AZURE Cloud Monthly Updates Newsletter –March 2025

Welcome to this month's Azure Cloud updates!

This newsletter highlights the latest product features and new services announced for Azure Cloud in March 2025. I have compiled comprehensive updates and information to help you. Stay with us for valuable insights!

About the Author: Santhosh (Santhoshkumar) Anandakrishnan - Azure Cloud MVP and Lead Cloud architect with 18 years in Cloud, Infrastructure& Security, specialising in public and hybrid cloud solutions.

You can visit my blog if you would like to read more about my work on Azure cloud services.

1. Azure Compute Services

1.1 Generally Available: Custom Secure Boot UEFI keys for Azure Trusted launch VMs.

Trusted Launch VM now lets you customise secure boot UEFI keys. You can entirely replace or update one or more secure boot keys or databases. This gives you more flexibility to secure your workloads better using Trusted Launch virtual machines in Azure.

What is changing with this update?

The secure boot UEFI keys allow administrators to modify UEFI keys in the image for secure boot-capable Azure virtual machines (VMs) like Trusted Launch and Confidential VMs. This feature enables complete replacement or appending to default key databases. The trusted launch VM supports selected Azure VM sizes.

Click here to learn more about this update.

1.2 Generally Available: VM Hibernation on GPU VMs.

VM hibernation is now available for GPU Virtual Machines, allowing you to pause workloads and preserve in-memory state.

What is changing with this update?

This feature helps reduce costs by deallocating the VM, so you only pay for storage and networking resources. It's supported on select NVv4 and NVadsA10v5 VM sizes for Linux and Windows in all public regions.

Click here to learn more about this update.

2. Azure Data and Storage Services

2.1. Generally Available: Vaulted Backup support for Azure Files Standard Shares

Azure Backup Vault now supports the Azure Files shares standard. This feature helps protect your data better by allowing you to set up snapshots and vaulted backups in a single policy. It also lets you recover data across different accounts and regions.

What is changing with this update?

Azure Backup is a cloud solution that secures your data in the Azure cloud. It integrates with Azure File Sync to centralise file share data and backups, providing a reliable method to protect enterprise file shares with snapshot and vaulted backups for recovery from accidental or malicious deletions.

The vaulted backup for Azure Files - the premium is currently in public preview. Starting April 1, 2025, you will be charged for using the vaulted backup for standard and premium files.

Click here to learn more about this update.

2.2. Generally Available: Edit Network features for Azure NetApp files without downtime.

The general availability of Edit network features for Azure NetApp Files volumes has been announced. Standard Network Features enhance the Virtual Networking experience, providing a consistent experience and improved security posture for Azure NetApp Files.

What is changing with this update?

Users can now edit existing Azure NetApp file volumes and upgrade Basic network features to Standard ones without incurring downtime. This feature is available in all regions where Azure NetApp Files is enabled.

Click here to learn more about this update.

2.3. Public Preview: Azure Storage object replication metrics for visibility into replication progress.

Microsoft has announced a public preview of two new metrics in Azure Storage that aim to enhance insights and track the progress of object replication.

What is changing with this update?

The two metrics (Pending Operations and Pending Bytes) provide information regarding the duration of storage replication operations. The pending operations metric helps to understand the number of operations based on their waiting time for storage replication.

Click here to learn more about this update.

2.4. Generally Available: Azure NetApp files application volume for Oracle.

What is changing with this update? Application Volume Group (AVG) for Oracle enables the deployment of all necessary volumes for Oracle databases at an enterprise scale, ensuring optimal performance and best practices in a streamlined workflow.

Click here to learn more about this update.

2.5. Generally Available: Azure NetApp files application volume for SAP HANA-Extension 1.

What is changing with this update? The recent extension of AVG for SAP HANA allows customers to implement zonal deployments for all HANA volumes. This development aligns with Microsoft's recommendation for zonal deployment in SAP virtual machines, particularly in High Availability (HA) scenarios. As a result of this enhancement, the previously necessary manual step has been eliminated, simplifying the overall deployment process of the SAP infrastructure.

Click here to learn more about this update.

3. Network and Security Services:

3.1 Public Preview: Azure Firewall - Customer-provided public IP support for secure virtual hubs.

Firewall admins can now assign customer-managed public IP addresses to Secured Virtual Hub firewalls, specifically for new deployments.

What is changing with this update?

This feature enhances flexibility and control over the network configuration for users managing their public IPs. Virtual WAN hub deployments can now associate public IP addresses from customer tenants with secured Azure Firewalls, allowing public IP addresses for Azure Firewalls to be allocated from a dedicated IP address prefix pool.

Click here to learn more about this update.

