Category Archives: Microsoft Azure

Azure IaaS and Azure Local: announcements and updates (May 2025 – Weeks: 21 and 22)

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Local, as officially released by Microsoft in the past two weeks.

Azure

General

GitHub Copilot for Azure

GitHub Copilot for Azure is now generally available, delivering a streamlined and intelligent development experience across the Azure ecosystem. Designed to enhance developer productivity, this solution integrates natively with Azure resources and offers support for Infrastructure as Code (IaC) through Bicep and Terraform. It enables efficient diagnostics and issue resolution, while providing real-time recommendations to improve code quality. GitHub Copilot for Azure acts as a comprehensive assistant, helping developers design resilient architectures, manage cloud resources, and elevate their Azure expertise with minimal disruption.

Cloudera on Cloud Available in Italy North Region

Cloudera on Cloud is now available in the Italy North Azure region through the Azure Marketplace. This availability expands the regional presence of Cloudera’s analytics and data platform, allowing customers in Italy to deploy and operate Cloudera environments more efficiently and in compliance with local data residency requirements.

Azure Chaos Studio available in ItalyNorth

Azure Chaos Studio has expanded its regional availability and is now offered in the ItalyNorth region. This service enables customers to improve the resilience of their applications by simulating faults and disruptions in a controlled manner. By testing real-world failure scenarios, organizations can proactively address reliability issues and strengthen the stability of their cloud workloads.

Retirement of Azure China North 1 and East 1 Regions

Microsoft has announced the planned retirement of the China North 1 and China East 1 regions, operated by 21Vianet, effective July 1, 2026. This decision follows an ongoing effort to modernize and optimize the Azure infrastructure in China. Customers are encouraged to migrate their resources to newer regions, such as China North 3, which offer improved performance, security, and support for advanced Azure services. To avoid service disruption, all migrations should be completed before the retirement date. Azure in China will continue its operations in multiple enhanced regions to meet evolving customer needs.

Azure Quota Groups

Azure Quota Groups is now generally available, bringing enhanced flexibility and centralized control for Enterprise Agreement (EA) and internal customers. This feature allows quotas to be shared across multiple subscriptions within a designated group, reducing the volume of individual quota requests and simplifying management. Through the use of a centralized Quota Group Azure Resource Manager (ARM) object, customers can self-manage their quota allocations—without requiring Microsoft approval. Benefits include the ability to reassign unused quota across subscriptions, reduced support overhead, and the ability to submit a single quota request for the entire group. Azure Quota Groups significantly streamlines resource governance and boosts operational efficiency.

Compute

ND96isr_H200_v5 Virtual Machines available in ItalyNorth

Azure has expanded the regional availability of ND96isr_H200_v5 Virtual Machines, which are now offered in the ItalyNorth region. These VMs are optimized for high-performance computing and AI workloads, providing enhanced GPU capabilities designed to accelerate demanding applications such as deep learning, data analytics, and large-scale simulations.

Network Optimized Azure Virtual Machines – Dnsv6, Dndsv6, Dnlsv6, Dnldsv6, Ensv6 and Endsv6 (preview)

Azure has introduced a new class of Network Optimized Virtual Machines, now in public preview, built on the 5th Generation Intel® Xeon® Platinum 8537C (Emerald Rapids) processors. These VMs provide enhanced performance and flexibility with three memory-to-core configurations and options with or without local SSDs. Leveraging Azure Boost, these VMs deliver superior network bandwidth per vCPU, increased vNIC capacity, and faster connection setup times. The new SKUs, including Dnsv6, Dndsv6, Dnlsv6, Dnldsv6, Ensv6, and Endsv6, expand the v6 family of Intel-based Azure VMs, making them ideal for network-intensive workloads.

Networking

Private Subnet

Azure announces the general availability of the private subnet functionality. Traditionally, virtual machines created in a virtual network without explicit outbound configuration were assigned a default outbound public IP address. These implicit IPs presented security challenges and lacked association with subscriptions, making them unreliable and difficult to manage. With the private subnet feature, any new subnet defaults to having “default outbound access” set to false, thus eliminating implicit outbound connectivity and promoting Azure’s “secure by default” principle. Users must now explicitly configure outbound access using services such as NAT Gateway or Public IP addresses. Starting September 30th, 2025, all new virtual networks will adopt this default behavior, although existing networks and older API versions will remain unaffected.

Azure Traffic Manager SLA Increased to 100%

Azure Traffic Manager now offers a 100% service level agreement (SLA) for global DNS resolution, guaranteeing uninterrupted resolution of DNS queries to healthy service endpoints. This enhancement reinforces Azure’s commitment to reliability and performance, ensuring that all Traffic Manager profiles automatically benefit from this updated SLA without requiring any customer-side changes.

Destination Network Address Translation (DNAT) on Azure Firewall Private IP address

Azure Firewall now supports Destination Network Address Translation (DNAT) rule configurations on its Private IP address, enabling port translations that were previously unavailable. This enhancement is particularly useful for enterprises dealing with overlapping IP ranges, such as during the integration of new partners or mergers and acquisitions. In hybrid networking scenarios, this feature allows on-premises datacenters to establish communication with Azure resources using private, non-routable IP addresses, ensuring seamless interoperability and connectivity across diverse environments.

Container Apps and Functions as Private Link enabled origins for Front Door Premium

Azure Front Door Premium now supports configuring Azure Container Apps and Azure Functions as Private Link enabled origins. This capability ensures secure backend communication by restricting origin exposure to the public internet. Even though users access content through public Front Door endpoints, the actual origin services remain securely accessible only via Private Link, improving overall network security posture for web applications and APIs.

Azure Front Door supports origin authentication via Managed Identities (preview)

Azure Front Door Standard and Premium now support origin authentication using Managed Identities, currently in public preview. This feature allows secure, identity-based access control between Front Door and its backend origins. By leveraging Managed Identities, customers can avoid the risks and operational overhead associated with managing credentials, ensuring that only authorized Front Door instances can access origin services.

VM Network Troubleshooter in Azure Portal (preview)

Azure has introduced a new VM Network Troubleshooter tool in the Azure Portal, now in public preview. Accessible from the VM Overview blade, this tool allows users to run diagnostics and detect common issues such as blocked ports. This feature significantly streamlines network troubleshooting, enabling quicker identification and resolution of connectivity problems that often affect virtual machine workloads.

Using Server-sent events with Application Gateway (preview)

Azure Application Gateway introduces preview support for Server-sent events (SSE), a technology that enables servers to push real-time updates to clients over persistent HTTP connections. This preview allows developers to build low-latency applications requiring continuous data streaming directly from the server. To utilize this capability, both the Application Gateway and the backend application must be configured appropriately. This feature enhances the ability to deliver dynamic content to clients while maintaining control over scalability and performance at the application delivery layer.

Storage

Availability Set Support for Premium SSD v2 Disk Storage

Azure has added support for Availability Sets with Premium SSD v2 (Pv2) disk storage in regions without Availability Zones, including Australia Southeast, Canada East, North Central US, UK West, West Central US, and West US. Premium SSD v2 offers scalable IOPS and throughput, low latency, and consistent performance—making it a strong choice for enterprise workloads such as SQL Server, Oracle, SAP, and big data platforms. This enhancement allows customers in these regions to build resilient architectures using Availability Sets, ensuring higher availability even in the absence of zonal infrastructure.

Customer-managed keys for Azure NetApp Files volume encryption with Azure Key Vault Managed HSM

Azure NetApp Files now supports customer-managed keys for volume encryption using Azure Key Vault Managed HSM. This enhancement provides an elevated level of security, transitioning from FIPS 140-2 Level 2 to Level 3 compliance for critical deployments. The use of Managed HSM is particularly relevant in sectors that demand high-security standards, such as financial services, public sector, telecommunications, and energy. Applications benefiting from this include payment processing systems, authentication services, and solutions requiring application-level encryption.

Encryption in Transit for Azure Files NFS Shares (preview)

Microsoft has introduced support for encryption in transit for Azure Files NFS v4.1 shares, now available in public preview. This feature enhances data protection by enabling TLS-based encryption for NFS traffic, securing data as it travels between applications and Azure File shares. The solution integrates with the lightweight AZNFS mount helper to deliver a seamless user experience, and it offers flexibility by allowing connections to be mounted with or without encryption, depending on user requirements.

Live Resize for Premium SSD v2 and Ultra NVMe Disks (preview)

Microsoft has announced the public preview of Live Resize for Premium SSD v2 (Pv2) and Ultra NVMe Disks. This new capability enables users to dynamically increase the storage capacity of their disks without causing any disruption to running applications. With Live Resize, organizations can adopt a more cost-effective storage strategy by starting with smaller disk sizes and scaling up as needed—ensuring flexibility, efficiency, and continuous application availability.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Local. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

Azure Hybrid Management & Security: What’s New and Insights from the Field – May 2025

Once again this month, I’m back with my recurring series focused on the evolution of Azure management and security services, with a special focus on hybrid and multicloud scenarios enabled by Azure Arc and enhanced by the use of Artificial Intelligence.

This monthly series aims to:

  • Provide an overview of the most relevant updates released by Microsoft;

  • Share operational tips and field-proven best practices to help architects and IT leaders manage complex and distributed environments more effectively;

  • Follow the evolution towards a centralized, proactive, and AI-driven management model, in line with Microsoft’s vision of AI-powered Management.

The key areas we will cover in this series, along with the corresponding tools and services, include:

🔹 Hybrid and multicloud environment management – with Azure Arc, which extends policy, security, management, and automation capabilities to on-premises and multicloud resources.

🔹 AI and intelligent automation – enabled by Microsoft Copilot in Azure, AIOps capabilities, and predictive tools to streamline operations and support smarter decision-making.

🔹 Security posture across hybrid and multicloud infrastructures – using Microsoft Defender for Cloud and other native services for vulnerability management and advanced threat protection.

🔹 Governance and policy management – leveraging tools such as Azure Policy, Azure Cost Management, and Resource Graph to ensure control, standardization, and cost/resource optimization.

🔹 Update & Patching – through Azure Update Management, Azure Automation, and native patching capabilities across Azure Arc-enabled environments.

🔹 Backup & Resilience – using Azure Backup and Azure Site Recovery to ensure business continuity, data protection, and disaster recovery.

🔹 Monitoring – with tools like Azure Monitor, Log Analytics, and Application Insights for comprehensive visibility and effective troubleshooting.

Hybrid and multicloud environment management

Measure, manage, and reduce carbon emissions in Azure

Microsoft has announced the general availability of the carbon optimization feature in Azure, a native solution designed to help organizations measure, manage, and reduce the carbon emissions generated by their cloud workloads. Integrated directly into the Azure portal, this feature provides preconfigured dashboards and KPIs to monitor environmental impact over time. Emission data is available at the individual resource level, offering a high level of detail and the ability to identify concrete optimization opportunities. Role-Based Access Control (RBAC) ensures that only authorized users can view relevant information. Additionally, operational recommendations are provided to support both emission reduction and cost savings. This announcement reaffirms Microsoft’s commitment to supporting customers in achieving more sustainable cloud management by offering integrated tools for more environmentally conscious IT decisions. A significant step forward for organizations that prioritize these aspects.

