Azure Update - 31st October 2025

Key Concepts

• Capacity Reservation Sharing: Ability to share SLA-backed capacity reservations with up to 100 other subscriptions.
• Entra ID User Management Migration: Moving user management from Active Directory to Entra ID by changing the source of authority.
• Red Hat Enterprise Linux Software Reservations: Cost-saving option for RHEL on Azure with one-year terms.
• Azure Functions NodeJS 20 Retirement: End-of-life for NodeJS 20 on Azure Functions by April 30, 2026.
• Azure Functions Zero Downtime Deployment: Rolling upgrade mechanism for Azure Functions with flex consumption to ensure continuous availability.
• Azure Front Door Web Application Firewall (WAF) Capture Challenge: GA feature to block bots and malicious traffic using a human verification challenge.
• Azure Front Door Signed Request (Preview): Feature to restrict access to premium content based on user authentication, geolocation, and time constraints.
• Azure Front Door Outage (October 29): Significant outage impacting Azure Front Door and related Microsoft services due to an inadvertent tenant configuration change.
• Azure Traffic Manager: A DNS-based global load balancing solution that can serve as a potential "break glass" backup for Azure Front Door.
• High Scale Private Endpoints: Increased limit for private endpoints per virtual network (5,000) and for peered VNets (20,000).
• Azure Storage Mover: Support for moving NFS file shares to Azure File Shares (NFS 4.1).
• Instant Access Snapshots (Premium SSD v2 and Ultra Disk): Ability to create instant snapshots for high-performance disks, even during data hydration.
• PG Bouncer 23.1: Availability in Azure PostgreSQL Flexible Server for efficient connection pooling.
• Azure Machine Learning Preview Feature Retirement: Several preview features in Azure ML are being retired.

Compute Updates

• Red Hat Enterprise Linux Software Reservations: Software reservations for Red Hat Enterprise Linux are now available on Azure. This aligns with the new Red Hat Enterprise Linux pricing model and offers cost savings through one-year terms, allowing users to lock in pricing.
• Azure Functions NodeJS 20 Retirement: Support for NodeJS 20 in Azure Functions will end on April 30, 2026. Users are advised to migrate to NodeJS 22 or a later version before this date.
• Azure Functions Zero Downtime Deployment: A new zero downtime deployment option is available for Azure Functions using flex consumption. This feature implements a rolling upgrade strategy, where instances are drained and replaced in batches, ensuring the service remains available throughout the update process. To enable this, the site update strategy type needs to be changed to rolling update.

Networking Updates

• Azure Front Door Web Application Firewall (WAF) Capture Challenge (GA): This feature is now generally available and helps protect against bots, web scrapers, and brute-force attacks that might bypass traditional rate limiting or IP blocking. The capture challenge acts as an adaptive layer to verify human users, allowing legitimate traffic through quickly while blocking malicious requests. It is commonly seen in login and signup flows as a puzzle-solving interaction.
• Azure Front Door Signed Request (Preview): This feature, previously covered, is now in preview. It allows for restricting access to premium content, such as media streams, file downloads, and APIs, based on user authentication, geolocation, and time-based constraints. It functions as a rules engine where clients provide a signature to govern their access.
• Azure Front Door Outage (October 29): A significant outage occurred on October 29th, impacting Azure Front Door and related services like Microsoft 365, Minecraft, and others.
  • What Azure Front Door is: Azure Front Door is a global load balancing solution for Layer 7 (HTTP/S) web services. It provides multiple points of presence (PoPs) worldwide, allowing clients to connect to the closest PoP. It utilizes split TCP for TLS termination at the edge, caching, and can integrate with Web Application Firewall (WAF) for enhanced security. It is used by many Microsoft first-party solutions.
  • Cause of the Outage: The preliminary report indicates the outage was caused by an "inadvertent tenant configuration change" that introduced an invalid configuration state. This impacted a significant number of service nodes, rendering them unhealthy and unable to service requests, leading to a capacity drop.
  • Remediation: The issue was resolved by rolling back to a "last known good state," which took several hours to fully implement.
  • Preventative Measures: A software defect that allowed the deployment of the invalid configuration to bypass safety guards has been identified and is being remediated to prevent future occurrences.
  • Customer Mitigation Strategies: For customers seeking architectural "break glass" measures against future Front Door outages, Azure Traffic Manager is suggested as a potential backup. However, it's important to note that Azure Traffic Manager is a DNS-based solution and lacks the advanced Layer 7 features of Azure Front Door, such as WAF, caching, and split TCP. It also cannot serve private network services.
• High Scale Private Endpoints (GA): This feature is now generally available. It significantly increases the number of private endpoints allowed within a single virtual network from 100 to 5,000. For peered virtual networks, the limit increases from a recommended 4,000 peers to 20,000, configured on a per-VNet basis.

Storage Updates

• Azure Storage Mover Support for NFS: Azure Storage Mover now supports moving NFS file shares to Azure File Shares, specifically using the NFS 4.1 protocol. This enhances flexibility for data migration between locations.
• Instant Access Snapshots for Premium SSD v2 and Ultra Disk: Premium SSD v2 and Ultra Disks, which allow for separate provisioning and dynamic adjustment of capacity, IOPS, and throughput, now support instant access snapshots. This means snapshots can be created instantly, even after creation, providing high-performance availability of new disks while data hydration occurs in the background, enabling rapid scaling based on a copy of the source.

Database Updates

• PG Bouncer 23.1 in PostgreSQL Flexible Server: PG Bouncer version 23.1 is now available in Azure PostgreSQL Flexible Server. PG Bouncer is a connection pooling solution that improves efficiency in handling client connections to the database.

Miscellaneous Updates

• Azure Machine Learning Preview Feature Retirement: Several preview features in Azure Machine Learning are being retired. These include:
  • Grouping of multiple steps for pipeline organization.
  • Comparing pipeline jobs for debugging.
  • Importing data into data labeling projects.
  • Using v2 data assets in data labeling projects.
  • Monitoring drift between training and inference.
  • Adlink services.
  • Monitoring compute resources. Detailed guidance is available in the Azure documentation.

Conclusion

This week's Azure update covers significant enhancements in networking, storage, and compute, alongside important announcements regarding service retirements and a critical outage. Key takeaways include the expanded capabilities of Azure Front Door with its WAF capture challenge and signed requests, the increased limits for private endpoints, and improved data migration options with Azure Storage Mover. The Azure Front Door outage serves as a stark reminder of the importance of robust configuration management and the potential impact of global service disruptions, while also highlighting the need for customers to consider architectural resilience strategies. Users of Azure Functions and specific Azure Machine Learning preview features should note the upcoming retirements and plan accordingly.