Generally Available: Azure SQL updates for late-August 2025

Generally Available: Azure SQL updates for late-August 2025
In late August 2025, the following updates and enhancements were made to Azure SQL and SQL Server:

• Easily spin up local SQL Server containers. Now generally available, the local SQL Server container enables container creation in the MSSQL extension for Visual Studio Code—no Docker commands needed. Learn more.
• Design tables more easily with Schema Designer, now generally available—a powerful new way to visually create and modify database schemas without writing T-SQL. Learn more.
• Streamline database development using Schema Compare to effortlessly compare database schemas, pinpoint differences, and apply updates seamlessly between databases or files. Learn more.
• SQL Server enabled by Azure Arc is now generally available in the US Government Virginia region.

Public Preview: Azure Database for PostgreSQL Entra ID group login using user credentials
The public preview of Entra ID group login using user credentials, now available on newly provisioned servers. This anticipated feature simplifies user management and improves security within the Azure Database for PostgreSQL Flexible Server environments.

Both administrators and users benefit from a more streamlined process:

• Changes in Entra ID group memberships are synchronized on a periodic basis. This scheduled syncing ensures that access controls are kept up to date, simplifying user management and maintaining current permissions.
• Users can log in with their own credentials, simplifying authentication, and improving auditing and access management for PostgreSQL environments.

As organizations continue to adopt cloud-native identity solutions, this update represents a major improvement in operational efficiency and security for PostgreSQL database environments.

Public Preview: Azure Cosmos DB for MongoDB (vCore)—add shards and rebalance data
Now you can add physical shards as your Azure Cosmos DB for MongoDB (vCore) clusters grow. Thanks to the elasticity of compute and storage configurations in Azure Cosmos DB for MongoDB (vCore), a single physical shard (node) typically delivers the desired performance for most workloads. However, an increasing number of workloads now exceed 32 TiB on a single physical shard or require elevated performance levels that are usually associated with multishard configurations. Additionally, some workloads already hosted on multishard clusters in Azure Cosmos DB for MongoDB (vCore) continue to grow and require additional physical shards.

When you add physical shards, they’re always created next to the other physical shards in the same region and given the same compute and storage configurations as the existing shards in the cluster.

After it’s added, the new physical shard is immediately available for write operations. Often, there is a significant data skew between the existing nodes and the newly added empty shard. To address this imbalance, you can initiate data rebalancing, redistributing data from heavily loaded nodes to those with little or no data. Data rebalancing requires no configuration and is executed with zero cluster downtime.

Generally Available: Schema migration is now available in Azure Database Migration Service (DMS)
Announcing that Azure DMS now supports schema migration for Azure SQL Database—making your cloud migration journey smoother and more efficient than ever.

With just a single checkbox, you can now migrate missing schema objects along with your data. This includes:

• Tables
• Views
• Stored procedures
• Indexes
• User-defined types
• Roles, rules, synonyms, and more

You can streamline the migration process, reduce manual intervention, and maintain consistency between source and target environments. Whether you're using the Azure portal or automating with PowerShell cmdlets, schema migration is now a seamless part of your database modernization workflow.

Public Preview: Azure SQL updates for late-August 2025
In late August 2025, the following updates and enhancements were made to Azure SQL:

Azure SQL Database now offers a replication lag metric, providing real-time visibility into the recovery point objective (RPO) when Geo-DR is enabled.

Generally Available: Entra ID and RBAC support for GetAccountInfo and other supplemental APIs for Azure Storage
To align with security best practices, Entra ID and RBAC support is now generally available for the following APIs for Azure Storage:
Get Account Information

• Get Container ACL
• Set Container ACL
• Get Queue ACL
• Set Queue ACL
• Get Table ACL
• Set Table ACL
  These APIs now support OAuth 2.0 based Authentication via Entra ID on storage. As part of this enhancement the REST API responses for unauthorized access have been changed. Previously, if you tried to use these APIs with OAuth, we returned a 404 status code. Now, if you use these APIs with OAuth but do not have the right permissions (e.g. GetAccountInformation requires Azure RBAC action: Microsoft.Storage/storageAccounts/blobServices/getInfo/action), we will return a 403 status code (unauthorized access). If you send an anonymous request for bearer challenge, we will return a 401 status code, which is the same behavior as with the other APIs. If you have taken a dependency on the 404 error code for these operations, we recommend that you change your application code to support both 404 and 403 error codes, since the SDKs will not automatically make this change. Note that the best practice for checking unsupported APIs is not to take a dependency on error codes, but to refer to Authorize with Microsoft Entra ID (REST API) - Azure Storage | Microsoft Learn.

Public Preview: Custom block response code and body for Application Gateway WAF
Announcing the public preview of custom block response code and body for WAF integrated with Application Gateway.

Azure WAF integrated with Application Gateway now supports customizable response status codes and bodies for blocked requests, enabling greater flexibility and control.

By default, when the WAF blocks a request due to a matched rule, it returns a 403 status code with a "The request is blocked" message. As with WAF with Azure Front Door, now customers can also define a custom response status code and message with Application Gateway when WAF blocks a request. This customization is a policy-level setting, ensuring that all blocked requests receive the same custom response status and message.

Public Preview: Azure NetApp Files short-term clones
Azure NetApp Files short-term clones enable space-efficient, instant read/write access to data by creating temporary thin clones from existing volume snapshots, eliminating the need for full data copies and enabling capacity savings. Ideal for software development, analytics, disaster recovery and testing, short-term clones support large datasets and allow quick refreshes from the latest snapshots. Short term clones remain temporary and space-efficient for up to one month, consuming capacity only for incremental changes. This capability accelerates development and analytics workflows, improves quality and resilience, and reduces costs by avoiding full copy storage and minimizing operational overhead. This capability is now available in preview in all Azure NetApp Files supported regions

Generally Available: CNI Overlay for Application Gateway for Containers and AGIC

Azure CNI Overlay with Application Gateway for Containers and AGIC is now generally available.

Azure CNI Overlay enables AKS clusters to use pod IPs from a separate CIDR, conserving VNet IP space and simplifying multi-cluster deployments. Paired with Application Gateway and Application Gateway for Containers, enable secure, efficient load balancing for AKS services, while the overlay network remains local to the AKS cluster.

Key benefits of this solution include:

• Efficient IP address management: Conserve VNet IP address space and maximize cluster scale with CNI Overlay.
• Controlled ingress: Manage external ingress to designated services within the AKS cluster’s private overlay network, enhancing security and reducing exposure to external threats.
• Simplified deployment: Network configuration for CNI Overlay or CNI with Application Gateway for Containers and Application Gateway Ingress Controller is detected automatically; no additional configuration is required.