Public Preview: Restrict usage of user delegation SAS to an Entra ID identity

Public Preview: Restrict usage of user delegation SAS to an Entra ID identity

We’re excited to announce the addition of enhanced secure authentication in Azure Storage that combines the flexibility of user-delegation shared access signature (SAS) with the user-bound access of Entra ID. User-bound user delegation SAS is now in preview for all regions.

User delegation SAS is an existing feature that allows users to create secure SAS tokens that are tied to the delegator, meaning the delegator must verify their identity with Entra to create the token. The resulting token can be traced to the delegator and can only be valid for up to 7 days. This feature is an extension of user delegation (UD) SAS, which is already generally available for Azure Blobs and in public preview for Azure Files, Azure Tables, and Azure Queues. User-bound user delegation SAS allows users to create a more secure SAS token than account SAS, service SAS, or normal user delegation SAS by restricting the usage of the SAS token to an end user identity. This will help enforce that the user delegated SAS can only be used by intended users.

There is no additional cost to use user-bound user delegation SAS. Pricing is based on the standard read/write transaction costs for your storage account type. To learn more, please see Azure Storage Pricing.

Public Preview: Secure ingestion and pod placement for Azure Monitor pipeline
We are announcing several capabilities in public preview with Azure Monitor pipeline.

• Secure Ingress to Azure Monitor pipeline from external endpoints (TLS/mTLS) with Bring Your Own Certificates: BYOC empowers enterprises to maintain control and flexibility over certificate management, meeting regulatory and security requirements while integrating with existing PKI infrastructure. With this release, Azure Monitor pipeline supports both TLS and mutual TLS (mTLS) for TCP-based receivers, allowing customers to:

1. Configure mTLS with their own certificates for client and server authentication
2. Configure TLS with their own server certificates and client CA certificate

• Pod placement: Azure Monitor pipeline provides native controls for managing how Azure Monitor pipeline instances are scheduled across Kubernetes cluster nodes. The execution Placement configuration allows customers to:

1. Target specific nodes based on their capabilities (e.g., high-resource nodes, specific zones)
2. Control instance distribution to prevent resource contention
3. Enforce isolation policies for high-scale deployments

Generally Available: Azure SQL updates for late-February 2026
In late-February 2026, the following updates and enhancements were made to Azure SQL:

• Introducing Search Database Objects in the MSSQL extension for Visual Studio Code. Instantly find tables, views, functions, and procedures with full scripting options across your SQL database.
• Import your settings and keyboard shortcuts from Azure Data Studio to the MSSQL Extension.

Public Preview: Azure SQL updates for late-February 2026
In late-February 2026, the following updates and enhancements were made to Azure SQL:

• Manage your databases directly from the dialog using actions such as Name, Rename, and Drop.
• Import a flat file to your database in the MSSQL Extension for Visual Studio Code.
• Database Backup dialog now provides options for backup type, destination, compression, encryption, and other advanced settings.

Public Preview: Geo‑redundant backups for Premium SSD v2 in Azure Database for PostgreSQL

You can now configure geo‑redundant backups with Premium SSD v2 disks for Azure Database for PostgreSQL, giving you an additional layer of disaster recovery for mission‑critical workloads. With this release, your automated backups are securely stored in a paired Azure region, so you can restore your flexible server in another region if an outage occurs. This update is especially valuable if you run regulated, business‑critical, or customer‑facing applications that require stronger resilience and data protection beyond a single region.
By combining geo‑redundant backups with the performance and scalability benefits of Premium SSD v2 disks, you get high‑throughput storage along with improved recovery options, without having to manage or operate standby infrastructure in the secondary region. You can simplify your disaster recovery strategy, reduce operational overhead, and improve confidence in your ability to recover from regional failures while continuing to benefit from a fully managed PostgreSQL service.

With this public preview, you can configure and validate cross‑region backup and restore scenarios with SSD v2 disks, so you can plan for higher availability and business continuity ahead of production adoption.