3.2 Generally Available: Azure Virtual Network Manager - Network Verifier

In the Azure Virtual Network Manager (AVNM) resource, create a verifier workspace to access network verifier capabilities. A network verifier can determine whether the established Azure environment meets the necessary reachability requirements among network resources.

What is changing with this update?

This feature allows users to check if their network policies permit or restrict traffic between Azure network resources. Various components are involved in connectivity, security, routing, and resource-specific configurations. This tool aids in answering diagnostic questions, addressing issues related to reachability, and verifying compliance with organisational security standards.

Click here to learn more about this update.

3.3 Generally Available: API Management as a Private Link-enabled Origin for Front Door Premium.

Azure Private Link allows access to Azure PaaS services and hosted services via a private endpoint in a virtual network. It enables traffic to use the Microsoft backbone network and reduces public Internet exposure.

What is changing with this update?

Azure Front Door Premium can connect to origins through Private Link, whether in a virtual network or provided as PaaS services like Azure API, eliminating the need for public access.

Click here to learn more about this update.

3.4 Generally Available: Azure Firewall - Parallel IP Group updates

IP Groups help manage IP addresses for Azure Firewall rules in several ways. You can use them as source addresses or destination addresses in firewall rules. An IP Group can contain a single IP address, multiple IP addresses, one or more IP address ranges, or a mix of addresses and ranges.

What is changing with this update?

You can now update several IP Groups at once. This is especially helpful for environments that need quick changes on a large scale. It works well with a dev-ops approach, such as templates, ARM, CLI, and Azure PowerShell.

Click here to learn more about this update.

3.5 Public Preview: ExpressRoute Resiliency Enhancements

Azure has introduced two essential features aimed at optimising ExpressRoute performance:

1. Resiliency Validation: This capability is specifically designed to evaluate the resiliency of network connectivity for workloads that utilise ExpressRoute. It ensures that the network remains robust and reliable.

Click here to learn more about this update.

2. Resiliency Insights: This feature assesses your network's reliability for ExpressRoute workloads. It calculates a percentage score based on various factors, including route resilience, using zone-redundant gateways, advisory recommendations, and results from resiliency validation tests. This score helps users understand and improve their network's reliability for critical workloads.

Click here to learn more about this update.

4. Azure Kubernetes Services (AKS):

4.1 Generally Available: Azure Managed Prometheus Supports Horizontal Pod autoscaling for replica set pods in AKS.

Azure Monitor Managed service for Prometheus has introduced support for Horizontal Pod Autoscaling (HPA) by default for the ama-metrics replica set pod.

What is changing with this update?

This update allows the pod (ama-metrics replica set) responsible for scraping Prometheus metrics with custom jobs to scale automatically based on memory utilisation. Customers will also be able to set the shards to any number of minimum and maximum replicas as long as they are within the range of 2 and 12.

Click here to learn more about this update.

4.2 Generally Available: Node Auto-Repair Kubernetes Events in AKS.

We can track node auto-repair activities in the AKS cluster by introducing new events. These events will alert you whenever the auto-repair process begins and its repair actions are completed.

What is changing with this update?

Node auto-repair is an integrated feature designed to automatically identify unhealthy nodes and rectify issues through rebooting, reimaging, or redeploying. You can also set up alerts for these new events to remember any errors that may happen during the process.

Click here to learn more about this update.

4.3 Public Preview: Windows Support for virtual machines node pools in AKS.

Windows support for Virtual Machine Node Pools is now available in Azure Kubernetes Service (AKS). With Virtual Machine node pools, AKS manages the provisioning and bootstrapping of each node.

What is changing with this update?

A node pool is a group of virtual machines with different sizes (SKUs) optimised for specific workloads. This functionality allows users to specify a family of SKUs for a node pool without maintaining separate node pools for each SKU type, thereby reducing the overall node pool footprint. Typically, when deploying a workload onto AKS, each node pool can contain only one virtual machine (VM) type or SKU.

Click here to learn more about this update.

4.4 Public Preview: Azure Linux 3.0 Support in AKS

The Azure Linux Container Host is a unique operating system designed to run containers on Azure Kubernetes Service (AKS). Microsoft developed this system, an open-source Linux version that Microsoft created.

What is changing with this update?

Azure Linux 3.0 is available in preview for use on AKS. Azure Linux releases a new operating system version every three years with upgrades to significant components. This host offers reliable and consistent performance in cloud and edge environments, including AKS, AKS for Azure Stack HCI (Hyper-Converged Infrastructure), and Azure Arc. You can set up Azure Linux node pools in new clusters, add them to existing clusters, or switch your current nodes to Azure Linux nodes.

Click here to learn more about this update.

4.5 Public Preview: Control plane Azure Platform Metrics in AKS

What is changing with this update?

