Generally Available: Latest PostgreSQL minor versions supported by Azure Database for PostgreSQL flexible server

Generally Available: Latest PostgreSQL minor versions supported by Azure Database for PostgreSQL flexible server
PostgreSQL minor versions 17.5, 16.9, 15.13, 14.18, and 13.21 are now supported by Azure Database for PostgreSQL flexible server.

These minor version upgrades are automatically performed as part of the monthly planned maintenance in Azure Database for PostgreSQL flexible server. This upgrade automation ensures that your databases are always running the latest optimized versions without requiring manual intervention.

Generally Available: PostgreSQL 17 with in-place upgrade on Azure Database for PostgreSQL flexible server
You can now use PostgreSQL 17 on Azure Database for PostgreSQL flexible server. With this release, you gain access to the latest PostgreSQL features along with the ability to perform seamless in-place upgrades from previous PostgreSQL versions—all without changing your server endpoint, reconfiguring your applications, or manually migrating data. You can stay current with minimal downtime and reduced operational complexity.

PostgreSQL 17 introduces several enhancements that improve your database performance and developer experience. You’ll benefit from faster vacuuming and query planning, expanded SQL/JSON support including JSON_TABLE, enhanced MERGE functionality, and more flexible partitioning. Staying current with PostgreSQL 17 also helps you remain aligned with community support timelines and the Azure managed service roadmap.

Generally Available: Secondary users for Azure Cosmos DB for MongoDB (vCore)
We are excited to announce that Azure Cosmos DB for MongoDB (vCore) clusters now support secondary users, enabling more flexible and granular access control for your database. Previously, each cluster could have only one user with full privileges, limiting access control options.

With the extended capabilities of native DocumentDB authentication in Azure Cosmos DB for MongoDB (vCore), you can now create additional users on your cluster. These users can authenticate to the database using their username and password.

Additional users can be assigned read-write or read-only permissions, further enhancing the granularity of access control. This new functionality allows for more secure and efficient management of your database access.

Generally Available: Azure DNS security policy
DNS security policy is now generally available. This release brings visibility of DNS traffic at the VNET level with the flexibility to send logs to storage account, log analytics workspace, or event hubs. It also includes DNS filtering based on lists of domains for allow/block actions.

What DNS security policy?
DNS security policy offers the ability to filter DNS queries on VNETs. You can allow, alert, or block name resolution of known or malicious domains and gain insight into your DNS traffic. Detailed DNS logs can be sent to a storage account, log analytics workspace, or event hubs.

A DNS security policy has the following elements:

• Location: A security policy can only apply to VNets in the same region.
• DNS traffic rules: Rules that allow/block/alert queries based on priority and domain lists.
• VNET links: A security policy can be associated to multiple VNets.
• DNS domain lists: Location-based lists of DNS domains.

Key benefits:

• Visibility of DNS traffic: DNS security policy brings the ability of logging your DNS traffic at the virtual network level.
• DNS traffic filtering: Allows to create DNS traffic rules which can contain multiple domain lists which can be used to allow/block DNS traffic.

Public Preview: Azure SQL updates for early-July 2025
In early-July 2025, the following updates and enhancements were made to Azure SQL:

• Convert Azure SQL database to Hyperscale while keeping existing active geo-replication or failover group configurations.
• Try the mssql-python driver with new platform support and powerful features for Microsoft SQL Server and the Azure SQL family.
• Rapid prototyping in Visual Studio Code with local SQL containers, GitHub Copilot agent mode, and connection groups.

Generally Available: Azure SQL updates for early-July 2025
In early-July 2025, the following updates and enhancements were made to Azure SQL:

• Enhanced server audit for Azure SQL Database boosts performance, availability, and reliability. Learn more.
• Server audit action groups are now available to achieve compliance and feature parity in Azure SQL Database.

Generally Available: FQDN Filtering in DNAT rules in Azure Firewall
Azure Firewall supports the use of Fully Qualified Domain Names (FQDNs) in DNAT (Destination Network Address Translation) rules, allowing inbound traffic to be routed to backend resources using domain names instead of static IP addresses.

This feature is especially useful for scenarios where backend IP addresses are dynamic or centrally managed via DNS.

Key Highlights:
DNS-based backend targeting: Route inbound traffic to backend servers using FQDNs.
Dynamic IP support: Ideal for applications where backend IPs change frequently.
Monitoring: Monitor DNAT activity using AZFWNatRule logs.

Generally Available: Azure App Service on Azure Stack Hub 25R1

• Azure App Service on Azure Stack Hub 25R1 is now available for customers to download and update their Azure Stack Hub deployments.
• What's New?
• This release contains a number of new capabilities, updates to application stacks and improvements to Azure App Service on Azure Stack Hub and we encourage customers to review the full release notes, follow the update documentation to deploy to their systems and take advantage of this new update.
• Azure App Service on Azure Stack Hub 25 R1 brings new updates to Azure Stack Hub and builds on the previously released 24R1 (24R1 Release Notes). Customers can install 25R1 directly without deploying 24R1 first.
• The App Service on Azure Stack Hub 25R1 build number is 102.10.2.11 and requires Azure Stack Hub to be updated with 2311 or later prior to deployment/upgrade.
• Please read the updated documentation, in particular the 25 R1 Release Notes, prior to getting started with deployment.

Generally Available: Encryption in Transit (EiT) for Azure Files NFS shares

• Azure Files NFS shares now support Encryption in Transit (EiT) using TLS 1.3 to secure all NFS traffic, ensuring confidentiality, integrity, and authentication. This layer of added security helps enterprises meet end-to-end compliance needs while maintaining performance and simplicity. Configuring EiT is simple using the open-source AZNFS mount helper, which automates TLS tunneling and volume mount operations for NFS shares. EiT is supported across all major Linux distros, Azure Linux VMs, on-premises Linux servers, and more.

Generally Available: Two-Way Forest Trusts for Microsoft Entra Domain Services
Two-Way Forest Trusts for Microsoft Entra Domain Services are now Generally Available. This capability allows organizations to create forest trusts between Microsoft Entra Domain Services and on-premises Active Directory Domain Services (AD DS) environments in either or both directions.

Previously Microsoft Entra Domain Services only supported forest trusts in one direction, out-bound from a managed domain to any customer on-premises domains or forests. This allows users in the on-premises domain to access resources in the managed domain, but not vice versa.

Now, Entra Domain Services supports three possible directions when you create a forest trust:

One-way out-bound: This allows users in the on-premises domain to access resources in the managed domain, but not vice versa.
One-way in-bound: This option allows users in the managed domain to access resources in the on-premises domain.
Two-way: This is a bi-directional trust that allows users in both the managed domain and the on-premises domain to access resources in either domain.

This capability offers more control and flexibility over how you manage your hybrid identity environment with Entra Domain Services. You can now choose from three possible directions when you create a forest trust, depending on how users need to access resources. An Enterprise or Premium SKU license is required. Trusts require an Enterprise or Premium SKU license.

Generally Available: Query editor in Azure Monitor Metrics

• We're announcing the General Availability of Query Editor in Azure Metric Explorer through Azure Monitor Workspace (AMW). With this update, customers can directly query Prometheus metrics using PromQL within their Azure Monitor workspace. This empowers users to efficiently explore and analyze their metric data by writing PromQL queries directly in Metric Explorer, gaining valuable insights to optimize their resources and enhance performance.