AI and intelligent automation

Microsoft Copilot in Azure

GitHub Copilot for Azure: smarter, more integrated cloud development

GitHub Copilot for Azure is now generally available—a solution that revolutionizes cloud development through an AI assistant seamlessly integrated with Azure resources. Designed to simplify and accelerate developers’ work, this tool supports Infrastructure as Code (IaC) using languages such as Bicep and Terraform, helps proactively identify and resolve issues, and provides contextual recommendations to improve code quality in real time. Copilot proves to be a valuable ally for those designing resilient and modern architectures, transforming how code is written, distributed environments are managed, and new cloud skills are acquired. Its availability marks a concrete step toward adopting an AI-enhanced cloud management model.

AI-powered Investigation for troubleshooting in Azure Monitor (preview)

The AI-powered Investigation feature is now available in Public Preview in Azure Monitor, aimed at improving the troubleshooting experience and speeding up the detection and resolution of issues in applications and infrastructure. Artificial intelligence deeply analyzes telemetry collected by Azure Monitor—including metrics, logs, resource status, alerts, and application topology—to identify anomalies and suggest potential root causes and solutions. Analyses are personalized through direct interaction with the AI, making results more accurate and relevant. A new entity, called an “issue,” aggregates all information related to a problem, seamlessly integrating these capabilities into the alert management workflow. Currently available for Application Insights, this feature will soon expand to other resources.

Copilot in SQL Server Management Studio (preview)

The new Copilot integration in SQL Server Management Studio (SSMS) is also now in Public Preview. This AI assistant is designed to help developers and administrators write, modify, and troubleshoot T-SQL queries using natural language. Copilot leverages the database context to provide personalized responses based on the specific environment, covering areas such as maintenance, configuration, and database management—whether in the cloud or on-premises. This innovation is part of Microsoft’s broader journey toward increasingly intelligent and proactive management tools, powered by AI to boost productivity and reduce the complexity of day-to-day operations.

Security posture across hybrid and multicloud infrastructures

Microsoft Defender for Cloud

New features, bug fixes, and deprecated features of Microsoft Defender for Cloud

The development of Microsoft Defender for Cloud is constantly evolving, with continuous improvements being introduced. To stay updated on the latest developments, Microsoft updates this page, which provides information on new features, bug fixes, and deprecated features. Specifically, this month’s main news includes:

  • Active User (Public Preview): a new feature designed to help administrators quickly identify the most relevant users for each recommendation, based on recent control plane activity. For each recommendation, up to three active users are suggested at the resource, resource group, or subscription level. You can assign the recommendation, set a due date, and directly notify the assigned user, streamlining remediation workflows and reducing investigation time.
  • General Availability of Defender for AI Services: runtime protection is now available for Azure AI services, previously known as threat protection for AI workloads. This protection covers specific AI-related scenarios such as jailbreak attempts, wallet abuse, data exposure, and suspicious access patterns, leveraging signals from Microsoft Threat Intelligence and Azure AI Prompt Shields.
  • Security Copilot now GA in Defender for Cloud: the general availability of Microsoft Security Copilot enables faster risk response through AI-generated summaries, remediation suggestions, and automated notifications. Administrators can quickly summarize recommendations, generate remediation scripts, and delegate tasks via email, boosting the operational efficiency of security teams.
  • Data and AI Security Dashboard: the new dashboard provides a unified and centralized view for monitoring the security posture of data and AI resources. It includes capabilities such as sensitive data discovery, identification of active AI resources (including containers, datasets, and models), and highlighting critical issues based on high-severity recommendations, alerts, and attack paths.
  • Defender CSPM: Billing for MySQL and PostgreSQL Flexible Server starting June 2025: starting June 1, 2025, Microsoft will begin billing for Azure Database for MySQL Flexible Server and PostgreSQL Flexible Server workloads protected by Defender CSPM. No action is required from users, but monthly billing may change depending on the protected resources.
  • Customizable filters for malware scanning on upload in Defender for Storage: Microsoft Defender for Storage now officially supports customizable filters for on-upload malware scanning. Users can define exclusion rules based on blob path prefixes or suffixes, as well as blob size. This update allows non-critical or temporary files, such as logs or transient files, to be excluded from scanning—optimizing security processes and helping reduce operational costs.

Governance and policy management

Azure Cost Management

Advanced Exports in Cost Management

Advanced exports in Cost Management are now generally available across all Azure regions and clouds. This feature introduces significant improvements in how organizations can automate the analysis of cost and usage data. Key enhancements include an expanded set of exportable datasets (including price sheets, recommendations, and reservation details), new export formats (CSV with Gzip compression, Parquet with Snappy compression), and support for the FinOps Open Cost and Usage Specification (FOCUS) version 1.0. Organizations can now configure partitioned files, enable overwrites, retrieve historical data (up to thirteen months via the portal, seven years through the REST API), and export to storage accounts protected by firewalls or network policies. Schema versioning is also supported, ensuring compatibility with existing data pipelines. This update is extremely valuable for streamlining FinOps workflows, managing costs at scale, and aligning with enterprise security and compliance requirements.

Improvements to Purchase Details in Cost Management for MCA Customers (Preview)

By June, new preview features will enhance purchase details in Cost Management for customers under the Microsoft Customer Agreement (MCA). The improvements primarily focus on reserved instances (RIs), Azure savings plans (ASPs), and third-party purchases made through the Azure Marketplace. Users will be able to view the subscription ID associated with RIs and ASPs, simplifying showback and chargeback activities. Start and end dates will display the full duration of the offer, and cost data will be available in both the billing currency and US dollars, facilitating comparison with list prices. For monthly-billed offers, the pricingCurrency and costInPricingCurrency fields will show values for each installment. For Marketplace purchases completed through the Azure portal, tag support will be added, and fields such as the resource URI, subscription ID, and resource group name (where supported) will be visible. Additionally, the “Effective Price” field will be available, expressed in the pricing currency. Partner customers will also be able to view purchases and refunds at the subscription level, improving transparency in cost management.

Backup & Resilience

Azure Backup

Backup for Azure Database for PostgreSQL – Flexible Server

The Vaulted Backup feature for Azure Database for PostgreSQL – Flexible Server is now generally available and managed through Azure Backup. This solution offers scalable and secure backups with fully automated management via scheduled policies, eliminating the need for manual intervention. Key benefits include enhanced security through immutable vaults and role-based access controls, long-term retention (LTR) of up to 10 years to meet global regulatory requirements, and enterprise-level management via the Azure Business Continuity Center, which enables unified operations and governance of all protected resources from a single console. This is an ideal solution for businesses and developers who require operational continuity and regulatory compliance in critical environments.

GRS and CRR Support for Azure Backup with Premium SSD v2 Expanded to New Regions

Geo-Redundant Storage (GRS) and Cross-Region Restore (CRR) support in Azure Backup for virtual machines using Premium SSD v2 is now available in even more regions. Premium SSD v2 is a high-performance block storage solution that offers low latency, high IOPS, and high throughput at a cost-effective rate. With GRS and CRR, data can be protected from irreversible loss and restored on demand in a secondary region, making this functionality ideal for audit or disaster recovery scenarios. Newly supported regions include Brazil South, South Central US, North Central US, East US 2, Central US, UK West, UK South, Canada East, Canada Central, West US, West Central US, West US 2, Australia Southeast, and Australia East. A strategic solution for ensuring the resilience of critical workloads.

Azure Backup for Elastic SAN (Preview)

Microsoft has announced the public preview of Azure Backup support for Elastic SAN—a fully managed solution for protecting and restoring Elastic SAN volumes. This integration allows data to be safeguarded against accidental deletion, ransomware attacks, and application updates by exporting Elastic SAN volumes into incremental Managed Disk snapshots, independent of the lifecycle of the original volumes. The snapshots are stored using locally redundant storage (LRS) and support up to 450 recovery points with a backup frequency of up to every 24 hours. Currently, the feature is available only in select Azure regions and supports volumes up to 4 TiB. During this preview phase, long-term vault backups and hourly backups are not available. There is no Azure Backup Protected Instance cost, but standard rates apply for incremental snapshots. This marks an important step toward native, scalable protection of modern SAN environments hosted in Azure.

Monitoring

Azure Monitor

Cross-region replication for Log Analytics Workspace

Cross-region replication for Log Analytics Workspace is now generally available. This feature enhances the resilience of distributed monitoring environments by allowing administrators to enable a replica of the workspace in a secondary geographic region. Once activated, the replication enables simultaneous log ingestion in both regions, ensuring uninterrupted visibility through dashboards, alerts, and advanced solutions like Microsoft Sentinel—even in the event of a regional outage. This represents a significant advancement in business continuity management for critical or geographically distributed environments.

Increased record limit per query in Log Analytics to 100,000

Azure Monitor Log Analytics has increased the record limit per query in the UI to 100,000, up from the previous limit of 30,000. This enhancement enables deeper analysis and more detailed investigations directly within the Azure portal, without the need for external tools to process large volumes of data. To enable this option, simply select “Max. limit” from the “Show” menu in the Logs interface or set it as the default value. Microsoft is actively monitoring usage and performance to assess future extensions. For even larger-scale analysis, exports of up to 500,000 records via API remain available.

Managed Prometheus visualizations and enhanced monitoring for AKS

Managed Prometheus-based visualizations in Azure Monitor are now generally available, offering a unified and enhanced monitoring experience for Azure Kubernetes Service (AKS). This update allows users to centralize all critical information for AKS cluster management in a single view, overcoming the limitations of previous Log Analytics-based dashboards. With integrated managed Prometheus, customers benefit from a more cost-effective and responsive observability solution. Key capabilities include: cost optimization by migrating from Log Analytics to Prometheus, improved query performance, integration with recommended Prometheus-based alerts, visibility into control plane components for deeper diagnostics, and an optimized multi-cluster view for large-scale monitoring. A significant step forward for managing containerized environments in Azure.

Recommended Prometheus alerts now available for AKS cluster

Recommended community Prometheus alerts are now directly available for Azure Kubernetes Service (AKS) clusters through the Azure portal. This feature significantly simplifies monitoring management by eliminating the need to download templates or use command-line tools. The predefined alerts provide comprehensive coverage across all layers of the cluster—infrastructure, nodes, and pods. The goal is to deliver a powerful tool for timely anomaly detection, simplified diagnostics, and enhanced reliability for containerized applications. Integration with managed Prometheus metrics further strengthens Microsoft’s strategy for centralized, proactive, and cloud-native operations management.

Simple Log Alerts in Azure Monitor (Preview)

As of May, the new Simple Log Alerts feature in Azure Monitor is available in Public Preview. Designed to simplify alert creation and improve event detection timeliness, this feature differs from Log Search-based alerts, which evaluate sets of rows over a time window. Simple Log Alerts evaluate each row individually, enabling near real-time notifications. With simplified use of KQL, alerts can be defined quickly and intuitively. This solution also supports log tiers previously excluded from alerting, such as Basic Logs and Analytics. The pricing model is similar to traditional alerts, with minute-based evaluation billing. This is a particularly useful feature in operational scenarios that require fast and granular responses.

Prometheus Community Recommended Alerts for Arc-enabled Kubernetes Clusters (Preview)

In Public Preview, one-click activation of Prometheus community recommended alerts is now available for Kubernetes clusters managed via Azure Arc. Accessible directly from the Azure portal, these alerts provide comprehensive coverage for cluster, node, and pod metrics, based on community-refined Prometheus rules. Previously, enabling these alerts required manual operations via CLI and templates. To activate them, the Azure Monitor managed service for Prometheus must be enabled on the cluster.

