Once again this month, I’m back with my recurring series focused on the evolution of Azure management and security services, with a special focus on hybrid and multicloud scenarios enabled by Azure Arc and enhanced by the use of Artificial Intelligence.
This monthly series aims to:
-
Provide an overview of the most relevant updates released by Microsoft;
-
Share operational tips and field-proven best practices to help architects and IT leaders manage complex and distributed environments more effectively;
-
Follow the evolution towards a centralized, proactive, and AI-driven management model, in line with Microsoft’s vision of AI-powered Management.
The key areas we will cover in this series, along with the corresponding tools and services, include:
🔹 Hybrid and multicloud environment management – with Azure Arc, which extends policy, security, management, and automation capabilities to on-premises and multicloud resources.
🔹 AI and intelligent automation – enabled by Microsoft Copilot in Azure, AIOps capabilities, and predictive tools to streamline operations and support smarter decision-making.
🔹 Security posture across hybrid and multicloud infrastructures – using Microsoft Defender for Cloud and other native services for vulnerability management and advanced threat protection.
🔹 Governance and policy management – leveraging tools such as Azure Policy, Azure Cost Management, and Resource Graph to ensure control, standardization, and cost/resource optimization.
🔹 Update & Patching – through Azure Update Management, Azure Automation, and native patching capabilities across Azure Arc-enabled environments.
🔹 Backup & Resilience – using Azure Backup and Azure Site Recovery to ensure business continuity, data protection, and disaster recovery.
🔹 Monitoring – with tools like Azure Monitor, Log Analytics, and Application Insights for comprehensive visibility and effective troubleshooting.
Hybrid and multicloud environment management
Measure, manage, and reduce carbon emissions in Azure
Microsoft has announced the general availability of the carbon optimization feature in Azure, a native solution designed to help organizations measure, manage, and reduce the carbon emissions generated by their cloud workloads. Integrated directly into the Azure portal, this feature provides preconfigured dashboards and KPIs to monitor environmental impact over time. Emission data is available at the individual resource level, offering a high level of detail and the ability to identify concrete optimization opportunities. Role-Based Access Control (RBAC) ensures that only authorized users can view relevant information. Additionally, operational recommendations are provided to support both emission reduction and cost savings. This announcement reaffirms Microsoft’s commitment to supporting customers in achieving more sustainable cloud management by offering integrated tools for more environmentally conscious IT decisions. A significant step forward for organizations that prioritize these aspects.
AI and intelligent automation
Microsoft Copilot in Azure
GitHub Copilot for Azure: smarter, more integrated cloud development
GitHub Copilot for Azure is now generally available—a solution that revolutionizes cloud development through an AI assistant seamlessly integrated with Azure resources. Designed to simplify and accelerate developers’ work, this tool supports Infrastructure as Code (IaC) using languages such as Bicep and Terraform, helps proactively identify and resolve issues, and provides contextual recommendations to improve code quality in real time. Copilot proves to be a valuable ally for those designing resilient and modern architectures, transforming how code is written, distributed environments are managed, and new cloud skills are acquired. Its availability marks a concrete step toward adopting an AI-enhanced cloud management model.
AI-powered Investigation for troubleshooting in Azure Monitor (preview)
The AI-powered Investigation feature is now available in Public Preview in Azure Monitor, aimed at improving the troubleshooting experience and speeding up the detection and resolution of issues in applications and infrastructure. Artificial intelligence deeply analyzes telemetry collected by Azure Monitor—including metrics, logs, resource status, alerts, and application topology—to identify anomalies and suggest potential root causes and solutions. Analyses are personalized through direct interaction with the AI, making results more accurate and relevant. A new entity, called an “issue,” aggregates all information related to a problem, seamlessly integrating these capabilities into the alert management workflow. Currently available for Application Insights, this feature will soon expand to other resources.
