Azure Update - 14th November 2025

Key Concepts

• Azure Kubernetes Service (AKS): Managed Kubernetes service on Azure.
• OS Guard: Security feature for AKS Linux container hosts.
• Trusted Launch: Security feature for Azure VMs and container hosts.
• Flatcar Container Linux: An open-source, immutable operating system for containers.
• AKS Local DNS: DNS proxy capability for AKS nodes.
• AKS Agentic CLI: Natural language interface for AKS.
• AKS Scheduler Profile Configuration: Customization of AKS pod scheduling.
• Application Gateway for Containers: Layer 7 load balancer for containerized workloads.
• Web Application Firewall (WAF): Security feature to protect against web attacks.
• Azure Front Door: Global delivery network for web applications.
• Azure Firewall: Network security service for Azure virtual networks.
• Packet Capture: Feature to capture network traffic for troubleshooting.
• DNS Flow Trace Logs: Logs for DNS requests and responses.
• Azure Virtual Network Manager: Centralized management of virtual networks.
• IPAM (IP Address Management): Management of IP addresses.
• Object Priority Replication: Feature for faster asynchronous replication of Azure Storage objects.
• GRS (Geo-Redundant Storage): Data replication across geographically distant regions.
• GZRS (Geo-Zone-Redundant Storage): Data replication across regions and availability zones.
• Azure Data Lake Storage Gen2: Scalable data lake solution.
• Vaulted Backup: Backup of Data Lake Storage Gen2 data to a separate vault.
• PostgreSQL Flexible Server: Managed PostgreSQL service on Azure.
• KQL (Kusto Query Language): Query language for Azure Data Explorer and other services.
• Graph Semantics: Representing relationships between data entities.
• OpenCypher: Open-source query language for graph databases.
• MySQL Flexible Server: Managed MySQL service on Azure.
• Azure Migrate: Service for migrating on-premises workloads to Azure.
• Security Insights: Feature within Azure Migrate for risk assessment.
• .NET 10: Latest version of the .NET development framework.
• GPT-4o: Latest AI model from OpenAI, available on Azure AI.
• Azure AI Foundry: Platform for building and deploying AI solutions on Azure.
• AI Supercomputer Data Center: Specialized data centers for AI model training and inference.

Compute Updates

AKS Azure Linux OS Guard (Preview)

• Provides enhanced protection for container hosts running Azure Linux 3.0.
• Ensures only trusted, signed binaries can execute.
• Locks down user space to prevent tampering.
• When coupled with Trusted Launch, it guarantees boot integrity.

AKS Flatcar Container Linux (Public Preview)

• Introduces Flatcar Container Linux as an OS option for AKS node pools.
• Flatcar features an immutable file system for predictable node behavior and simplified recovery.
• It is open-source and compatible with Kubernetes across clouds.
• More information available at flatcar.org.

AKS Local DNS (GA)

• Provides a DNS proxy on each AKS node for caching DNS responses.
• Reduces DNS request latency for pods.
• Decreases load on upstream DNS servers.
• Enhances resiliency by continuing to serve requests if upstream servers fail.
• Transparent to applications; no code changes required.
• Runs as a local system service with configurable options like Time To Live (TTL) and servicing stale records.

AKS Agentic CLI (Preview)

• Enables natural language interactions with AKS environments.
• Uses an aks agent command for answering questions, troubleshooting, and providing guidance.
• Integrates with the AKS MCP (Model Context Protocol) server for AI application integration.

AKS Scheduler Profile Configuration (Preview)

• Allows customization of the AKS scheduler's behavior for placing pods on nodes.

Networking Updates

Application Gateway for Containers - Web Application Firewall (WAF)

• Adds WAF capabilities to Application Gateway for Containers, specifically designed for container workloads.
• Protects against common web attacks like SQL injection and cross-site scripting.

Azure Front Door - WAF JavaScript Challenges (GA)

• Eliminates the need for visible JavaScript challenges for WAF.
• Provides an invisible layer of protection that distinguishes legitimate users from bots.
• Presents a browser-based challenge that is computed by the user's browser without explicit user interaction.

Azure Firewall - Packet Capture (GA)

• Allows triggering packet capture through the Azure portal or PowerShell.
• Designed for capturing specific network flows for troubleshooting, not all traffic.
• Captured packets are written to a storage account.
• Configurable options include the number of packets (up to 90,000), capture duration (up to 30 minutes), protocol, TCP flag options, source/destination IP, and destination port.
• Captures bidirectional traffic matching specified filters on specific ports.