Managed Prometheus for Arc-enabled Kubernetes Clusters in Azure Monitor (Preview)

A new Azure Monitor feature is now in Public Preview, allowing telemetry data visualization for Arc-enabled Kubernetes clusters using Managed Prometheus. This integration offers a more performant and cost-effective alternative to collecting metric data via Log Analytics. With this update, customers can: reduce costs by migrating to Prometheus-managed metrics, improve query performance, adopt preconfigured Prometheus-based alert rules, and centrally monitor multiple clusters at scale. This marks an important evolution for managing distributed containerized environments, simplifying monitoring while maintaining high levels of control and resource optimization.

Granular RBAC in Log Analytics Workspaces (Preview)

A new feature in Public Preview enables more granular access control in Azure Monitor’s Log Analytics Workspaces. Through integration with Azure Attribute-Based Access Control (ABAC), it is now possible to define row-level RBAC within the same centralized workspace. This allows organizations to segment data access based on criteria such as job role, organizational unit, geographic location, or data sensitivity. This approach enables more precise governance aligned with least-privilege principles while retaining the advantages of a centralized log platform. It is especially well-suited for complex enterprise environments with high security requirements.

Conclusions

The latest updates from Microsoft for Azure confirm a clear and strategic direction: making the cloud increasingly sustainable, secure, and governable. The integration of artificial intelligence into tools such as GitHub Copilot for Azure, SQL Server Management Studio, and Azure Monitor is no longer a future promise—it is a concrete reality that is transforming the way developers, administrators, and analysts work every day. At the same time, the focus on sustainability—with native features for monitoring and reducing carbon emissions—marks a significant step toward more responsible and environmentally conscious IT. In parallel, improvements in security posture—thanks to Microsoft Defender for Cloud—and advancements in monitoring and backup help strengthen the resilience of hybrid and multicloud environments. Lastly, the latest innovations in governance and FinOps provide increasingly advanced tools for cost optimization and consumption transparency, benefiting both IT teams and financial decision-makers.

Azure IaaS and Azure Local: announcements and updates (May 2025 – Weeks: 19 and 20)

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Local, as officially released by Microsoft in the past two weeks.

Azure

General

Carbon optimization in Azure

Microsoft has announced the General Availability of carbon optimization in Azure, a built-in solution designed to help organizations measure, manage, and reduce carbon emissions from their Azure workloads. With this capability, customers gain access to built-in dashboards and KPIs directly in the Azure portal, enabling them to track sustainability progress over time. The service provides detailed, resource-level emissions data, unlocking opportunities for deeper optimization. Role-based access control (RBAC) ensures that relevant stakeholders can access appropriate data. Additionally, actionable recommendations are offered to support both carbon reduction and cost savings. This release underscores Microsoft’s commitment to empowering customers to align their cloud operations with sustainability objectives, offering native tools to support greener decision-making across IT environments.

Perth – Azure Extended Zones (preview)

Microsoft has announced the public preview of the Perth Azure Extended Zone. Azure Extended Zones are small-scale Azure deployments located in specific metros, industrial hubs, or jurisdictions to support low-latency applications and enforce data residency requirements. These zones are capable of running virtual machines, containers, storage solutions, and selected Azure services. With the introduction of the Perth Extended Zone, customers in the region can now run latency-sensitive and high-throughput workloads closer to their end users, improving performance while aligning with regulatory and data governance mandates.

Networking

ExpressRoute Metro available in Italy North with Equinix

ExpressRoute Metro is now available in the Italy North region in partnership with Equinix. This connectivity option allows customers to establish private, resilient network connections to Microsoft cloud services through Equinix infrastructure. ExpressRoute Metro offers low-latency, high-bandwidth connectivity within metropolitan areas, supporting performance-sensitive workloads and regulatory compliance needs for businesses operating in or near the Italy North region.

Azure Virtual Network Manager high-scale private endpoints in connected groups (preview)

Microsoft has introduced the public preview of high-scale private endpoints within connected groups using Azure Virtual Network Manager. This new capability is designed to address the growing scalability needs of complex enterprise network environments in Azure. It enables the support of up to 20,000 private endpoints within a single connected group, significantly increasing the ability to scale private connectivity across large environments. This enhancement allows organizations to manage a broader set of workloads efficiently, improving network architecture flexibility while maintaining strong isolation and security.

Storage

Azure File Sync in Italy North

Microsoft has expanded the availability of Azure File Sync to the Italy North region. Azure File Sync provides a hybrid storage solution that allows organizations to tier data from on-premises Windows Servers to Azure Files, optimizing performance while reducing on-premises storage requirements. This expansion brings the service closer to customers in the region, offering reduced latency, improved performance, and compliance with local data residency regulations. With Azure File Sync, businesses can maintain the compatibility and flexibility of traditional file servers while benefiting from the scalability and cost-efficiency of the Azure cloud.

Azure Archive Storage in Italy North

Azure Archive Storage is now available in the Italy North region. This service provides a secure, low-cost option for storing rarely accessed data, such as compliance archives, backup data, and long-term retention files. With this regional expansion, customers in Italy can now benefit from reduced latency and improved data residency compliance when leveraging Azure Archive Storage for their cold data needs.

Azure Storage Actions – Serverless storage data management

Microsoft has announced the general availability of Azure Storage Actions, a fully managed serverless platform for automating data management tasks across Azure Blob and Data Lake Storage. Available in select Azure regions, Storage Actions empowers organizations to scan, analyze, and process billions of objects across multiple storage accounts without writing code. The solution supports the use of blob tags and metadata as dynamic parameters, allowing fine-grained control over how each object is handled. An integrated dashboard provides visibility into operations, including detailed drill-downs. By combining a no-code experience with serverless scalability, Azure Storage Actions significantly simplifies and accelerates storage data workflows.

Azure Premium SSD v2 now available in more regions

Azure Premium SSD v2 is now available in several additional non-availability-zone (non-AZ) regions, including US West, UK West, Canada East, Australia Southeast, North Central US, West Central US, Australia Central 2, and Norway West. Premium SSD v2 is a next-generation general-purpose block storage offering that delivers sub-millisecond latency and optimized price-performance for I/O-intensive enterprise workloads. It is ideal for a wide array of use cases such as SQL Server, Oracle, MariaDB, SAP, Cassandra, MongoDB, big data analytics, gaming on virtual machines, and stateful container deployments. This expansion brings high-performance storage closer to more global Azure customers.

Azure NetApp Files support for Active Directory connection per NetApp account

Azure NetApp Files now offers general availability of Active Directory connection per NetApp account. This feature enables each NetApp account to connect independently to its own Active Directory Forest and Domain, allowing multiple, distinct Active Directory configurations within a single Azure region and subscription. With this functionality, organizations can achieve better operational segregation, enhance security, and simplify hosting of specialized or multi-tenant environments. The association of SMB volumes to specific Active Directory connections per NetApp account further streamlines identity and access management across different organizational contexts.

Azure NetApp Files cross-zone and cross-region replication across subscriptions

Azure NetApp Files now supports replication across different subscriptions under the same tenant, enabling cross-subscription replication. This enhancement significantly improves disaster recovery and operational flexibility by utilizing NetApp SnapMirror technology, which optimizes data transfer by replicating only changed blocks in a compressed format. The feature supports both cross-zone replication across all Azure NetApp Files regions with availability zones and cross-region replication across all supported regions. Organizations can now better manage and protect data across different organizational units or cost centers while maintaining efficient and secure replication practices.

Azure NetApp Files cross-zone-region replication (preview)

Microsoft has introduced the public preview of cross-zone-region replication (CZRR) for Azure NetApp Files, a capability that extends existing cross-region and cross-zone replication functionalities. CZRR allows replication of volumes not only across different Azure regions but also across availability zones within the same region. This dual-layer replication enhances both disaster recovery and business continuity. Customers can configure protection by combining various replication setups, such as one cross-zone and one cross-region replication relationship, two cross-region replications, or two cross-zone replications. For cross-zone replication, the source volume must reside in an availability zone. This preview feature aims to deliver higher resilience and data protection for critical workloads.

Azure Premium SSD v2 Disk Storage in Japan West

Azure Premium SSD v2 (Pv2) Disk Storage is now available in the Japan West region. Pv2 represents Azure’s next-generation general-purpose block storage, engineered to provide sub-millisecond latency, flexible scalability, and cost efficiency. It allows users to independently scale IOPS, throughput, and capacity, making it suitable for a wide variety of production workloads. Pv2 supports relational databases such as SQL Server, Oracle, and MariaDB, NoSQL platforms like Cassandra and MongoDB, as well as SAP systems, analytics tasks, gaming environments, and stateful containerized applications. This expansion delivers high-performance disk storage closer to customers in Japan West, enhancing workload responsiveness and data locality.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Local. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

Azure IaaS and Azure Local: announcements and updates (May 2025 – Weeks: 17 and 18)

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Local, as officially released by Microsoft in the past two weeks.

Azure

General

Microsoft Announces New European Digital Commitments

Microsoft has introduced five new commitments to deepen its partnership with Europe, focusing on digital resilience, data privacy, cybersecurity, and competitiveness. These actions reflect Microsoft’s goal to align with European values and regulations.

1. Expanding AI and Cloud Infrastructure
Microsoft will boost its European datacenter capacity by 40% over two years, covering 16 countries. This includes public and sovereign cloud operations, and partnerships with firms like Bleu (France) and Delos Cloud (Germany). Microsoft aims to support innovation while complying with EU laws.

2. Strengthening Digital Resilience
Microsoft will operate European cloud services under a Europe-based board and uphold a Digital Resilience Commitment, pledging to challenge any external attempts to disrupt services. Code backups in Switzerland and continuity partnerships will ensure service reliability.

3. Safeguarding Data Privacy
With the EU Data Boundary project completed, Microsoft enables customers to keep data within the EU. Customers can encrypt data with their own keys, use lockboxes, and restrict Microsoft access. Microsoft also legally defends against unlawful data requests.

4. Boosting Cybersecurity
Microsoft has supported Ukraine and NATO with $500 million in cybersecurity aid and intelligence. A new Deputy CISO for Europe will oversee compliance with EU cybersecurity regulations like DORA and CRA. Independent audits will confirm adherence.

5. Supporting Competitiveness and Open Source
Through its AI Access Principles, Microsoft ensures open access to over 1,800 AI models, many of them open-source. The company supports European businesses and research institutions in applying AI, and commits to continued local collaboration.

These commitments underline Microsoft’s long-term dedication to Europe’s digital future and its respect for local governance.

Semantic Ranker for Azure AI Search now available on ItalyNorth

The Semantic Ranker feature in Azure AI Search is now generally available in the ItalyNorth region. This capability enhances the relevance of search results by using deep learning models to understand the semantic meaning behind user queries. It enables more accurate and contextually appropriate responses, particularly beneficial for AI-powered applications requiring advanced search functionalities.

Azure Functions Flex Consumption plan hosting now available on ItalyNorth

The Flex Consumption plan for Azure Functions is now available in the ItalyNorth cloud region. This Linux-based hosting option builds upon the pay-as-you-go Consumption model, offering greater flexibility and customization. It introduces capabilities such as private networking, selectable instance memory sizes, and rapid, large-scale out scenarios—all while maintaining a serverless billing model. This provides developers with enhanced control over their serverless workloads without compromising on scalability or cost-efficiency.

