favor of the Az PowerShell module, which offers greater security, stability, and advanced features.

To avoid disruptions, it is necessary to update all runbooks using AzureRM to the Az PowerShell module and remove AzureRM modules from automation accounts. This transition will ensure continuous support and access to the latest PowerShell features in the Azure Automation environment.

Blocking of Resources Interacting with Azure Automation Using TLS 1.0/1.1 Protocols from March 1, 2025

Starting March 1, 2025, resources interacting with Azure Automation via TLS 1.0 and TLS 1.1 protocols will no longer be supported. These protocols, used for establishing encryption channels, no longer meet modern security standards.

All interactions, including Webhooks, Hybrid Runbook Workers (Agent-Based and Extension-Based), and Automation DSC, using TLS 1.0 or 1.1 will be blocked. Scheduled or running jobs on Hybrid Workers using these protocols will not be completed.

To ensure continuity, it is recommended to update resources to use TLS 1.2 or higher. Microsoft has provided guidance for disabling obsolete TLS protocols and enabling TLS 1.2 or higher on Windows and Linux machines.

Secure

Microsoft Defender for Cloud

New features, bug fixes, and deprecated features of Microsoft Defender for Cloud

The development of Microsoft Defender for Cloud is constantly evolving, with continuous improvements being introduced. To stay updated on the latest developments, Microsoft updates this page, which provides information on new features, bug fixes, and deprecated features. Specifically, this month’s main news includes:

  • Update to Container Registry Scanning Policies (Preview): Microsoft has updated image scanning policies for container registries, modifying the re-evaluation period for cloud and external registries, including Azure, AWS, GCP, Docker, and JFrog. Previously, Defender for Cloud scanned images for 90 days after their publication in the registry; with this change, the scanning period will now be limited to the last 30 days. This change only affects the preview recommendation for scanning images in registries and does not impact General Availability (GA) recommendations related to vulnerability assessment (VA) in container registries.
  • New Permissions for the GCP Connector to Support AI Platforms: Microsoft has expanded the GCP connector’s permissions to enhance support for artificial intelligence platforms, particularly Vertex AI. With this update, Defender for Cloud can now monitor and protect AI workloads on Google Cloud more effectively. The new permissions introduced include privileges for managing batch prediction jobs, custom jobs, datasets, endpoints, models, pipeline jobs, and tuning jobs, as well as specific permissions for Discovery Engine and Google Notebooks. This update ensures broader protection for AI services hosted on GCP.
  • Improvements to GC-Based Linux Baselines Recommendation: The GC-powered Linux Baselines feature has been enhanced to provide greater accuracy and coverage in analyzing Linux operating systems. Starting in February, Defender for Cloud will introduce a series of updates, including new rule names for existing checks and additional security controls. These improvements will ensure more precise and up-to-date assessments, allowing organizations to strengthen the security of their Linux environments. Users wishing to exclude this recommendation can do so by exempting their resources or removing the GC extension.

Azure Evaluation

For those who wish to explore and personally evaluate the services offered by Azure, a unique opportunity is available: by accessing this page, you can test various features and services for free. This will allow you to better understand how Azure can adapt and improve your IT operations, while ensuring security and innovation.

Azure IaaS and Azure Local: announcements and updates (January 2025 – Weeks: 03 and 04)

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Local, as officially released by Microsoft in the past two weeks.

Azure

General

Troubleshoot Disk Performance with Copilot in Azure (preview)

The Disk Performance Troubleshooting Capability for Azure Copilot is now available in Public Preview. This feature allows users to optimize disk performance seamlessly through Azure Copilot. By leveraging a comprehensive range of disk metrics, Azure provides detailed insights into the performance of Virtual Machines (VMs) and disks, enabling users to identify and address performance bottlenecks. Azure Copilot enhances this process by analyzing these metrics and offering guided recommendations to improve VM and disk performance, ensuring a superior application experience.

Azure Confidential Ledger Achieves ISO 27001 Certification

Azure Confidential Ledger has achieved ISO 27001 certification, a globally recognized standard for information security management systems (ISMS). This certification highlights the implementation of a comprehensive framework designed to manage and safeguard customer data effectively. By meeting ISO 27001 compliance requirements, Azure Confidential Ledger demonstrates its commitment to exceeding industry standards. This achievement assures customers that they can rely on Azure Confidential Ledger to securely manage their most sensitive and critical workloads, reinforcing trust in its robust security capabilities.

Networking

WebSocket Support in Application Gateway for Containers

Azure has introduced WebSocket support in Application Gateway for Containers, enabling interactive and real-time applications such as chat platforms, live dashboards, and gaming services to achieve better performance and reduced latency. This enhancement provides several benefits:

  • Bidirectional Communication: Facilitates two-way data exchange between clients and servers.
  • Reduced Latency: Enhances application performance through faster data transmission using full-duplex communication over a single TCP connection.
  • Improved User Experience: Delivers more engaging and responsive applications for end-users.