Azure Firewall - DNS Flow Trace Logs (GA)

• Builds on Azure Firewall's DNS proxy capability.
• Logs DNS requests, including query types, domains, response codes, upstream DNS servers, and source/destination IPs.
• Provides valuable information for investigations and understanding DNS behavior.

Azure Virtual Network Manager Updates

• Pool Association: Recommends suitable IPAM pools for virtual networks not currently associated.
• Peering Compliance: Ensures peers created by VNet Manager cannot be modified or deleted outside of it.
• User Defined Routes (UDR) - Use Existing Mode: Adds new routes to existing route tables associated with subnets, rather than creating a new one or replacing existing routes. This is an optional mode.

Storage Updates

Object Priority Replication (GA)

• Enables object-level asynchronous replication from a source storage account and container to a destination account with filtering.
• Offers an SLA for 99% of objects to replicate within 15 minutes, with advanced lag metrics.
• Exceptions: Does not apply if accounts are not on the same continent, for objects larger than 5 GB, or for very large storage accounts.
• Can be enabled/disabled via the portal or PowerShell/CLI.
• Incurs an associated cost.

GRS and GZRS - Priority Replication

• Applies the same priority replication option (99% of data within 15 minutes for block blobs) to GRS and GZRS.
• Can be enabled at creation time or post-creation.
• Available for block blobs only.
• Can be enabled/disabled in the portal under Data Management -> Redundancy.
• Incurs a per-gigabyte priority cost.

Azure Data Lake Storage Gen2 - Vaulted Backup (GA)

• Backs up Data Lake Storage Gen2 data to a separate vault, enhancing resiliency.
• Leverages backup vault capabilities: long-term backup (up to 10 years), multi-user authorization, and flexible backup schedules.

Database Updates

PostgreSQL Flexible Server - Availability Zones

• Now supports all three availability zones in Japan West.

KQL Graph Semantics - OpenCypher Support

• Introduces OpenCypher support for graph semantics in Fabric Event House and Azure Data Explorer.
• OpenCypher is an open-source specification for querying graph databases, using an ASCII art-like syntax for pattern matching relationships between entities (nodes and edges).

KQL Graph Semantics - Labels (GA)

• Allows easy retrieval, filtering, and projection of labels on nodes and edges within Azure Data Explorer.

MySQL Flexible Server - Lowercase Table Names Parameter

• A new parameter at instance creation time controls how table names are stored and compared.
• Allows preserving table case while enabling case-insensitive comparisons, addressing a previous limitation where all table names were stored in lowercase.

MySQL Flexible Server - Azure Functions Trigger

• Can now trigger Azure Functions upon creation, update, or deletion of a row in a MySQL table.
• Enables serverless responses to data modification events in MySQL databases.

Miscellaneous Updates

Azure Migrate - Security Insights

• Includes security insights to assess existing workload risks and provide mitigation recommendations during migration.

.NET 10 Release

• .NET 10 has been released with numerous improvements.

GPT-4o Availability on Azure AI Foundry

• OpenAI's GPT-4o model is now available on Azure AI Foundry.
• GPT-4o: Designed for better adaptive, stepwise reasoning, adjusting its approach based on task complexity. Includes chain-of-thought for the first time in chat models.
  • GPT-4o (Standard): For general AI applications, analytics, research, document consolidation. Available globally and in data zones for US and EU.
  • GPT-4o Chat: For interactive assistants, user interfaces, and adaptive reasoning in complex cases. Available globally.
  • GPT-4o Code Interpreter and GPT-4o Code Interpreter Mini: For agentic coding, enhanced tooling, and refactoring. Mini model offers a more cost-effective option.

New Atlanta AI Supercomputer Data Center

• The second Fairwater AI Supercomputer data center, located in Atlanta.
• Features near-zero water usage with closed-loop cooling.
• Employs a new two-level design for denser GPU configurations and lower latency between GPUs.
• Includes a new network linking locations for multi-site AI capabilities.
• Focuses on large-scale AI model training and inferencing.

Conclusion

This week's Azure update brings significant advancements across compute, networking, storage, and databases, with a strong emphasis on enhanced security, improved performance, and expanded AI capabilities. Key highlights include new security features for AKS, more robust networking security with WAF and packet capture, faster storage replication, and the integration of advanced AI models like GPT-4o into Azure. The introduction of features like AKS OS Guard, Flatcar Container Linux, and priority replication in storage aim to bolster reliability and security. The availability of GPT-4o on Azure AI Foundry, along with the new AI supercomputer data center, underscores Microsoft's commitment to leading in AI innovation.