Copilot in SQL Server Management Studio (preview)
The new Copilot integration in SQL Server Management Studio (SSMS) is also now in Public Preview. This AI assistant is designed to help developers and administrators write, modify, and troubleshoot T-SQL queries using natural language. Copilot leverages the database context to provide personalized responses based on the specific environment, covering areas such as maintenance, configuration, and database management—whether in the cloud or on-premises. This innovation is part of Microsoft’s broader journey toward increasingly intelligent and proactive management tools, powered by AI to boost productivity and reduce the complexity of day-to-day operations.
Security posture across hybrid and multicloud infrastructures
Microsoft Defender for Cloud
New features, bug fixes, and deprecated features of Microsoft Defender for Cloud
The development of Microsoft Defender for Cloud is constantly evolving, with continuous improvements being introduced. To stay updated on the latest developments, Microsoft updates this page, which provides information on new features, bug fixes, and deprecated features. Specifically, this month’s main news includes:
- Active User (Public Preview): a new feature designed to help administrators quickly identify the most relevant users for each recommendation, based on recent control plane activity. For each recommendation, up to three active users are suggested at the resource, resource group, or subscription level. You can assign the recommendation, set a due date, and directly notify the assigned user, streamlining remediation workflows and reducing investigation time.
- General Availability of Defender for AI Services: runtime protection is now available for Azure AI services, previously known as threat protection for AI workloads. This protection covers specific AI-related scenarios such as jailbreak attempts, wallet abuse, data exposure, and suspicious access patterns, leveraging signals from Microsoft Threat Intelligence and Azure AI Prompt Shields.
- Security Copilot now GA in Defender for Cloud: the general availability of Microsoft Security Copilot enables faster risk response through AI-generated summaries, remediation suggestions, and automated notifications. Administrators can quickly summarize recommendations, generate remediation scripts, and delegate tasks via email, boosting the operational efficiency of security teams.
- Data and AI Security Dashboard: the new dashboard provides a unified and centralized view for monitoring the security posture of data and AI resources. It includes capabilities such as sensitive data discovery, identification of active AI resources (including containers, datasets, and models), and highlighting critical issues based on high-severity recommendations, alerts, and attack paths.
- Defender CSPM: Billing for MySQL and PostgreSQL Flexible Server starting June 2025: starting June 1, 2025, Microsoft will begin billing for Azure Database for MySQL Flexible Server and PostgreSQL Flexible Server workloads protected by Defender CSPM. No action is required from users, but monthly billing may change depending on the protected resources.
- Customizable filters for malware scanning on upload in Defender for Storage: Microsoft Defender for Storage now officially supports customizable filters for on-upload malware scanning. Users can define exclusion rules based on blob path prefixes or suffixes, as well as blob size. This update allows non-critical or temporary files, such as logs or transient files, to be excluded from scanning—optimizing security processes and helping reduce operational costs.
Governance and policy management
Azure Cost Management
Advanced Exports in Cost Management
Advanced exports in Cost Management are now generally available across all Azure regions and clouds. This feature introduces significant improvements in how organizations can automate the analysis of cost and usage data. Key enhancements include an expanded set of exportable datasets (including price sheets, recommendations, and reservation details), new export formats (CSV with Gzip compression, Parquet with Snappy compression), and support for the FinOps Open Cost and Usage Specification (FOCUS) version 1.0. Organizations can now configure partitioned files, enable overwrites, retrieve historical data (up to thirteen months via the portal, seven years through the REST API), and export to storage accounts protected by firewalls or network policies. Schema versioning is also supported, ensuring compatibility with existing data pipelines. This update is extremely valuable for streamlining FinOps workflows, managing costs at scale, and aligning with enterprise security and compliance requirements.
Improvements to Purchase Details in Cost Management for MCA Customers (Preview)
By June, new preview features will enhance purchase details in Cost Management for customers under the Microsoft Customer Agreement (MCA). The improvements primarily focus on reserved instances (RIs), Azure savings plans (ASPs), and third-party purchases made through the Azure Marketplace. Users will be able to view the subscription ID associated with RIs and ASPs, simplifying showback and chargeback activities. Start and end dates will display the full duration of the offer, and cost data will be available in both the billing currency and US dollars, facilitating comparison with list prices. For monthly-billed offers, the pricingCurrency and costInPricingCurrency fields will show values for each installment. For Marketplace purchases completed through the Azure portal, tag support will be added, and fields such as the resource URI, subscription ID, and resource group name (where supported) will be visible. Additionally, the “Effective Price” field will be available, expressed in the pricing currency. Partner customers will also be able to view purchases and refunds at the subscription level, improving transparency in cost management.