This addition significantly boosts the capabilities of Application Gateway for Containers, making it ideal for applications requiring real-time interactivity.

Storage

Customer Managed Unplanned Failover for Azure Data Lake Storage and SSH File Transfer Protocol

Customer managed unplanned failover for Azure Data Lake Storage (ADLS) and storage accounts with SSH File Transfer Protocol (SFTP) enabled is now generally available. This feature empowers users to failover their geo-redundant (GRS) or geo-zone-redundant (GZRS) storage accounts to a secondary region when primary storage service endpoints become inaccessible. During a failover, the secondary region becomes the new primary, redirecting all storage service endpoints and restoring write access to the account.

Previously, unplanned failover support was limited to Blobs, Tables, Files, and Queue data. Now, this capability extends to include Azure Data Lake Storage and SFTP-enabled accounts. After resolving the primary region’s outage, users can reconfigure geo-redundancy and fail back to the original primary region, ensuring greater resilience for mission-critical storage solutions.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

Azure IaaS and Azure Local: announcements and updates (January 2025 – Weeks: 01 and 02)

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Local, as officially released by Microsoft in the past two weeks.

Azure

General

Msv3 and Mdsv3 Series Now Available on ItalyNorth

The Msv3 and Mdsv3 High Memory (HM) Virtual Machine (VM) series are now available in the ItalyNorth region. These VMs represent the next generation of memory-optimized sizes, offering significant advancements in performance, cost efficiency, and resilience compared to their predecessors, the Mv2-series VMs. The Mv3 HM series supports configurations with memory ranging from 6TB to an impressive 16TB. These VMs deliver up to 8,000 MBps throughput to remote storage and provide up to 25% improvements in networking performance over earlier generations, making them an excellent choice for memory-intensive workloads.

ND H100 v5 GPU-Powered VM Now Available on ItalyNorth

Azure has introduced the ND H100 v5 series virtual machines (VMs) in the ItalyNorth region, expanding its portfolio of GPU-powered instances. This flagship series is engineered for demanding deep learning training and generative AI workloads, as well as high-performance computing (HPC) applications. The ND H100 v5 series starts with a single VM containing eight NVIDIA H100 Tensor Core GPUs and can scale to deployments involving thousands of GPUs. Each VM offers 3.2 Tbps of interconnect bandwidth and a dedicated 400 Gb/s NVIDIA Quantum-2 CX7 InfiniBand connection for each GPU, ensuring optimized performance. These VMs feature NVLINK 4.0 for intra-VM communication and are powered by 96 physical fourth Gen Intel Xeon Scalable processor cores. Designed to integrate seamlessly with AI and ML frameworks like TensorFlow, PyTorch, and RAPIDS, as well as HPC tools leveraging NVIDIA’s NCCL communication libraries, the ND H100 v5 series provides unparalleled scalability and performance for AI-driven innovations.

Storage

Azure NetApp Files Enhances Minimum Volume Size to 50 GiB

Azure NetApp Files now supports a minimum volume size of 50 GiB, reducing the previous limit of 100 GiB. This improvement caters to workloads requiring smaller volumes, such as Kubernetes, allowing customers to optimize storage volumes more effectively. By right-sizing volumes in the range of 50 GiB to 100 GiB, organizations can achieve cost savings and maximize capacity pool utilization. The feature is accessible across all Azure NetApp Files-enabled regions, further broadening its usability for diverse storage needs.

Azure Files Introduces Provisioned v2 Billing Model for HDD (Standard)

The provisioned v2 billing model for Azure Files HDD (standard) is now generally available, offering customers greater control and predictability in managing their storage costs. This model allows independent provisioning of storage, IOPS, and throughput, ensuring alignment with specific performance requirements. With enhanced scalability and performance, customers can configure file shares up to 256 TiB, with 50,000 IOPS and 5 GiB/sec of throughput. Additionally, provisioned v2 enables per-share monitoring for better resource management. Currently, this feature is available in select Azure regions, making it a versatile option for businesses with varying storage needs.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

Azure Management services: what’s new in December 2024

This month, Microsoft introduced a series of significant updates to Azure management services. Through this monthly series of articles, the aim is to provide an overview of the most relevant updates, keeping you informed of these developments and equipping you with essential insights to explore these topics further.

