Generally Available: Long-term backup retention for Azure Database for PostgreSQL – Flexible Server

Generally Available: Long-term backup retention for Azure Database for PostgreSQL – Flexible Server
Azure Database for PostgreSQL - Flexible Server now offers a backup solution for supporting long-term backup retention and improved compliance for your PostgreSQL databases using Azure Backup. This release enables you to take advantage of a rich set of capabilities, such as flexible database backup policies, management of individual backups, and streamlined configuration. Additionally, you can add policies to back up and retain data for up to 10 years for compliance

Generally Available: Azure Quota Groups
Azure Quota Groups is now generally available, offering improved flexibility and control for Enterprise Agreement (EA) and internal customers. This feature enables quota sharing across a group of subscriptions, reducing the number of individual quota transactions.
Quota management is elevated from the subscription level to a centralized Quota Group Azure Resource Manager (ARM) object, allowing customers to manage procured quota within a group through self-service—without Microsoft approval.

Key benefits:

• Cross-subscription sharing: Share and manage quota across multiple subscriptions in a group.
• Self-service management: Allocate or reassign unused quota without filing support requests.
• Reduced support overhead: Fewer tickets for quota changes or new subscription setups.
• Centralized requests: Submit one quota request at the group level and distribute as needed.
• Azure Quota Groups streamlines quota operations and empowers customers with greater agility in managing their Azure resources.

Generally Available: Destination Network Address Translation (DNAT) on Azure Firewall Private IP address
Azure Firewall enhances the DNAT rule configuration to support port translations on its Private IP address.

DNAT on Azure Firewall Private IP address helps connect overlapped IP networks, which is a common scenario for enterprises when onboarding new partners to their network or merging with new acquisitions.

This capability is also relevant for hybrid scenarios, connecting on-premises datacenters to Azure, where DNAT bridges the gap, enabling communication between private resources over non-routable IP addresses.

Generally Available: App Service Hybrid Connection Manager
Announcing App Service Hybrid Connection has been updated, and the latest version is now generally available.
This new version has an updated look and feel and provides the following advantages over the previous version:

• Support for both Windows and Linux clients
• Enhanced logging and visibility into operating status
• Refreshed GUI and a new CLI experience for cross-platform compatibility
  Generally Available: Customer-managed keys for Azure NetApp Files volume encryption with Azure Key Vault Managed HSM
  Azure NetApp Files volume encryption choices have expanded to offer support customer-managed keys for Azure NetApp Files volume encryption with Azure Key Vault Managed HSM.

This capability offers increased security from FIPS 140-2 Level 2 to FIPS 140-2 Level 3 for critical deployments. Various applications that leverage HSM security include payment processing, application-level encryption, authentication. Industry verticals that use HSMs include financial services, public sector, IT/Telco (secure communications), energy (securing critical infrastructure).

Generally Available: Azure Migrate enhances support with Premium SSD v2 Disks
Azure Migrate now supports migration to Premium SSD v2 (Pv2) disks, offering customers a seamless experience to migrate their on-premises workloads to Azure and benefit from the greater flexibility and enhanced performance of Pv2 disks in Azure. Pv2 disks offer sub-millisecond disk latencies for demanding IO-intensive workloads at a low-cost. Customers can use that to improve the price-performance of a broad range of enterprise production workloads such as SQL Server, Oracle, MariaDB, SAP, Cassandra, Mongo DB, big data, analytics, gaming, on virtual machines, or stateful containers. Azure Migrate now recommends Pv2 as the target disk type for eligible data disks in regions where Pv2 is available and offers Pv2 as a selectable option for migrating applicable data disks.

Generally Available: Azure Cosmos DB JavaScript SDK 4.0
The Azure Cosmos DB JavaScript SDK 4.0 is now generally available. This major update brings a range of enhancements to help you build more efficient and scalable applications, whether you're working with large datasets, securing sensitive information, or building smart search functionalities.
Key improvements include enhanced diagnostic logging for better performance tracking, an improved bulk API for faster data operations, and a more flexible query design for efficient scaling. The SDK also introduces client-side encryption to support data security, as well as AI-driven features, including vector search and full-text search to enable advanced search capabilities.
These updates make the Azure Cosmos DB JavaScript SDK 4.0 a powerful tool for building high-performance applications.

Generally Available: Container Apps and Functions as Private Link enabled origins for Front Door Premium
You can now configure Azure Container Apps and Azure Functions as Private Link enabled origins in your Front Door Premium profile. Private Link enabled origins in Front Door allow you to deliver content to your end-users through public Front Door endpoints while ensuring that your origins remain inaccessible to the public internet.

Generally Available: Private subnet
We are announcing the general availability of private subnet functionality in Azure.

Currently, when virtual machines are created in a virtual network without any explicit outbound connectivity, they are assigned a default outbound public IP address. These implicit IPs are subject to change, not associated with a subscription, difficult to troubleshoot, and do not follow Azure's model of "secure by default" which ensures customers have strong security without additional steps needed. The private subnet feature prevents this insecure implicit connectivity for any newly created subnets by setting the "default outbound access" parameter to false. You can then pick your preferred method for explicit outbound connectivity, such as a NAT Gateway or Public IP address.

Additionally, please note that after September 30th, 2025, new virtual networks will default to using private subnets, meaning that an explicit outbound method must be enabled in order to reach public endpoints on the Internet and within Microsoft. Older versions of the Azure API will not be affected, and there would also be no change to existing virtual networks. This means that there will be no change in the operation of existing or new virtual machines in these subnets.

Generally Available: Inbound Private Endpoint Support for Azure API Management Standard v2
Announcing the general availability of the inbound private endpoint feature for the Azure API Management Standard v2 tier. This update enables organizations to securely expose their API Management gateway exclusively over Azure Private Link, ensuring that API traffic remains fully contained within the Microsoft backbone network.

This capability is critical for customers who need network-level security and compliance for API access particularly in regulated industries like finance, healthcare, and government. With inbound private endpoints, API Management Standard v2 now supports:

• End-to-end private connectivity
• Improved security posture
• Reduced attack surface
• Better control over data flow and API exposure

Generally Available: Import from Azure AI Foundry to Azure API Management’s AI Gateway
Announcing the general availability of importing model endpoints from Azure AI Foundry directly into Azure API Management’s AI Gateway. This capability simplifies onboarding of large language model (LLM) APIs by enabling seamless integration through the Azure portal.

Key benefits:
Rapid onboarding of LLM endpoints from Azure AI Foundry
Configure token limiting, token tracking, semantic caching, and content safety
Centralized API governance and observability for generative AI workloads

Generally Available: Support for AWS Bedrock API in AI Gateway Capabilities in Azure API Management

Announcing expanded support for AWS Bedrock model endpoints across all Generative AI policies in Azure API Management’s AI Gateway. This release enables you to apply advanced management and optimization features such as Token Limit Policy, Token Metric Policy, and Semantic Caching Policy to AWS Bedrock models, empowering you to seamlessly manage and optimize your multi-cloud AI workloads.
Key benefits:

• Apply token limiting, tracking, and logging to AWS Bedrock APIs for better control
• Enable semantic caching to enhance performance and response times for Bedrock models
• Achieve unified observability and governance across multi-cloud AI endpoints