Azure Update 22nd May 2026

Key Concepts

• Azure Kubernetes Service (AKS): Managed Kubernetes service.
• Azure App Configuration: Centralized service for application settings and feature flags.
• TLS (Transport Layer Security): Protocol for secure communications; focus on version 1.2+ migration.
• Azure Front Door: Global content delivery network (CDN) and load balancer.
• Network Security Groups (NSG) & User-Defined Routes (UDR): Traffic control and routing mechanisms.
• Azure Storage Actions: Scalable, policy-based operations for blob and data lake storage.
• Azure NetApp Files (ANF): Enterprise-grade file storage service.
• MQTT (Message Queuing Telemetry Transport): Lightweight messaging protocol for IoT/event-driven architectures.
• Azure AI Foundry (formerly Azure AI Foundry): Platform for building and managing AI applications.
• Model Router: AI orchestration tool that selects the optimal model based on prompt complexity and cost.

---

1. Compute and Application Services

• AKS Automatic Instrumentation: Java and Node.js applications on AKS can now automatically instrument for Application Insights without code changes, utilizing the Azure Monitor OpenTelemetry distro.
• App Configuration Scorecards (Preview): Provides visual telemetry on how specific feature flags influence application performance in production, enabling data-driven development.
• Azure Functions Flex Consumption: TLS certificates are now scoped to individual function apps (up to three per app) rather than shared across a web space, increasing security granularity.
• TLS 1.0/1.1 Retirement: Microsoft is retiring legacy TLS versions by May 2027. Applications must migrate to TLS 1.2 or higher to maintain connectivity.

2. Networking Updates

• Azure Front Door: WebSockets are now Generally Available (GA) for Standard and Premium SKUs, enabling full-duplex, long-lived TCP connections for real-time applications like gaming or streaming.
• Network Scaling: Limits have been increased to support complex hub-and-spoke architectures:
  • 2,000 NSGs per VNet.
  • 2,000 security rules per NSG.
  • 6,000 addresses/ports per rule.
  • 1,000 routes per route table.
• Network Watcher Rule Impact Analyzer: Allows administrators to simulate the impact of NSG or Azure Virtual Network Manager security admin rule changes on live traffic before deployment.
• VPN/ExpressRoute Prefix Summarization: Gateways can now summarize multiple specific IP prefixes into a single covering prefix, helping to bypass limitations on the number of advertised routes.
• VPN Authentication: Site-to-site VPNs now support certificate-based authentication (replacing pre-shared keys). Point-to-site VPNs allow for distinct IP pools based on user attributes (e.g., RADIUS groups).

3. Storage and Data Management

• Rust SDK for Blob Storage: A native, memory-safe SDK for Rust is now GA, supporting Entra ID authentication, automatic retries, and OpenTelemetry tracing.
• Azure Storage Actions (Mock Runs): Users can perform "what-if" simulations on storage operations (like lifecycle management) to see which objects would be affected before executing changes.
• Azure NetApp Files (ANF):
  • Cache Volumes: Provides low-latency access to "hot" data from on-premises or other cloud (AWS/GCP) NetApp volumes.
  • Object REST API: S3-compatible API support, enabling direct integration with tools like Microsoft Fabric without data movement.
• Azure Storage Mover: Now supports blob-to-blob transfers (flat and hierarchical namespaces) and includes scheduling capabilities for recurring migrations.
• Azure Files: Entra-only authentication for SMB shares is now GA, allowing Kerberos authentication without requiring a hybrid Active Directory sync.

4. Event Grid and Databases

• Event Grid MQTT: Added subscription identifiers to help clients route messages based on specific filters. New features include "Retain" support (sharing last known state), shared subscriptions for scaling, and HTTP-to-MQTT publishing.
• Cosmos DB: Now features GA integration with LangChain and LangGraph, facilitating vector and hybrid search for AI applications.
• PostgreSQL Flexible Server: Automatic Entra token refresh is now supported for Python, .NET, and JavaScript applications.

5. AI and Miscellaneous

• Azure AI Foundry: Renamed roles (e.g., Foundry Owner, Foundry Project Manager) and expanded self-assignment capabilities.
• Model Router: A single endpoint that dynamically selects the best AI model (from 28 options, including GPT-4o, Claude Opus, and Groq) based on prompt complexity to optimize cost and latency. An open-source auto-evaluation repository is available to verify router performance.
• Azure Linux 4.0 (Preview): A general-purpose, Fedora-derived Linux distribution optimized for Azure VMs and WSL.
• Azure Container Linux (GA): Based on the immutable Flatcar project, specifically hardened for container host environments.

---

Synthesis

The updates for May 22nd reflect a strong focus on scalability, security, and AI integration. Key takeaways include the shift toward more granular security (TLS scoping, Entra-only file shares), the expansion of AI orchestration tools (Model Router), and the maturation of developer-focused tooling (Rust SDKs, S3-compatible APIs for NetApp). These updates collectively aim to reduce operational overhead while providing the flexibility required for complex, distributed cloud architectures.