Backup & Resilience
Azure Backup
Backup for Azure Database for PostgreSQL – Flexible Server
The Vaulted Backup feature for Azure Database for PostgreSQL – Flexible Server is now generally available and managed through Azure Backup. This solution offers scalable and secure backups with fully automated management via scheduled policies, eliminating the need for manual intervention. Key benefits include enhanced security through immutable vaults and role-based access controls, long-term retention (LTR) of up to 10 years to meet global regulatory requirements, and enterprise-level management via the Azure Business Continuity Center, which enables unified operations and governance of all protected resources from a single console. This is an ideal solution for businesses and developers who require operational continuity and regulatory compliance in critical environments.
GRS and CRR Support for Azure Backup with Premium SSD v2 Expanded to New Regions
Geo-Redundant Storage (GRS) and Cross-Region Restore (CRR) support in Azure Backup for virtual machines using Premium SSD v2 is now available in even more regions. Premium SSD v2 is a high-performance block storage solution that offers low latency, high IOPS, and high throughput at a cost-effective rate. With GRS and CRR, data can be protected from irreversible loss and restored on demand in a secondary region, making this functionality ideal for audit or disaster recovery scenarios. Newly supported regions include Brazil South, South Central US, North Central US, East US 2, Central US, UK West, UK South, Canada East, Canada Central, West US, West Central US, West US 2, Australia Southeast, and Australia East. A strategic solution for ensuring the resilience of critical workloads.
Azure Backup for Elastic SAN (Preview)
Microsoft has announced the public preview of Azure Backup support for Elastic SAN—a fully managed solution for protecting and restoring Elastic SAN volumes. This integration allows data to be safeguarded against accidental deletion, ransomware attacks, and application updates by exporting Elastic SAN volumes into incremental Managed Disk snapshots, independent of the lifecycle of the original volumes. The snapshots are stored using locally redundant storage (LRS) and support up to 450 recovery points with a backup frequency of up to every 24 hours. Currently, the feature is available only in select Azure regions and supports volumes up to 4 TiB. During this preview phase, long-term vault backups and hourly backups are not available. There is no Azure Backup Protected Instance cost, but standard rates apply for incremental snapshots. This marks an important step toward native, scalable protection of modern SAN environments hosted in Azure.
Monitoring
Azure Monitor
Cross-region replication for Log Analytics Workspace
Cross-region replication for Log Analytics Workspace is now generally available. This feature enhances the resilience of distributed monitoring environments by allowing administrators to enable a replica of the workspace in a secondary geographic region. Once activated, the replication enables simultaneous log ingestion in both regions, ensuring uninterrupted visibility through dashboards, alerts, and advanced solutions like Microsoft Sentinel—even in the event of a regional outage. This represents a significant advancement in business continuity management for critical or geographically distributed environments.
Increased record limit per query in Log Analytics to 100,000
Azure Monitor Log Analytics has increased the record limit per query in the UI to 100,000, up from the previous limit of 30,000. This enhancement enables deeper analysis and more detailed investigations directly within the Azure portal, without the need for external tools to process large volumes of data. To enable this option, simply select “Max. limit” from the “Show” menu in the Logs interface or set it as the default value. Microsoft is actively monitoring usage and performance to assess future extensions. For even larger-scale analysis, exports of up to 500,000 records via API remain available.
Managed Prometheus visualizations and enhanced monitoring for AKS
Managed Prometheus-based visualizations in Azure Monitor are now generally available, offering a unified and enhanced monitoring experience for Azure Kubernetes Service (AKS). This update allows users to centralize all critical information for AKS cluster management in a single view, overcoming the limitations of previous Log Analytics-based dashboards. With integrated managed Prometheus, customers benefit from a more cost-effective and responsive observability solution. Key capabilities include: cost optimization by migrating from Log Analytics to Prometheus, improved query performance, integration with recommended Prometheus-based alerts, visibility into control plane components for deeper diagnostics, and an optimized multi-cluster view for large-scale monitoring. A significant step forward for managing containerized environments in Azure.