UAE North regional availability with Microsoft Dev Box

Microsoft Dev Box is now available in the United Arab Emirates (UAE) North region. This expansion enables customers in the UAE and nearby areas to provision developer workstations closer to their users and data sources, enhancing performance and ensuring compliance with data residency requirements. With this regional support, organizations can now benefit from faster provisioning times and improved network performance for Dev Box environments.

Compute

Azure Compute Fleet

Azure Compute Fleet is now generally available across all Azure regions, offering a scalable and flexible way to deploy up to 10,000 virtual machines in a single fleet. This service intelligently selects and provisions VM instances that match specified parameters—such as core count, RAM, region, pricing model, and VM SKU—ensuring optimal resource allocation for diverse workloads. Azure Compute Fleet also includes robust management features to automatically adjust deployment based on factors like Spot VM evictions, capacity shortages, and cost optimization needs. It is particularly valuable for customers requiring dynamic scaling with a wide variety of VM configurations.

Instance Mix for Virtual Machine Scale Sets

Instance mix is now generally available for Virtual Machine Scale Sets, enabling the use of multiple VM sizes within a single scale set deployment. This new feature offers enhanced flexibility and cost optimization by allowing customers to specify a mix of VM sizes tailored to their workload requirements. It also includes allocation strategies that can prioritize either price or capacity based on customer preferences. With instance mix, deployments benefit from increased capacity availability and simplified management of diverse VM resources within a unified scale set. In addition, customers leveraging Spot Priority Mix can combine both Spot and On-Demand VM instances, further increasing their ability to secure necessary capacity at optimized costs.

Improve the security of Generation 2 VMs via Trusted Launch in Azure DevTest Labs (preview)

Trusted Launch is now available in public preview for Generation 2 virtual machines (Gen2 VMs) within Azure DevTest Labs. This feature introduces a set of coordinated infrastructure technologies that enhance protection against sophisticated and persistent threats. By leveraging Trusted Launch, users can enable key security capabilities—such as secure boot and virtual TPM—independently, thereby hardening their Gen2 VMs without significant configuration overhead. This enhancement is part of Azure’s ongoing efforts to provide secure-by-default infrastructure for development and testing environments.

Improve the security of Generation 2 VMs via Trusted Launch in Azure DevTest Labs (preview)

Trusted Launch is now available in public preview for Generation 2 virtual machines (Gen2 VMs) within Azure DevTest Labs. This feature introduces a set of coordinated infrastructure technologies that enhance protection against sophisticated and persistent threats. By leveraging Trusted Launch, users can enable key security capabilities—such as secure boot and virtual TPM—independently, thereby hardening their Gen2 VMs without significant configuration overhead. This enhancement is part of Azure’s ongoing efforts to provide secure-by-default infrastructure for development and testing environments.

Networking

Azure Firewall integration in Security Copilot

The integration of Azure Firewall with Microsoft Security Copilot enhances the way analysts investigate threats by leveraging natural language interactions. This feature enables users to analyze malicious traffic intercepted by the Intrusion Detection and Prevention System (IDPS) across all deployed firewalls without writing complex KQL queries. Through either the Security Copilot portal or the Copilot in Azure experience, users can: retrieve the top IDPS signature hits, enrich threat profiles with additional intelligence, perform fleet-wide signature searches across tenants, and generate environment-specific security recommendations. This integration streamlines threat analysis and empowers teams with faster, more actionable insights.

Azure Firewall Log Tables Now Supported in Azure Monitor Basic Plan

All resource-specific log tables for Azure Firewall now support the Azure Monitor Basic log plan. This addition enables customers to reduce their logging costs by up to 80%. While this plan provides significant savings, it is important to note that it does not support integrations with Policy Analytics or Microsoft Security Copilot. Organizations looking to balance cost efficiency with basic firewall logging capabilities may find this update especially beneficial.

Next hop IP support for Virtual WAN

Azure Virtual WAN has introduced support for Next hop IP, enhancing routing flexibility for complex networking scenarios. The virtual hub router within Azure Virtual WAN can now peer with Network Virtual Appliances (NVAs) or BGP-enabled endpoints to exchange routes directly. This enables customers to advertise routes for virtual machines that reside behind load balancers, streamlining traffic flows and optimizing network architecture across virtual hubs. This improvement significantly simplifies route management in hybrid and large-scale cloud networks.

Azure virtual network terminal access point (TAP) (preview)

Azure Virtual Network TAP is now in public preview, offering a powerful way to stream virtual machine network traffic directly to packet collectors or analysis tools. This agentless solution eliminates the need for additional appliances or changes to existing network topologies, enabling transparent traffic mirroring with zero impact on VM performance. Furthermore, mirrored traffic does not count against the VM’s bandwidth quota. With broad compatibility across third-party tools, Virtual Network TAP facilitates robust integration into existing security and monitoring frameworks—an essential advancement for organizations requiring deep network visibility in their cloud environments.

Azure WAF CAPTCHA Challenge for Azure Front Door (preview)

Azure Web Application Firewall (WAF) for Azure Front Door now includes CAPTCHA challenge support in public preview. This new capability introduces an adaptive layer of defense to mitigate threats from automated attacks such as bots, scrapers, and brute-force attempts, which often bypass traditional protections like IP filtering or rate limiting. By requiring real-time human verification through an interactive CAPTCHA, this feature enhances application security while maintaining usability for legitimate users. It provides a modern and effective way to safeguard web applications from malicious automated traffic.

Storage

Next-Generation Azure Data Box Devices Now Available

Microsoft has announced the general availability of the next-generation Azure Data Box 120 and Azure Data Box 525. These compact, NVMe-based devices are now available for order in the US, US Gov, Canada, EU, and UK Azure regions, with broader regional availability expected soon. Since their preview debut at Ignite ’24, these devices have successfully facilitated petabyte-scale data ingestion across numerous customer projects and industry verticals. Customers have reported up to 10x improvements in data transfer speeds, citing enhanced reliability and efficiency as key benefits. The design of these devices is based on extensive customer feedback and reflects the growing demands of large-scale data migrations. Azure Data Box continues to offer one of the most cost-effective solutions for offline data transfers, with a competitive price per terabyte and seamless ordering through the Azure portal.

Cross-Region Data Transfer Support in Azure Data Box

Azure Data Box now supports cross-region data transfer for all Azure region pairs, marking a significant enhancement in flexibility for distributed storage strategies. Customers can now upload data from any on-premises location directly to any Azure region, eliminating the need to physically transport the device across commerce boundaries. For example, data collected in Japan can be uploaded to an Azure data center in the European Union, while the Data Box itself remains within Japan. The transfer is carried out over the Azure network at no additional cost, making this feature particularly valuable for global enterprises managing multi-regional data workloads.

Azure Files: Metadata Cache for Azure SSD (Premium) SMB

Azure Files has introduced a new enhancement that significantly improves metadata operations performance for both SMB and REST protocols. This capability is automatically available at no extra cost and benefits both new and existing file shares. Whether used to support critical business applications, streamline DevOps workflows, or provide storage for large-scale virtual desktop environments, Azure Files now offers improved speed, scalability, and performance optimization. This update reinforces Azure Files as a high-performance storage option for demanding enterprise workloads.

Azure Premium SSD v2 and Ultra Disk Storage Now Available in Australia Central 2 and Norway West

Azure Premium SSD v2 and Ultra Disk Storage have been made generally available in the Australia Central 2 and Norway West regions. Azure Ultra Disk Storage provides high throughput, elevated IOPS, and consistently low latency, making it an optimal choice for data-heavy applications such as SAP HANA, high-performance databases, and applications requiring intensive transactional operations. Azure Premium SSD v2, designed as a next-generation block storage solution, delivers sub-millisecond latencies and cost-efficient performance for IO-intensive workloads. It is ideal for a wide spectrum of enterprise production scenarios, including SQL Server, Oracle, MariaDB, SAP, big data analytics, gaming on virtual machines, and stateful containers.

Cross-tenant customer-managed keys for Azure NetApp Files volume encryption (preview)

A new feature in public preview enables cross-tenant customer-managed keys (CMK) for Azure NetApp Files volume encryption. This capability allows end users to manage their own encryption keys across different Azure tenancies, rather than relying on the SaaS provider’s key management. Particularly useful in SaaS provider-to-customer models, it ensures that customers maintain full control over their data protection. Available in all regions that support Azure NetApp Files, this enhancement provides increased flexibility and transparency in key management strategies for both providers and consumers.

Azure Local

Azure Local 2504: new OS version, feature enhancements, and improved update experience

The 2504 release of Azure Local introduces several enhancements aimed at improving performance, security, and manageability. New deployments now use OS version 261000.3775, while existing systems remain on version 23598.1551. Customers can obtain this OS image and compatible drivers through the Azure portal or via their OEM partners.

Significant improvements have been made in several areas. .NET update installations are now more reliable, and update processes benefit from enhanced health checks and simplified tracking via the Azure portal. Registration and deployment processes are more flexible, allowing customers to select from up to six supported software versions, and error logging has been improved.

Security is also strengthened: Dynamic Root of Trust for Measurement (DRTM) is now enabled by default for new deployments. Azure Local VMs gain new capabilities, such as data disk expansion and live migration for VMs using GPU partitioning (GPU-P), provided the latest NVIDIA vGPU drivers are used.

Additional changes include renamed OEM licenses to reflect Azure Local branding, improved handling of solution extensions, a new crash dump collection feature for observability, and updates to billing logic for newer deployments. Documentation for version 22H2 will be archived after May 31, 2025.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Local. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

Azure Hybrid Management & Security: What’s New and Insights from the Field – April 2025

With this article, I’m launching a new monthly series focused on the management and security of hybrid and multicloud environments with Azure, which takes over from the previous “Azure Management Services: What’s New” series.

The evolution of IT architectures and the growing adoption of hybrid models require a shift in how we approach operations, governance, and resource protection. Tools like Azure Arc, the integration of Artificial Intelligence into management processes, and new models for automation now form the foundation for modern, scalable IT control.

This new series, “Azure Hybrid Management & Security: What’s New and Insights from the Field”, is designed to follow this transformation closely. Every month, I will share:

  • the most relevant updates and announcements from Microsoft;

  • a selection of hands-on recommendations and field-proven practices;

  • a focus on the key tools that enable effective and secure management.

The goal is twofold: to keep you up to date, and to offer practical guidance for architects, IT leaders, and operational teams dealing with complex and distributed environments.

The key areas we will cover in this series, along with the corresponding tools and services, include:

🔹 Hybrid and multicloud environment management – with Azure Arc, which extends policy, security, management, and automation capabilities to on-premises and multicloud resources.

🔹 AI and intelligent automation – enabled by Microsoft Copilot in Azure, AIOps capabilities, and predictive tools to streamline operations and support smarter decision-making.

🔹 Security posture across hybrid and multicloud infrastructures – using Microsoft Defender for Cloud and other native services for vulnerability management and advanced threat protection.

🔹 Governance and policy management – leveraging tools such as Azure Policy, Azure Cost Management, and Resource Graph to ensure control, standardization, and cost/resource optimization.

🔹 Update & Patching – through Azure Update Management, Azure Automation, and native patching capabilities across Azure Arc-enabled environments.

🔹 Backup & Resilience – using Azure Backup and Azure Site Recovery to ensure business continuity, data protection, and disaster recovery.

🔹 Monitoring – with tools like Azure Monitor, Log Analytics, and Application Insights for comprehensive visibility and effective troubleshooting.

