Generally Available: Support for workloads with large files in Azure NetApp Files
AzureMicrosoft
May 2026
Generally Available: Support for workloads with large files in Azure NetApp Files
To support seamless migration and operation of workloads that use large files including Azure VMware Solution (AVS) virtual machines with large VMDK disks, Azure NetApp Files now supports file sizes of up to 64 TiB for regular volumes. This enhancement enables the migration of on‑premises workloads with large virtual machine disks to Azure VMware Solution and supports ongoing operation of data‑intensive workloads in Azure. The capability is available in all Azure NetApp Files enabled regions across the Flexible, Standard, Premium, and Ultra service levels.
Generally Available: Managed Identity Support for Azure Files SMB Is now GA
Azure Files now supports Managed Identities for SMB access, enabling applications and services to authenticate without storing static credentials or account keys. This feature aligns with Zero Trust principles, allowing workloads to use Entra-issued tokens for secure, short-lived access to file shares.
By leveraging Managed Identities, organizations can eliminate service principal secrets and reduce credential sprawl, simplifying compliance and improving security posture.
This capability is especially impactful for cloud-native workloads that require persistent storage, including:
- AKS clusters with persistent volumes with managed and workload identities
- CI/CD pipelines and automation scripts
- Native Application or VM (device) identity access
Managed Identities provide seamless integration with Azure RBAC, enabling fine-grained access control and centralized policy enforcement without manual key rotation. Please reach out to azurefiles@microsoft.com or customers interested in adopting Managed Identities for secure SMB access with Azure Files.
Public Preview: Azure Container Apps Express
Azure Container Apps Express is now available in public preview. It is the simplest and fastest way to launch and scale powerful applications on Azure, from zero to hyperscale, without infrastructure decisions. It represents the first Azure compute platform purpose-built for agent and developer use alike.
Express is based on years of experience running Azure Container Apps at a large scale. We have learned that most developers working on web apps, APIs and agents want to deploy quickly, have automatic scaling, and avoid dealing with complex infrastructure. Express provides these features. It sets up your environment in seconds, can handle any amount of traffic, and removes complicated settings. This helps teams move from writing code to having a production-ready app in just minutes, not hours.
Express is purpose-built for workloads serving developers and agents alike. It provides opinionated, production-grade defaults: autoscaling, per-second billing, managed identity, secrets management, custom domains, container registry integration, revision management, and built-in observability. Just bring your container, Azure Container Apps Express handles everything else.
Generally Available: Azure Monitor dashboards with Grafana in Public, Government (Fairfax) and China
Azure Monitor dashboards with Grafana are generally available, bringing the power of Grafana’s open and composable visualization platform directly into the Azure Portal. This capability enables developers and operators to create, edit, and share Grafana dashboards without needing to deploy or manage additional infrastructure. Users can seamlessly visualize Azure Monitor metrics, logs and traces, alongside Prometheus, Azure Resource Graph and Azure Data Explorer data using familiar Grafana experiences with Azure-native security and governance through RBAC and ARM-based deployment.
With general availability, Azure Monitor dashboards with Grafana introduces new capabilities including expanded Azure service integrations (such as AKS, Application Insights and PostgreSQL), additional prebuilt dashboards, and support for advanced workflows like Grafana Explore and enhanced Kubernetes monitoring. Just as importantly, this release is now broadly available across Azure clouds, including Azure Public, US Government (Fairfax), and China, ensuring consistent observability experiences for customers operating in sovereign and regulated environments.
Generally Available: Confidential computing for Azure Service Bus Premium
Confidential computing for Azure Service Bus Premium is now generally available in Korea Central and UAE North. This capability enables Service Bus to process messages inside hardware-based trusted execution environments (TEEs), adding protection for data in use on top of existing encryption at rest and in transit. The TEE prevents unauthorized access to data while it is being processed, bringing hardware-level isolation to message handling.
Confidential computing works alongside the security features you can already use with Service Bus today, such as TLS encryption for data in transit, encryption at rest with support for customer-managed keys (CMK), private endpoints, and managed identities. For workloads with the strictest requirements, pairing confidential computing with customer-managed keys backed by Azure Key Vault Managed HSM provides defense in depth across data at rest, in transit, and in use.
Confidential computing is enabled at the namespace level during creation. After it is enabled, all queues, topics, and subscriptions in the namespace benefit from hardware-isolated message processing. No application changes are required, so existing clients and messaging patterns continue to work
Update: 99.99% uptime for all Azure Service Bus Premium namespaces in Availability Zone regions
Starting May 1, 2026, all Azure Service Bus Premium namespaces deployed in regions with Availability Zone support now qualify for a 99.99% uptime SLA. Premium is the tier customers choose for their most important workloads, and this update brings the SLA in line with the zone-redundant infrastructure those namespaces already run on. Previously, the 99.99% SLA required partitioned namespaces to be enabled. That requirement has been removed - any Premium namespace in an AZ region now receives the higher SLA automatically.
Availability Zones are physically separate datacenters within an Azure region, each with independent power, cooling, and networking. A Premium namespace deployed in an AZ region is automatically replicated across multiple zones, so the messaging service stays available even if a full datacenter goes offline. No configuration changes are required for existing deployments to benefit from the higher SLA.
Partitioned namespaces remain fully supported for workloads that need higher throughput through multi-broker distribution. The change is purely about SLA eligibility - partitioning is no longer a prerequisite for the 99.99% commitment.
Generally Available: Sentinel TI - improved pattern parsing & revoke reliability
We’ve rolled out two important improvements to enhance accuracy and control in pattern-based workflows:
- Revoke fix: Resolved an issue where revoke actions were not consistently applied, ensuring changes now take effect reliably and as intended.
- Support for AND in pattern parsing: You can now combine conditions using AND, enabling more precise and expressive pattern definitions.
These updates help you manage indicators and patterns with greater confidence and precision
Generally Available: Azure Virtual Network Manager rule impact analyzer
Azure Virtual Network Manager rule impact analyzer is now generally available, empowering you to simulate the impact of your security admin rules on your virtual networks before deploying your rules.
With this capability, you can simulate the effects of your security admin rules on your virtual networks’ existing traffic flows and modify rules as needed to ensure your desired traffic flows are maintained and reduce the risk of unexpected connectivity issues.
This feature is available in the Azure portal and is powered by Azure Network Watcher traffic analytics and virtual network flow logs, providing data-driven insights into how security admin rule deployments could affect your existing virtual network traffic.