Recommended Prometheus alerts now available for AKS cluster
Recommended community Prometheus alerts are now directly available for Azure Kubernetes Service (AKS) clusters through the Azure portal. This feature significantly simplifies monitoring management by eliminating the need to download templates or use command-line tools. The predefined alerts provide comprehensive coverage across all layers of the cluster—infrastructure, nodes, and pods. The goal is to deliver a powerful tool for timely anomaly detection, simplified diagnostics, and enhanced reliability for containerized applications. Integration with managed Prometheus metrics further strengthens Microsoft’s strategy for centralized, proactive, and cloud-native operations management.
Simple Log Alerts in Azure Monitor (Preview)
As of May, the new Simple Log Alerts feature in Azure Monitor is available in Public Preview. Designed to simplify alert creation and improve event detection timeliness, this feature differs from Log Search-based alerts, which evaluate sets of rows over a time window. Simple Log Alerts evaluate each row individually, enabling near real-time notifications. With simplified use of KQL, alerts can be defined quickly and intuitively. This solution also supports log tiers previously excluded from alerting, such as Basic Logs and Analytics. The pricing model is similar to traditional alerts, with minute-based evaluation billing. This is a particularly useful feature in operational scenarios that require fast and granular responses.
Prometheus Community Recommended Alerts for Arc-enabled Kubernetes Clusters (Preview)
In Public Preview, one-click activation of Prometheus community recommended alerts is now available for Kubernetes clusters managed via Azure Arc. Accessible directly from the Azure portal, these alerts provide comprehensive coverage for cluster, node, and pod metrics, based on community-refined Prometheus rules. Previously, enabling these alerts required manual operations via CLI and templates. To activate them, the Azure Monitor managed service for Prometheus must be enabled on the cluster.
Managed Prometheus for Arc-enabled Kubernetes Clusters in Azure Monitor (Preview)
A new Azure Monitor feature is now in Public Preview, allowing telemetry data visualization for Arc-enabled Kubernetes clusters using Managed Prometheus. This integration offers a more performant and cost-effective alternative to collecting metric data via Log Analytics. With this update, customers can: reduce costs by migrating to Prometheus-managed metrics, improve query performance, adopt preconfigured Prometheus-based alert rules, and centrally monitor multiple clusters at scale. This marks an important evolution for managing distributed containerized environments, simplifying monitoring while maintaining high levels of control and resource optimization.
Granular RBAC in Log Analytics Workspaces (Preview)
A new feature in Public Preview enables more granular access control in Azure Monitor’s Log Analytics Workspaces. Through integration with Azure Attribute-Based Access Control (ABAC), it is now possible to define row-level RBAC within the same centralized workspace. This allows organizations to segment data access based on criteria such as job role, organizational unit, geographic location, or data sensitivity. This approach enables more precise governance aligned with least-privilege principles while retaining the advantages of a centralized log platform. It is especially well-suited for complex enterprise environments with high security requirements.
Conclusions
The latest updates from Microsoft for Azure confirm a clear and strategic direction: making the cloud increasingly sustainable, secure, and governable. The integration of artificial intelligence into tools such as GitHub Copilot for Azure, SQL Server Management Studio, and Azure Monitor is no longer a future promise—it is a concrete reality that is transforming the way developers, administrators, and analysts work every day. At the same time, the focus on sustainability—with native features for monitoring and reducing carbon emissions—marks a significant step toward more responsible and environmentally conscious IT. In parallel, improvements in security posture—thanks to Microsoft Defender for Cloud—and advancements in monitoring and backup help strengthen the resilience of hybrid and multicloud environments. Lastly, the latest innovations in governance and FinOps provide increasingly advanced tools for cost optimization and consumption transparency, benefiting both IT teams and financial decision-makers.