AI and intelligent automation

Microsoft Copilot in Azure

Microsoft Copilot in Azure is now available!

Microsoft has announced the general availability of Copilot in Azure, marking a significant milestone in the evolution of intelligent cloud management. Copilot in Azure introduces an AI-based assistant that leverages Large Language Models (LLMs), the Azure control plane, and real-time information from the user’s environment. This enables the optimization of operational tasks, improved productivity, and full realization of the benefits offered by the cloud. With its production release, users can now enjoy enhanced performance, greater response accuracy, and full localization support across all languages of the Azure portal. The currently available features come at no additional cost, although Microsoft has indicated that future enhancements may introduce a pricing model. To ensure fair and sustainable use, protective mechanisms such as temporary throttling in case of excessive use of generative services have been implemented.

Security posture across hybrid and multicloud infrastructures

Microsoft Defender for Cloud

Threat Detection in Azure Backup with Microsoft Defender for Cloud (Private Preview)

A new Threat Detection feature for Azure Backup, integrated with Microsoft Defender for Cloud (MDC), has been released in Private Preview. This innovative capability allows for the assessment of the health status of Azure VM recovery points (RPs), distinguishing between secure and potentially compromised restore points. The analysis relies on signals from real-time scans performed by Microsoft Defender for Endpoint (MDE), as part of Microsoft Defender for Servers plans. Azure Backup uses behavioral and heuristic signals detected by MDE to identify anomalies that may indicate the presence of ransomware in backup data.

New features, bug fixes, and deprecated features of Microsoft Defender for Cloud

The development of Microsoft Defender for Cloud is constantly evolving, with continuous improvements being introduced. To stay updated on the latest developments, Microsoft updates this page, which provides information on new features, bug fixes, and deprecated features. Specifically, this month’s main news includes:

  • AI Posture Management in GCP Vertex AI (Preview): support has been extended to AI workloads on Google Cloud Platform (GCP) via Vertex AI. Key features introduced include:
  • Automatic discovery of AI components, data, and artifacts.
  • Detection of misconfigurations with integrated suggestions and remediation actions.
  • Attack path analysis to identify and mitigate security risks.

  • Integration with Mend.io (Preview): a new integration designed to enhance application security by identifying and mitigating vulnerabilities in third-party software dependencies.

  • GitHub Permissions Update: GitHub connectors can now request administrative permissions for Custom Properties, useful for enabling new contextualization capabilities. Permissions can be granted:
  • Directly from the GitHub Apps section in the organization settings.
  • Or via an automated email from GitHub Support.

  • Defender for SQL Server on Machines Plan Update: a new lightweight agent has been introduced, which no longer requires the Azure Monitor Agent. This simplifies onboarding and improves coverage.

Note: after the update, costs may increase if additional SQL Server instances are protected.

  • New Malware Scanning Limit in Defender for Storage: the default limit for on-upload malware scanning has been increased from 5,000GB to 10,000GB. This applies to:
  • New subscriptions
  • Reactivated subscriptions
    The limit can be customized based on specific needs.

  • API Security Posture Management (General Availability): this capability is now generally available (GA) within the Defender CSPM Plan. Key features include:
  • Unified API inventory
  • Identification of new risk types, such as unauthenticated or unencrypted APIs
  • Mapping of exposed APIs via Azure API Management to Kubernetes Ingress and VMs
  • Support for Attack Path Analysis to better manage and mitigate risks

  • Improvements to Defender for App Service Alerts (effective April 30, 2025):
  • New alerts introduced for suspicious code execution and access to internal or remote endpoints
  • Detection optimized to reduce false positives
  • Deprecated alert: “Suspicious WordPress theme invocation detected”

Governance and policy management

Azure Cost Management

AKS Cost Optimization with Azure Advisor

Azure Advisor introduces a new feature designed to support cost optimization in Azure Kubernetes Service (AKS) clusters. Thanks to AKS-specific recommendations, it is now possible to identify concrete saving opportunities through actionable suggestions based on container cost management best practices. The recommendations are tailored to the cluster’s configuration and cover key scenarios such as rightsizing, autoscaling, consumption visibility, and SKU selection.

Environmental Sustainability

New Enhancements for Carbon Optimization in Azure (Preview)

The Carbon Optimization feature in Azure is enriched with new capabilities in Public Preview, aimed at improving the analysis and visibility of emissions data generated by cloud workloads. Key updates include a new version of the API (2024-02-01-preview), which surpasses the previous limit of 5,000 items, enabling the processing of much larger datasets for in-depth analysis. Additionally, the access model has been expanded: users with the Subscription Reader role can now view emissions data, promoting a more collaborative approach to sustainability. Another important update involves the categorization of emissions: data is now organized by resource type (e.g., virtual machines or Azure Data Explorer) rather than by service, offering more useful granularity to identify critical areas. Finally, new filters by resource type and geographic region make it easier to focus on specific segments of the infrastructure for environmental optimization.

Backup & Resilience

Azure Backup

Backup for Azure File Share in AKS with Azure Backup (Private Preview)

Microsoft has announced the start of the Private Preview for backup support of Persistent Volumes based on Azure File Share in Azure Kubernetes Service (AKS) environments. This new feature extends protection coverage for stateful workloads running on AKS, adding support for SMB-based Azure File Shares in addition to the existing support for Azure Disks.
Through snapshot-based backup mechanisms, it’s now possible to enable application-level protection for a broader range of workloads, maintaining an instant backup and restore experience with retention of up to 30 days.

Vaulted Backup for Azure Data Lake Storage (Public Preview)

Vaulted backup for Azure Data Lake Storage is now available in Public Preview, enabling more comprehensive and resilient data protection using Azure Backup vaults. The vault stores recovery points over time and allows for the definition of a backup schedule (daily or weekly), with retention options of up to 10 years to meet the most stringent compliance requirements.
This new feature introduces an effective off-site copy strategy, safeguarding backups from accidental deletion or malicious attacks through source-data isolation, soft-delete, immutability, and data encryption. In the event the source storage is compromised, recovery can be performed on an alternate account, ensuring business continuity even in critical scenarios.

Azure Site Recovery

Shared Disk Protection

Azure Site Recovery for Shared Disk is now generally available, enabling protection, monitoring, and recovery of workloads running on Windows Server Failover Clusters (WSFC) hosted on Azure virtual machines with shared disks. This new capability extends business continuity and disaster recovery options to mission-critical scenarios such as SQL Server with Failover Cluster Instance (FCI), SAP ASCS, and Scale-out File Server.
The feature supports Windows Server 2016 and later, up to four nodes per cluster, and allows an unlimited number of shared disks per environment. Additionally, support for high write-frequency scenarios and PowerShell integration ensures scalable and automated management. This represents a significant advancement for organizations looking to implement advanced disaster recovery solutions in complex and distributed Azure environments.

Monitoring

Azure Monitor

I/O Performance Analysis for SQL Server on Azure Virtual Machines

I/O performance analysis for SQL Server running on Azure virtual machines is now available. This feature enables the identification and resolution of I/O-related bottlenecks. From the Azure portal, users can view detailed metrics and receive operational guidance to improve SQL Server instance performance, particularly when delays are caused by disk or VM throttling.
This feature allows immediate assessment of storage health and application of best practice rules. When no issues are detected, a green visual indicator is shown; otherwise, the system identifies the impact level and the exact moment of the anomaly, which may relate to disk or cache latency. It is also possible to run a subset of SQL Server best practice assessment rules and compare results over time, gaining a useful historical perspective for performance tuning.

Monitoring Java and Node.js Microservices on AKS (Preview)

A new integration between Azure Monitor Application Insights and Java and Node.js microservices deployed on AKS is now available in Public Preview. This enables automatic monitoring without any code changes.
Thanks to auto-instrumentation built into the AKS cluster, immediate visibility into Java and Node.js applications running on Linux nodes is now possible, using specific libraries. Log data, metrics, and tracing—compliant with the OpenTelemetry standard—are sent directly to the Application Insights resource.
This integration also allows application telemetry to be linked with infrastructure signals through OpenTelemetry Resource attributes, simplifying root cause analysis and improving correlation with Container Insights data. The result is faster and more effective application performance diagnostics.

Conclusions

The growing complexity of IT environments—now increasingly hybrid and distributed—requires an evolved approach to management and security. With this new monthly column, Azure Hybrid Management & Security: updates and field insights, I aim to provide a reliable reference point for navigating updates, tools, and best practices, with a practical and concrete focus.
The proposed insights not only help keep pace with Microsoft’s ongoing innovations but are especially designed to support IT professionals in the conscious adoption of scalable, secure, and sustainable solutions. I encourage you to follow this article series regularly to stay up to date and more effectively tackle the challenges of multi-cloud management.

Azure IaaS and Azure Local: announcements and updates (April 2025 – Weeks: 15 and 16)

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Local, as officially released by Microsoft in the past two weeks.

Azure

General

Microsoft Copilot in Azure is Now Generally Available

Microsoft Copilot in Azure has reached general availability, bringing AI-powered assistance to users across the Azure ecosystem. Designed to enhance productivity, Copilot in Azure leverages Large Language Models (LLMs), the Azure control plane, and real-time insights from the user’s environment to streamline tasks and uncover cloud benefits. With GA, users can now rely on Copilot in production scenarios, benefiting from improved performance, higher response accuracy, and full localization support across all Azure portal languages. Current capabilities are included at no additional cost, though future features may introduce pricing considerations. Microsoft has also implemented safeguards such as temporary throttling to manage excessive use of generative AI services.

Microsoft Azure Now Available from New Cloud Regions

Microsoft has announced the general availability of new Azure cloud regions, further expanding its global infrastructure. The Indonesia Central region is now live, marking Azure’s first presence in Indonesia. Equipped with Azure Availability Zones, this region offers scalable, resilient, and secure cloud services to support digital transformation and AI innovation across the country. In addition, a new Azure for U.S. Government Secret region is now generally available, providing increased capacity and flexibility for classified workloads. Designed to meet the strict requirements of the U.S. Department of Defense and other federal agencies, the new region offers geographically distributed data residency options, continuity of operations, and native connectivity to U.S. Government classified networks. Customers benefit from a consistent platform experience and can access foundational Azure services, including Azure ExpressRoute, to support mission-critical scenarios with private, high-bandwidth connectivity.

ExpressRoute Metro and Global Reach Available in Italy North

ExpressRoute Metro and Global Reach are now available in the Italy North region, expanding Azure’s private connectivity capabilities in the area. ExpressRoute Metro allows customers to connect to Microsoft’s global network from two different physical locations within a metro area for higher resiliency and performance. With Global Reach, users can connect their on-premises networks across different regions through the Microsoft backbone, improving global connectivity and optimizing traffic flow.

Compute

DCesv6 and ECesv6 Series Confidential VMs with Intel® TDX (private preview)

Azure has introduced the DCesv6 and ECesv6 series Confidential Virtual Machines in private preview, leveraging 5th Gen Intel® Xeon® processors with Intel® Trust Domain Extensions (TDX). These next-generation VMs are designed to support highly sensitive and confidential workloads in the cloud without requiring changes to application code. The new SKUs include the general-purpose DCesv6-series and the memory-optimized ECesv6-series. These VMs maintain data privacy by keeping it encrypted even during processing, and they offer in-guest attestation, enabling verification of VM integrity. This marks a significant advancement in Azure’s confidential computing offerings.