The diagram below shows the various management areas covered in this series:

Figure 1 – Overview of Management Services in Azure

Configure

Azure Automation

Service and Subscription Limits for Azure Automation (Private Preview)

Starting January 7, 2025, Azure Automation will introduce a revision of service and subscription limits. This change aims to ensure fair distribution of cloud resources among all customers, optimizing usage and improving the overall service experience. Interested users can consult the current service and subscription limits for Azure Automation on the official site to prepare for these changes and plan any necessary adjustments to their cloud resources.

Govern

Azure Cost Management

Microsoft Cost Management: 2024 Highlights

2024 has been a year full of innovations for Microsoft Cost Management, with significant improvements aimed at optimizing cloud expenses and enhancing FinOps capabilities. Here are the main updates introduced:

  • Cost Visibility A new tabbed interface for cost analysis in the Azure portal simplifies switching between views, creating reports, and analyzing expenses. Additionally, loading times have been improved, ensuring a smoother experience.
  • Data Export New datasets related to reservations, price lists, and combined cost formats have been added. The Parquet format with file compression reduces storage and network costs. Integration with Microsoft Fabric (preview) enables advanced analytics and reporting.
  • Copilot Enhancements AI has been further integrated with Cost Analysis to provide detailed cost insights. New features include estimating Azure OpenAI costs in simulation scenarios.
  • Azure OpenAI Costs New visualizations allow monitoring deployments based on tokens and PTUs, along with reservations.
  • Cost Allocation Billing tags with inheritance have been launched for more efficient cost management. Tagging functionalities have also been introduced for billing sections and payment profiles.
  • AKS Cost Views Kubernetes namespace cost tracking is now available, enabling application-specific cost allocation.
  • Cost Optimization One-month and one-year reservations for Azure OpenAI are now available, offering significant savings. New RBAC roles have been introduced to manage Azure savings plans.
  • Cloud Sustainability In preview, Azure’s carbon optimization tool helps monitor emissions data and propose eco-friendly and cost-effective actions.

Thanks to these updates, Microsoft Cost Management has enhanced FinOps efficiency, improved cost visibility, and supported sustainability initiatives, positioning itself as a key tool for cloud expense management in 2025.

Secure

Microsoft Defender for Cloud

Sensitivity Scanning Now Available for Azure File Shares

The “Sensitivity Scanning” feature in Microsoft Defender for Cloud, designed for security posture management (CSPM), now includes Azure file shares, available in General Availability. Previously, enabling the Defender CSPM plan on a subscription allowed automatic scanning of blob containers within storage accounts to identify sensitive data. This extension now includes file shares, improving risk analysis and protection for sensitive storage accounts.

Defender for Cloud CLI Integration with CI/CD Tools (Preview)

The CLI integration feature for Microsoft Defender for Cloud with CI/CD tools is now available in public preview. This integration allows CLI usage in CI/CD pipelines to scan and identify security vulnerabilities in containerized source code. Scans help development teams detect and resolve vulnerabilities during pipeline execution without disrupting workflows. Results are uploaded to Defender for Cloud, enabling security teams to correlate data with containers in container registries.

Use Cases:

  • Pipeline Scanning: Securely monitor all pipelines using the CLI.
  • Early Vulnerability Detection: Results are displayed in the pipeline and sent to Defender for Cloud.
  • Continuous Security: Improved visibility and quick response capabilities during development cycles without compromising productivity.

Defender for Cloud Configuration Experience

Microsoft Defender for Cloud introduces a new configuration experience that simplifies the initial setup for connecting cloud environments, including cloud infrastructure, code repositories, and external container registries. This feature allows for advanced security plan protection, quick actions to improve coverage at scale, and notifications about connectivity issues or new security features.

Updated Cloud Environment Scan Interval Options

The scan interval options for cloud connectors associated with AWS, GCP, Jfrog, and DockerHub have been updated. Scanning intervals can now be set to 4, 6, 12, or 24 hours when adding or modifying a cloud connector. By default, new connectors continue to use a 12-hour scan interval.

Defender for Endpoint Client Update for File Integrity Monitoring

To continue leveraging the File Integrity Monitoring (FIM) functionality in Microsoft Defender for Cloud, the Defender for Endpoint (MDE) client must meet specific minimum versions.

Protect

Azure Backup

Vaulted Backup for AKS

Azure Backup introduces support for vaulted backups for AKS, now generally available. This new feature enables cross-regional disaster recovery, long-term data retention, and immutability for backups, improving resilience and simplifying compliance for cloud-native applications. Customers can protect AKS clusters during regional disaster recovery events, store backup data for up to 10 years to meet regulatory requirements, and secure data in an offsite location to safeguard against ransomware threats.

Azure Evaluation

For those who wish to explore and personally evaluate the services offered by Azure, a unique opportunity is available: by accessing this page, you can test various features and services for free. This will allow you to better understand how Azure can adapt and improve your IT operations, while ensuring security and innovation.