Public Preview: Encrypt Premium SSD v2 and Ultra Disks with Cross Tenant Customer Managed Keys

Public Preview: Encrypt Premium SSD v2 and Ultra Disks with Cross Tenant Customer Managed Keys
Cross-tenant customer managed keys (CMK) for Premium SSD v2 and Ultra Disks is now in public preview in select regions.

Encrypting managed disks with cross-tenant CMK enables encrypting the disk with a CMK hosted in an Azure Key Vault in a different Microsoft Entra tenant to the disk.

Many service providers building Software as a Service (SaaS) offerings on Azure want to give their customers the option of managing their own encryption keys. Customers of service providers can now use cross-tenant CMK with Premium SSD v2 and Ultra disks and manage the encryption keys in their own Microsoft Entra tenant using Azure Key Vault. As a result, they will have complete control of their customer managed keys and their data.

Generally Available: New storage optimized Laosv4, Lasv4, and Lsv4 Azure VM series
The Laosv4 series and Lasv4 storage optimized VMs, based on the 4th Gen AMD EPYC™ processor (Genoa), and the Lsv4-series VMs, based on the 5th Gen Intel® Xeon® processor (Emerald Rapids), are now generally available.

Laosv4 VMs have sizes ranging from 2-32 vCPU, with 8GB of memory and 720GB of local NVMe disk capacity per vCPU. Lsv4 and Lasv4 VMs have sizes ranging from 2-96 vCPU, with 8GB of memory and 240GB of local NVMe disk capacity per vCPU, with the largest sizes offering up to 23TB of local storage capacity. The Lsv4 and Lasv4 VMs introduce new 2, 4, and 96 vCPU sizes which give you more configuration options to right-size your storage optimized VMs to your workload.

All three of these VM series are powered by Azure Boost and Azure Boost SSDs, enable NVMe local SSD disk encryption by default, and come with an NVMe remote storage interface with support for premium storage caching, significantly improving remote storage performance.

All L-series v4 VMs are perfect for distributed, scale-out workloads that require high amounts of local storage capacity per vCPU and the ability to move that data quickly over the network or to an Azure remote storage backend. Workloads like storage caching layers, Elasticsearch, distributed file systems, big data analytics, relational & NoSQL databases, and data warehouses all benefit from the capabilities of the L-series v4 VMs.

Generally Available: Azure Site Recovery Support for Azure Trusted Launch VMs Running Linux OS
Azure Site Recovery support for Azure Trusted Launch VMs running Linux OS is Generally Available. Azure Trusted Launch VMs provide foundational compute security to Azure Generation 2 VMs by enabling Secure Boot and vTPM capabilities. This Generally Available release is available for Azure Trusted launch VMs running Linux OS. Azure Site Recovery support for Trusted launch VM running Windows OS is already generally available.

Public Preview: Azure Databricks Power Platform Connector
Now you can easily connect Azure Databricks with Microsoft Power Apps in several new ways. The new connector enables you to:

• Support real-time data access without the need for data copying.
• Create dynamic applications that take advantage of large datasets directly from Azure Databricks.
• Easily set up connections through support for API key authentication and additional developer options.
• Efficiently visualize and work with data using the Power FX formula language.
  This powerful combination enhances productivity and provides robust data insights, making Azure Databricks a valuable tool for modern data-driven applications.

Generally Available: Azure Virtual Network Manager in Azure China
Azure Virtual Network Manager’s connectivity, security admin, and routing configuration features are now generally available in Azure China. This enables centralized management of connectivity, security rules, and routing across subscriptions at scale and eliminates manual setup, ensuring consistent policies and visibility as your network footprint grows.
Azure Virtual Network Manager can streamline your network connectivity management through hub-and-spoke and mesh topologies in just a few clicks. The hub-and-spoke feature establishes a central hub with attached spokes for simplified control, while mesh connectivity enables direct, low-latency communication between selected virtual networks — ideal for demanding workloads attaching to a hub virtual network or an Azure Virtual WAN.

Azure Virtual Network Manager can also enforce your organization’s desired network policies with security admin rules, which are evaluated before network security group (NSG) rules, preventing misconfigurations and ensuring organization-wide compliance. Flow logs are also available for monitoring and troubleshooting traffic matching these security rules.

Azure Virtual Network Manager’s routing configuration lets you define routing once and apply it automatically to multiple subnets or virtual networks, supporting scenarios like routing spoke traffic through Azure Firewall or enabling cross-hub connections.

Public Preview: Container Network Logs in AKS for deep Network Visibility
Container Network Logs in Azure Kubernetes Service (AKS) introduces a powerful capability for capturing and analyzing network traffic across Kubernetes clusters. By surfacing rich metadata—including source and destination IPs, pod and service names, ports, protocols, and traffic direction—this feature enables deep visibility into Layer 3 (IP), Layer 4 (TCP/UDP), and Layer 7 (HTTP/gRPC/Kafka) communications. With this insight, platform teams can accelerate root cause analysis, visualize traffic flows, and enforce security policies with greater precision. This innovation empowers organizations to operate Kubernetes environments with enhanced observability, resilience, and control.

Public Preview: Persistent Graph Semantics
Azure Data Explorer now offers Persistent Graphs in public preview, enabling durable graph data structures that persist beyond individual query executions for enterprise-scale relationship analysis. Unlike transient Graphs which exist only in memory during a query session, persistent graphs provide reusable database objects that remain available for repeated analysis through their two main components: Graph Models (defining structure and data mappings) and Graph Snapshots (materialized instances at specific points in time).

Persistent graphs deliver substantial benefits for organizations needing to analyze complex relationships at scale, handling massive datasets while eliminating construction latency through pre-built snapshots. They enhance team collaboration by providing consistent data views across the organization without requiring constant rebuilding, support advanced analytics including historical analysis and version comparisons, and integrate seamlessly with the Azure Data Explorer ecosystem through native KQL graph operators—making them ideal for scenarios ranging from IoT network analysis to security investigations, business process optimization, and organizational structure analysis.

Generally Available: Archive Access Tier Now Available in Italy North
The Archive access tier for Azure Blob Storage is now generally available in the Italy North region.

With this regional expansion, customers can now store infrequently accessed data in the cost-effective Archive tier while meeting data residency and compliance requirements in Italy. The Archive tier is ideal for long-term backup, compliance, and archival scenarios.

You can manage Archive tier data using the Azure portal, CLI, PowerShell, or REST API. This update brings Italy North in line with other regions that support the full range of Azure Blob Storage tiers: Hot, Cool, Cold, and Archive.