Networking

Azure Networking Capabilities for Microsoft Copilot in Azure

Azure networking capabilities for Microsoft Copilot in Azure are now generally available, enhancing the AI-powered assistant with deep, contextual insights into network design, operations, and security. Users can now query Copilot for information on Azure networking products, receive guidance on architecture planning, resilience strategies, and migration from on-premises environments. Copilot also supports detailed inventory and traffic path queries, providing topology maps and network connectivity graphs. For operational needs, it offers troubleshooting and diagnostic capabilities by analyzing network configurations, control plane data, and resource health. Additionally, Copilot now integrates with Security Copilot to enable attack investigation on malicious traffic intercepted by Azure Firewall’s IDPS feature—directly within the Azure portal.

Application Gateway as a Private Link Enabled Origin for Front Door Premium

Application Gateway resources can now be configured as Private Link enabled origins within Azure Front Door Premium profiles. This integration allows customers to deliver web content via public Front Door endpoints while keeping the origin infrastructure isolated from the public internet. The use of Private Link ensures that the communication between Front Door and the origin remains secure and private, enhancing the security posture of internet-facing applications. This feature is particularly valuable for scenarios requiring strict network isolation without compromising performance or global reach.

Azure Front Door: Enhanced Server Variable Support

Azure Front Door has expanded its server variable capabilities by enabling the capture of request header, response header, and request query string values. This builds on the previously released feature to capture URL path segments. With these new enhancements, server variables can now be used in the rules engine to enable more dynamic and flexible HTTP request manipulation and routing at the edge. Scenarios enabled by this feature include modifying a response header based on a request header value, renaming cloud provider-generated headers to branded ones, and redirecting based on query string values. These capabilities unlock new customization opportunities for developers aiming to fine-tune edge routing behavior.

Azure Front Door: Custom Cipher Suite Support

Custom cipher suite support for Azure Front Door is now generally available across both Standard and Premium tiers. Azure Front Door provides several predefined TLS policies based on Microsoft Security best practices to ensure strong encryption and protocol support. With this update, customers can also define custom TLS policies to meet specific business and compliance requirements. This includes setting the minimum supported TLS version and selecting allowed cipher suites, offering granular control over security settings and enabling organizations to tailor their Front Door configuration to their unique security posture.

Azure Bastion Developer Now Available in 36 Regions

Azure Bastion Developer, previously limited to six regions, is now generally available in 36 public regions worldwide. Designed for Dev/Test scenarios, this version of Azure Bastion provides secure-by-default RDP and SSH access to virtual machines without the need for a public IP address. It allows users to connect to one VM at a time through the virtual machine’s connect blade—all at no cost. While it lacks the advanced features and scalability options of the standard Bastion offering, Bastion Developer is ideal for users seeking a streamlined and secure connection method for development and testing environments.

Expanded Availability of ExpressRoute Metro, Peering Locations, and Global Reach

Azure continues to expand its networking footprint with broader availability of ExpressRoute Metro and Global Reach. ExpressRoute Metro is now accessible in four new locations—Atlanta (USA), Jakarta (Indonesia), Madrid (Spain), and Milan (Italy)—providing increased resiliency for organizations requiring high-performance, private connectivity to Azure. Additionally, two new ExpressRoute Peering locations, Brussels and Brussels2 in Belgium, have been introduced, further enhancing secure access across Europe. ExpressRoute Direct is now available in all these new regions. Furthermore, ExpressRoute Global Reach has expanded to include Belgium, Italy, and Spain, enabling private site-to-site connectivity through Microsoft’s global network infrastructure.

Route-Maps for Azure Virtual WAN

Azure Virtual WAN now includes support for route-maps, empowering users with enhanced control over routing behavior within Virtual WAN virtual hubs. This feature enables fine-grained management of route advertisements and route selection for various connection types, including site-to-site VPN, point-to-site VPN, ExpressRoute, and virtual network (VNet) links. Route-maps allow for advanced routing scenarios, such as filtering or modifying route advertisements, offering greater flexibility in managing complex network topologies and optimizing traffic flows.

Storage

ACLs for Local Users in Azure Blob Storage SFTP

Access Control Lists (ACLs) for Azure Blob Storage SFTP local users are now generally available. This capability provides administrators with an intuitive way to implement fine-grained access control over blobs and directories for users configured for SFTP access. With ACLs, organizations can enforce security and access policies more precisely, simplifying the management of user-level permissions while enhancing data protection within Azure Blob Storage environments.

Performance Plus for Azure Disk Storage

Azure Disk Storage has introduced the Performance Plus feature in general availability, bringing enhanced performance to Premium SSD, Standard SSD, and Standard HDD disks of 513 GB or larger. With Performance Plus, users benefit from increased IOPS and throughput at no additional cost. This feature is accessible via Azure CLI, PowerShell, and the Azure Portal, enabling customers to optimize their disk performance with minimal effort and without changing disk SKUs. Performance Plus helps meet demanding workload requirements by improving disk responsiveness and efficiency.

Azure NetApp Files: File Access Logs (preview)

Azure NetApp Files now supports file access logs in public preview, offering organizations enhanced visibility into file activity for improved security and operational monitoring. This new feature captures detailed information about file access, including user identity, operation type, and timestamps. It supports SMB, NFSv4.1, and dual-protocol volumes, allowing organizations to detect unauthorized access, ensure compliance, resolve operational incidents, and analyze usage patterns. By incorporating file access logs, enterprises can strengthen data protection, meet compliance requirements, and align with the Well-Architected Framework’s security best practices.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Local. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

Azure IaaS and Azure Local: announcements and updates (April 2025 – Weeks: 13 and 14)

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Local, as officially released by Microsoft in the past two weeks.

Azure

Compute

Retirement of D, Ds, Dv2, Dsv2, and Ls Series Virtual Machines

Microsoft has announced the retirement of the D, Ds, Dv2, Dsv2, and Ls series virtual machines, effective May 1, 2028. After this date, these VM series will no longer be available for use or purchase. Customers currently utilizing these VM types are advised to begin planning their migration strategies toward newer VM generations to ensure ongoing compatibility and support for their applications. As part of the phased retirement process, three-year reserved instances for these VMs will no longer be available for purchase or renewal starting May 1, 2025. One-year reservations will continue to be offered until 2027. For those with active three-year reservation contracts, the benefits will remain valid until contract expiration. Beyond that point, instances will revert to pay-as-you-go pricing. To avoid billing surprises and ensure continuity, customers should review their reservations and take action to transition affected workloads.

Networking

Azure Firewall Updates – Parallel IP Group Updates

Azure Firewall now supports Parallel IP Group Updates, enabling administrators to update multiple IP Groups simultaneously as part of their firewall or firewall policy changes.

Key Benefits

  • Faster & Scalable Updates: Update up to 20 IP Groups in parallel, achieving up to 2x faster update times compared to sequential updates.
  • Improved Visibility: Enhanced error messaging allows administrators to quickly identify and resolve issues. Even if one IP Group fails, other updates continue uninterrupted, preserving overall system integrity.

This update significantly improves management efficiency and scalability for large-scale or dynamic firewall policy environments.

New Regions for Azure Front Door Premium with Private Link-Enabled Origins

Azure Front Door Premium now supports Private Link-enabled origins in West US 2 and Southeast Asia regions. This feature allows content to be delivered through public Front Door endpoints while keeping backend origins inaccessible from the public internet, enhancing security and privacy. With the addition of these new regions, organizations can now deploy Private Link-enabled architectures in more geographies, improving network performance and meeting regional compliance requirements.

Network isolated cluster in AKS

Azure Kubernetes Service (AKS) now offers network isolated clusters, enabling a simplified approach to securing network access to Kubernetes workloads. While customers have traditionally relied on Azure Firewall to control egress traffic and enforce isolation, this approach often introduces added complexity and cost. With network isolated clusters, organizations can reduce the risk of unintentional exposure of public endpoints and strengthen the security posture of their AKS deployments. This built-in feature helps minimize attack surfaces by ensuring tighter control over how clusters connect to external networks, supporting compliance and data protection goals with greater ease.

ExpressRoute Resiliency Enhancements (preview)

Microsoft has introduced new resiliency validation and insight capabilities for ExpressRoute, now available in public preview. These enhancements aim to improve the assessment and monitoring of ExpressRoute-enabled workloads, offering more robust and transparent insights into network reliability. The resiliency validation feature allows customers to simulate site failovers on their Virtual Network Gateways, enabling proactive testing during planned migrations or outage scenarios. This helps verify failover mechanisms and ensures continued connectivity to Azure services. In addition, the new resiliency insights capability introduces a resiliency index — a percentage-based score that evaluates ExpressRoute reliability based on criteria such as route resilience, use of zone-redundant gateways, advisory feedback, and test results from resiliency validation. These metrics allow organizations to identify weak points in their network architecture and make informed improvements to enhance the robustness of their connectivity.

Increased VNet limits for Private Endpoints (preview)

Microsoft has introduced High Scale Private Endpoints, now in public preview, enabling significantly increased limits for deploying Azure Private Endpoints within Virtual Networks (VNets) and across peered VNets. Previously, customers could only create up to 1,000 private endpoints within a single VNet, and exceeding this limit required a support request. Additionally, Microsoft recommended a soft limit of 4,000 private endpoints across peered VNets to avoid connectivity issues. With the introduction of High Scale Private Endpoints, these limits are substantially raised—allowing up to 5,000 private endpoints within a single VNet and 20,000 across peered VNets. This capability is especially beneficial for large-scale, service-rich environments where extensive use of private connectivity is essential. Customers seeking greater scalability for their private networking configurations are encouraged to adopt High Scale Private Endpoints to support growing infrastructure needs without the complexity of manual quota increases.

Storage

Vaulted Backup for Azure Files

Azure Backup has announced the general availability of Vaulted Backup support for Azure Files – Standard tier, providing a robust, enterprise-grade solution to protect data and applications hosted on Azure SMB file shares.

Key Features & Benefits

  • Integrated Protection Policy: Combine snapshot and vaulted backup in a single policy to protect data in a secure Recovery Services vault.

  • Regional Recovery: Ensure data resilience with support for cross-region restore.

  • Advanced Protection Capabilities:

    • Ransomware protection and immutability

    • Restore capability even if the file share is deleted

  • Azure File Sync Integration: Seamlessly protect cloud-tiered data from Azure File Sync, enabling long-term retention in a cost-effective way.

With this release, customers can meet compliance, security, and business continuity requirements while simplifying backup management and reducing data protection costs.

Azure File Sync support for managed identities

Azure File Sync now supports managed identities, a feature that has reached general availability. This enhancement replaces the need for shared keys with a more secure and streamlined authentication mechanism through system-assigned managed identities provided by Microsoft Entra ID. By configuring managed identities within an Azure File Sync deployment, these identities will handle authentication in several key scenarios: the Storage Sync Service authenticating to the Azure file share, registered servers authenticating to the Azure file share, and registered servers authenticating to the Storage Sync Service. To further simplify the setup and improve security, managed identities are now enabled by default for all new Storage Sync Services. Configuration can be completed directly through the Azure portal, eliminating the previous dependency on PowerShell. This updated experience is being gradually rolled out across all Azure regions. The feature is available at no additional cost in all Azure Public and Government cloud regions, making it a recommended approach for customers seeking enhanced security and simplified identity management.