New Azure platform metrics allow monitoring of your AKS cluster control plane components, including the API server and ETCD. These metrics offer insights into the availability and performance of the Azure managed control plane, helping you detect and resolve issues. All metrics are automatically collected for free and can be used to create metrics-based alerts.

Click here to learn more about this update.

4.6 Generally Available: Azure Monitor Managed Service for Prometheus for Azure Arc-enabled Kubernetes

Azure Monitor, a fully managed service for Prometheus for Azure Arc-enabled Kubernetes, simplifies monitoring of Kubernetes clusters anywhere.

What is changing with this update?

This feature manages Prometheus data's collection, storage, rule evaluation, and querying. Utilising the same platform as Azure Monitor Metrics ensures compatibility with Prometheus metrics. Integrating with Azure Managed Grafana enhances cloud-native monitoring of containerised workloads.

Click here to learn more about this update.

5. Azure PaaS Services:

5.1 Generally Available: Enhanced performance guidance in Azure Advisor for Azure database for PostgreSQL

Azure Advisor offers performance recommendations for the Azure Database for PostgreSQL flexible server, which helps to identify and resolve server issues.

What is changing with this update?

This includes guidance on hardware optimisations, logging enhancements, workload management, and more. Users can configure alerts to be sent via email or text to receive notifications about Azure Advisor recommendations at the server or subscription level.

Click here to learn more about this update.

5.2 Upgrade Entra Domain Services to TLS 1.2 by August 31 2025

Entra Domain Services customers using TLS 1.0 and 1.1 must migrate to 1.2 by August 31, 2025. Please see the instructions here: Transport Layer Security (TLS) 1.2 enforcement for Microsoft Entra Domain Services - Microsoft Entra ID | Microsoft Learn

5.3 Generally Available: Log Analytics Delete Data API.

What is changing with this update? The Delete Data API allows you to send requests to remove data from your Log Analytics workspace. This API can be used to delete sensitive, personal, or corrupt data. It works faster than the Purge API because it marks logs as deleted instead of performing a heavy delete operation.

Click here to learn more about this update.

6. Azure Retirement Notice:

6.1 AKS Kubenet networking service to be retired in March 2028.

On March 31, 2028, kubenet networking for Azure Kubernetes Service (AKS) will be retired. Users must upgrade to Azure Container Networking Interface (CNI) overlay before this date to prevent service disruptions, as workloads running on kubenet for AKS will no longer be supported after that time.

6.2 GPU Image in AKS.

On January 10, 2025, the AKS GPU Image (preview) retired. New node pool creations with the GPU image (preview) are now blocked. Existing node pools using the GPU Image (preview) are now unsupported. Follow the detailed steps in the documentation to create GPU-enabled node pools using the alternative supported options on AKS.

6.3 Ubuntu 18.04 and 20.04 Node pools in AKS.

Ubuntu 18.04 and 20.4 versions on Azure Kubernetes Service will be retired on June 17, 2025. Please transition to a supported Ubuntu version by that date.    

 Newer supported versions, including Ubuntu 22.04, have replaced Ubuntu 18.04.

6.4 Virtual Machine Series - D,Ds, Dv2, Dsv2 to be retired on May1 2028.

Azure Virtual Machines in the D, Ds, Dv2, Dsv2, and Ls series are scheduled to retire on May 1, 2028. After this date, these VMs will no longer be available for use or purchase. The workloads currently utilising these VM series must migrate your workloads from the D, Ds, Dv2, Dsv2, and Ls series VMs to a newer generation of virtual machines well ahead of the retirement date.

Please take a look at the official migration guide.

6.5 Manually registered Azure VPN clients on March 31, 2028.

On March 31, 2028, Azure will stop supporting manually registered Azure VPN clients for point-to-site connections that use Microsoft Entra ID for authentication.

To prevent disruptions, migrate manually registered Azure VPN clients to a Microsoft-registered VPN client for point-to-site connections with Microsoft Entra ID authentication before 31 March 2028. 

6.6 Desired State Configuration Extension for Azure virtual machines retired on March 31, 2028.

The Desired State Configuration Extension for Azure Virtual Machines will be retired on March 31, 2028. Please plan to transition to Azure Machine Configuration by this date to ensure continuity and effectiveness in your operations.

Please follow the instructions to migrate to Azure Machine Configuration by March 31, 2028.

Subscribe to the Azure Cloud Monthly Updates newsletter for updates on Azure cloud services. Don’t miss our next edition!

Thanks for taking the time to read the newsletter. I appreciate your feedback, and I would like to invite you to contribute suggestions for improvement in the comments section. Your insights will help us enhance our content. Thank you!