Azure NetApp Files Flexible Service Level (Preview)

Azure has introduced a Flexible Service Level for Azure NetApp Files, now in public preview, allowing customers to independently configure storage capacity and throughput for greater cost and performance optimization.

Key Features & Benefits

  • Customizable Throughput: Scale throughput independently from capacity, up to 640 MiB/s per provisioned TiB, which is up to 5x higher than the Ultra tier.

  • Manual QoS Pools: Supported with manual QoS capacity pools, offering a baseline throughput of 128 MiB/s at no additional cost.

  • Right-Sized Performance:

    • High throughput for smaller pools – Ideal for SAP HANA, Oracle, and other demanding workloads.

    • Cost savings for high-capacity/low-throughput workloads – Reduce cost without compromising storage footprint.

  • No Volume Moves Required: Avoid service disruptions or reconfigurations when scaling performance or storage.

This new service level offers unprecedented flexibility, allowing customers to fine-tune Azure NetApp Files performance and cost based on exact workload requirements.

Azure Local

Azure Local – 2503 Update Released

The 2503 update for Azure Local has been officially released as of March 31st, introducing a set of baseline enhancements focused on improving registration, deployment, and overall management experience. This update reflects ongoing efforts to simplify operations and bolster security within Azure Local environments.

Key changes include a shift in the extension installation process: extensions are no longer installed during the registration phase but are now deployed during machine validation. Additionally, the local UI used for bootstrapping has been deprecated in favor of the Configurator app, providing a more modern and flexible onboarding experience. The Arc registration flow has also been streamlined—Service Principal Name (SPN) is deprecated, and a simplified Arc installer script now relies solely on the Start-ArcBootstrap command.

The update also supports composed images for OEMs and enables deployment of both current and previous versions of Azure Local. While the Azure portal supports the latest version, prior versions must be deployed using dedicated Azure Resource Manager templates.

Other notable improvements include enhanced security for the Bootstrap service, integrated environment checks for connectivity and validation, improved update applicability logic, and support for downloading platform update packages via URLs. Finally, users can now connect to Azure Local VMs over SSH or RDP from within the host network, removing the requirement for line-of-sight access.

Azure Local Performance Metrics Dashboard

Microsoft has introduced the Azure Local Performance Metrics Dashboard, a powerful new tool designed to provide comprehensive visibility into the health and performance of Azure Local systems. With over 60 metrics collected by default—at no additional cost—this out-of-the-box solution delivers actionable insights across storage, network, and compute resources.

Metrics are automatically gathered by the TelemetryAndDiagnostics agent, which is configured during deployment, enabling seamless access to system telemetry without requiring manual setup. The dashboard offers deep visibility into several critical performance areas:

  • Storage Performance: Includes disk read/write operations and throughput, volume latency, and insights into VHD and physical disk activity to help optimize storage usage.

  • Network Performance: Monitors data transmission metrics such as Netadapter Bytes Sent/Received, RDMA traffic, and VM-level network activity for early detection of bottlenecks or connectivity issues.

  • Compute Metrics: Tracks memory usage (available, assigned, used, pressure) across host and guest environments, along with CPU utilization metrics for both host and virtual machines.

This centralized performance dashboard empowers administrators to proactively manage their Azure Local environments, facilitating data-driven decisions to maintain system efficiency and reliability.

Support for 4-node switchless configuration

Microsoft has introduced official documentation to support 4-node switchless configurations, expanding the deployment options for Azure Stack HCI and other Azure-integrated infrastructure solutions.

This update provides organizations with the flexibility to deploy smaller, cost-effective clusters without the need for dedicated network switches between nodes. The switchless architecture simplifies the physical setup and reduces hardware requirements while maintaining essential performance and connectivity capabilities for supported scenarios.

By adding support for this topology, Microsoft continues to enhance deployment versatility, especially for edge and branch environments where simplicity and space efficiency are crucial.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Local. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

Azure Management services: what’s new in March 2025

This month, Microsoft introduced a series of significant updates related to Azure management services. Through this series of monthly articles, the aim is to provide an overview of the most relevant new features. The goal is to keep you constantly informed about these developments, providing you with essential information to further explore these topics.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Figure 1 – Overview of Management Services in Azure

Monitor

Azure Monitor

Support for Azure Managed Prometheus Horizontal Pod Autoscaling in AKS Replica Set Pods

Azure Monitor’s managed service for Prometheus now supports Horizontal Pod Autoscaling (HPA) for the ama-metrics replica set pods within Azure Kubernetes Service (AKS). This new capability enables automatic scaling of the ama-metrics pod based on memory usage, allowing for more efficient management of Prometheus metrics and custom jobs.
By default, HPA is configured with a minimum of 2 replicas and a maximum of 12, with users having the flexibility to define a custom range within these limits. Thanks to this enhancement, the platform can dynamically adapt to monitoring demands, preventing memory exhaustion issues (OOM kills) and improving the overall reliability and scalability of AKS infrastructures.

Azure Monitor Managed Service for Prometheus on Azure Arc-enabled Kubernetes Clusters

Azure Monitor now offers a generally available managed Prometheus service tailored for Azure Arc-enabled Kubernetes environments. This fully managed service brings together the strengths of Prometheus’ open-source ecosystem with automation of complex tasks such as scaling, high availability, and data retention of up to 18 months.
It enables monitoring of Kubernetes clusters wherever they are running, providing native collection, storage, rule evaluation, and querying of Prometheus data. Backed by the same infrastructure as Azure Monitor Metrics—extended to support Prometheus format—and integrated with Azure Managed Grafana, this service is a key component for observability in cloud-native containerized workloads.

New API for Deleting Data in Log Analytics

Microsoft has introduced the Delete Data API for Log Analytics, allowing asynchronous requests to remove sensitive, personal, or corrupted data from Log Analytics workspaces. Unlike the more resource-intensive Purge API, this new API takes a more efficient approach by marking logs as deleted instead of physically removing them.
This improves performance and reduces system impact. It is recommended for deletion tasks not subject to GDPR regulations, offering a scalable and effective solution for log data management.

Govern

Azure Cost Management

Updates related to Microsoft Cost Management

Microsoft is constantly seeking new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns, and optimize costs. This article reports some of the latest improvements and updates regarding this solution:

  • Retirement of AWS Connector:
    Microsoft has announced the retirement of the AWS connector in Microsoft Cost Management, effective March 31, 2025. This connector previously enabled centralized integration and visualization of cost data across Microsoft Azure and AWS environments.
    After this date, the connector will no longer be available, and all AWS-related cost and usage data—including historical data—will be removed from the service. However, previously exported Cost and Usage Reports (CURs) stored in the user’s Amazon S3 bucket will remain intact.
    Microsoft recommends migrating to a new AWS cost management solution and removing the connector via the Azure Portal by following the official instructions. As an alternative, users can export data in the FOCUS (FinOps Cost and Usage Specification) format and leverage advanced analysis tools such as Microsoft Fabric to achieve unified and detailed cost reporting across multi-cloud environments.
  • Reservation Exchange for Azure OpenAI Service:
    Starting from February 2025, Microsoft has introduced a new feature enabling users to exchange reservations for Azure OpenAI Service directly through the Azure Portal. Reservations offer discounted rates compared to pay-as-you-go pricing and guarantee dedicated capacity for high-performance AI model execution.
    This new option allows users to adjust reservations more flexibly to align with evolving operational needs. Refund requests remain available under applicable conditions. This capability marks another step forward in streamlining cost management for AI resources in Azure.

Azure Advisor

New Performance Recommendations in Azure Advisor for Azure Database for PostgreSQL (Preview)

Azure Advisor introduces new capabilities to proactively support performance management for Azure Database for PostgreSQL – Flexible Server. With three new recommendations and improvements to existing ones, users can now identify and resolve critical database performance scenarios more accurately.
For instance, long-running transactions now include the Process ID (PID) to simplify analysis, while high bloat scenarios highlight the affected database name and provide tailored resolution suggestions.
This update empowers database administrators with more detailed insights and actionable guidance for timely intervention and performance optimization.

Secure

Microsoft Defender for Cloud

New features, bug fixes, and deprecated features of Microsoft Defender for Cloud

The development of Microsoft Defender for Cloud is constantly evolving, with continuous improvements being introduced. To stay updated on the latest developments, Microsoft updates this page, which provides information on new features, bug fixes, and deprecated features. Specifically, this month’s main news includes:

  • General Availability of Agentless Scanning for VMs with Customer-Managed Key (CMK) Encrypted Disks

Agentless scanning is now generally available for Azure virtual machines with disks encrypted using Customer Managed Keys (CMK). This capability is supported by both the Defender Cloud Security Posture Management (CSPM) plan and the Defender for Servers Plan 2, and applies across multi-cloud environments.
Agentless scanning provides visibility into VM vulnerabilities and risks without requiring agent installation—even when using customer-managed encrypted disks—thus simplifying security management and ensuring broader coverage.

  • New Severity Levels for Security Recommendations

Microsoft has introduced an update to the severity levels used for security recommendations to enhance risk assessment and prioritization. In addition to the existing Low, Medium, and High levels, a new Critical severity level has been added.
This change enables more granular classification of security issues, allowing organizations to better focus on the most urgent threats. Customers may notice changes in the severity ratings of existing recommendations.
For those using the Defender CSPM plan, the overall risk score may also be impacted, as it now factors in both the updated severity ratings and asset context. These improvements contribute to a more effective and accurate risk management model.

  • General Availability of File Integrity Monitoring via Defender for Endpoint in Azure Government

File Integrity Monitoring (FIM) powered by Microsoft Defender for Endpoint is now generally available in the Azure Government (GCCH) environment, as part of the Defender for Servers Plan 2.
This implementation enables real-time monitoring of critical files and system logs, helping organizations meet compliance requirements and detect suspicious activity by identifying file content changes.
This FIM experience replaces the legacy solution based on the Log Analytics Agent (MMA), which is being retired. While MMA-based FIM will continue to be supported in Azure Government until the end of March 2025, this release also introduces a new portal experience to streamline the migration of FIM configurations from MMA to the Defender for Endpoint-based solution.

Protect

Azure Backup

Vaulted Backup Support for Azure Files Standard Shares

Azure Backup has introduced general availability of Vaulted Backup support for Azure Files Standard Shares. This new capability enhances data protection by allowing the configuration of both snapshots and vaulted backups under a single policy, while also enabling cross-account and cross-region restore.

With this release, users benefit from:

  • Compliance with the 3-2-1 data protection rule, thanks to immutable backups and centralized management via the Azure Business Continuity Center, which provides monitoring for jobs, alerts, and reports.

  • Advanced protection against ransomware and malicious activities, enabled by features such as immutable backups and soft delete within the Recovery Services Vault.

  • Long-term retention for compliance and audit needs, with daily, monthly, and yearly backup tiers that can be retained in cost-effective storage for up to 99 years.

Vaulted Backup support for Azure Files Premium is currently available in public preview.
Please note that pricing for vaulted backups of both Standard and Premium Azure Files will be effective starting April 1, 2025.

Azure Site Recovery

Azure Site Recovery Support for Azure Trusted Launch Linux VMs (Preview)

Azure Site Recovery now supports Azure Trusted Launch virtual machines running Linux, currently available in public preview. Azure Trusted Launch VMs offer an enhanced level of security for Azure Generation 2 VMs, enabling features such as Secure Boot and vTPM (Virtual Trusted Platform Module).
With this update, customers can now protect Linux-based VMs with the same robust security guarantees already available for Windows VMs, which are already supported by Azure Site Recovery.
This enhancement improves the resilience and security of mission-critical workloads hosted in the cloud.

Azure Site Recovery: Update Rollup 77

Update Rollup 77 for Azure Site Recovery is now available, bringing key updates and optimizations to the latest platform components.
Notably, the Mobility Service now supports additional Linux distributions in Azure-to-Azure replication scenarios, including:

  • Oracle Enterprise Linux 8.10

  • AlmaLinux 8 and 9

  • Ubuntu 24.04

Additionally, support has been extended for newer kernel versions of the following distributions:

  • Debian 11 and 12

  • SUSE Linux Enterprise Server (SLES) 12 and 15

This update also includes general improvements and bug fixes, further enhancing the reliability and compatibility of Azure Site Recovery for disaster recovery scenarios.

Migrate

Azure Migrate

MySQL Discovery and Assessment in Azure Migrate (Preview)

Azure Migrate has introduced public preview support for discovery and assessment of MySQL workloads, streamlining cloud migration planning.
This new capability enables the identification of MySQL instances in on-premises environments, providing detailed insights into their configurations and assessing their suitability for migration to Azure Database for MySQL – Flexible Server.

In addition to technical assessment, the service offers detailed recommendations on the most appropriate compute and storage options, including cost estimates.
With this enhancement, Azure Migrate continues to evolve as a centralized hub for the discovery, assessment, and migration of on-premises assets to Azure—whether targeting PaaS or IaaS deployment models.

Azure Evaluation

For those who wish to explore and personally evaluate the services offered by Azure, a unique opportunity is available: by accessing this page, you can test various features and services for free. This will allow you to better understand how Azure can adapt and improve your IT operations, while ensuring security and innovation.

Azure IaaS and Azure Local: announcements and updates (March 2025 – Weeks: 11 and 12)

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Local, as officially released by Microsoft in the past two weeks.

Azure

General

Microsoft Named a Leader in The Forrester Wave: Public Cloud Platforms, Q4 2024

Microsoft has once again been recognized as a Leader in The Forrester Wave™: Public Cloud Platforms, Q4 2024. This acknowledgment highlights Microsoft’s continued commitment to building a trusted and comprehensive cloud platform with Azure, capable of supporting enterprise innovation at scale in today’s AI-driven landscape.

Forrester’s evaluation focused on both current capabilities and strategic direction, citing Microsoft’s generative AI (genAI) strategy and AI offerings such as Azure OpenAI Service, Azure AI Studio, GitHub Copilot Enterprise, and Microsoft Fabric as key differentiators. The report noted that “Azure is a good fit for organizations seeking quick uptake of AI innovation as well as core cloud offerings for longstanding Microsoft environments.”

This recognition reaffirms Microsoft’s position as a cloud leader committed to enabling customers to migrate, modernize, and innovate with AI, all on a secure and scalable cloud foundation.

OpenAI Global Provisioned Now Available in ItalyNorth

OpenAI Global Provisioned services are now available in the ItalyNorth region. This enables customers to access OpenAI capabilities, including services like Azure OpenAI, from a closer geographic location for improved performance.

⚠️ Note: This deployment does not offer data residency guarantees—data may still be processed globally.

This availability supports broader AI adoption for organizations operating in or near Italy, reducing latency and enhancing responsiveness for AI-powered applications.

ARM-Based VMs (EPsv5/DPsv5) Now Available in ItalyNorth

Azure has expanded the availability of its ARM-based virtual machines, EPsv5 and DPsv5 series, to the ItalyNorth region. These VMs are powered by Ampere Altra processors and are designed for energy-efficient, cost-optimized performance, especially for scale-out workloads.

Key benefits include:

  • High core density and predictable performance

  • Ideal for web servers, microservices, Java applications, and open-source databases

  • Lower total cost of ownership due to energy efficiency

This expansion brings greater architectural diversity and performance options to customers in ItalyNorth looking to optimize both cost and compute performance.

Compute

VM Hibernation Now Generally Available for GPU Virtual Machines

Azure has announced the general availability of VM hibernation for GPU Virtual Machines, offering a cost-efficient method to pause GPU-intensive workloads while preserving the in-memory state.

This feature is now supported on select sizes in the NVv4 and NVadsA10v5 VM series and is available for both Linux and Windows operating systems across all public regions.

Key Benefits

  • Cost Optimization: Save on compute costs by deallocating the VM, paying only for storage and networking resources.

  • State Preservation: Resume VMs from the exact state they were in before hibernation—ideal for long-running GPU workloads.

  • Broad Availability: Supported on both new and existing GPU VMs, making it easy to integrate into existing environments.

This feature enhances flexibility and efficiency for organizations leveraging GPU-based workloads such as AI/ML training, rendering, and visualization.

Networking

Azure Virtual Network Manager – Network Verifier

Azure has introduced Network Verifier, a powerful feature within Azure Virtual Network Manager that helps validate whether your network policies and configurations are enabling or blocking desired traffic flows between Azure resources.

With multiple factors like connectivity rules, network security, routing, and resource-specific settings influencing traffic flow, Network Verifier helps users answer critical questions about reachability, diagnose issues, and ensure compliance with security requirements.

Key Capabilities

  • Reachability Analysis: Create a verifier workspace and define intents that specify the traffic flow you want to evaluate.

  • Visual and JSON Results: Run analyses to get a visual representation of the network path or parse detailed JSON output.

  • Broad Scope Evaluation: Analyze network reachability across multiple Azure resources and policies within a Virtual Network Manager scope.

  • Delegated Access: Non-network manager users can be given access to run network verifier analyses without needing elevated subscription or management group permissions, allowing broader teams to troubleshoot network issues effectively.

Network Verifier helps organizations simplify network diagnostics, validate policy effectiveness, and improve network governance across complex Azure environments.

Storage

Azure NetApp Files Application Volume Group for SAP HANA – Extension 1

Azure has released Extension 1 for Azure NetApp Files Application Volume Group (AVG) for SAP HANA, introducing several enhancements to further simplify and optimize SAP HANA infrastructure deployments.

Key Enhancements

  • Zonal Deployments for All HANA Volumes: Customers can now deploy all SAP HANA volumes across availability zones, aligning with Microsoft’s High Availability (HA) recommendations for SAP virtual machines.

  • Simplified Deployment: The use of Proximity Placement Groups (PPG) and manual AVset pinning is no longer required, reducing deployment complexity.

  • Standard Network Features: Support for standard networking allows customers to benefit from features like NSGs, UDRs, and ExpressRoute FastPath.

  • Customer-Managed Keys (CMK): Improved security with support for user-provided encryption keys, enhancing data protection and compliance posture.

These updates make SAP HANA deployments on Azure more resilient, secure, and easier to manage, while ensuring optimal performance and HA readiness.

Azure NetApp Files Application Volume Group for Oracle Now Available

Azure has introduced Application Volume Group (AVG) for Oracle, a feature designed to streamline, standardize, and accelerate the deployment of storage infrastructure for Oracle databases using Azure NetApp Files.

Key Capabilities

  • One-Step Deployment: Automatically deploy all required volumes for Oracle databases in a single, optimized workflow, ensuring best practices and optimal performance.

  • Zonal Placement: All volumes are automatically deployed in the same availability zone as the associated VMs, minimizing latency and maximizing consistency.

  • Scalable Architecture: Supports a wide range of Oracle workloads, from small single-volume setups to multi-hundred TiB databases with up to 8 data volumes.

  • High Performance: Leverages Azure NetApp Files to deliver latency-optimized performance, only limited by the network capabilities of the database VM.

  • Multi-Endpoint Support: Designed for enterprise-scale deployments, including complex configurations and multiple storage endpoints.

Application Volume Group for Oracle is now available in all Azure NetApp Files enabled regions, enabling faster deployments and improved performance and stability for critical Oracle workloads in Azure.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Local. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

Azure IaaS and Azure Local: announcements and updates (March 2025 – Weeks: 09 and 10)

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Local, as officially released by Microsoft in the past two weeks.

Azure

General

Custom Secure Boot UEFI Keys for Azure Trusted Launch VM Now Generally Available

Azure Trusted Launch VMs now support customizing Secure Boot UEFI keys, offering greater flexibility to enhance workload security. Customers can fully replace or update one or more of the Secure Boot UEFI keys and databases (PK, KEK, DB, or DBX) to align with their security policies and compliance requirements.

Key Benefits:

  • Enhanced Security: Protect against persistent boot/kernel malware.
  • Trusted Boot State: Ensures VMs always boot to a defined and trusted state.
  • Compliance with Standards: Meets NIST security best practices, Microsoft security benchmarks, and industry standards.

This enhancement strengthens workload protection for organizations using Trusted Launch VMs in Azure.

AutonomousDb Available on ItalyNorth

Microsoft has announced the availability of AutonomousDb in the ItalyNorth region. This expansion allows organizations operating in Italy to benefit from a fully managed database service with automated scaling, self-healing capabilities, and advanced security features. By leveraging AutonomousDb, customers can optimize performance, reduce operational overhead, and ensure high availability for their mission-critical workloads while complying with local data residency requirements.

Networking

Azure Load Balancer Health Event Logs Now Generally Available

Azure Load Balancer health event logs are now generally available across all public, Azure China, and Government regions. These logs enable users to collect, store, and analyze health-related data for their Azure Load Balancer resources, simplifying troubleshooting and availability monitoring. With built-in health event logs, customers can identify and address traffic distribution issues, detect SNAT port exhaustion that may impact outbound connectivity, and receive alerts when there are no healthy backend instances available. This feature enhances visibility into load balancer operations without requiring custom data ingestion pipelines or complex metric-based alerting configurations, ensuring a more proactive approach to maintaining application performance and availability.

Storage

Edit Network Features for Azure NetApp Files with No Downtime Now Generally Available

Azure has announced the general availability of Edit Network Features for Azure NetApp Files, allowing users to upgrade Basic network features to Standard network features without downtime.

Key Benefits of Standard Network Features:

  • Increased IP Limits: Virtual networks with Azure NetApp Files volumes now have IP limits on par with VMs, eliminating network topology constraints.
  • Enhanced Security: Network Security Groups (NSGs) are now supported on Azure NetApp Files delegated subnets for improved security controls.
  • Advanced Network Control: User-defined routes (UDRs) now enable custom routing to and from Azure NetApp Files subnets.
  • Active/Active VPN Gateway Support: Ensures high availability for on-premises to Azure NetApp Files connectivity.
  • ExpressRoute FastPath Support: Improves data path latency and bandwidth performance for ExpressRoute connectivity to Azure NetApp Files.

This zero-downtime upgrade allows organizations to enhance their network security, control, and performance for Azure NetApp Files across all Azure-enabled regions.

Azure Storage Object Replication Metrics for Visibility into Replication Progress (Preview)

Azure has introduced the public preview of Object Replication Metrics, providing enhanced visibility into the progress of Azure Storage object replication. The new metrics include:

  • Pending Operations: Displays the number of replication operations waiting to be processed.
  • Pending Bytes: Shows the amount of data pending replication.

Additionally, the Pending Operations metric categorizes data based on replication delay time, displaying replication wait times in intervals such as:

  • Less than 5 minutes
  • Between 5–10 minutes
  • Between 10–15 minutes, and so on.

These new metrics improve monitoring, troubleshooting, and performance optimization for object replication in Azure Storage.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Local. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.