Update: Egress and data transfer with Azure in the United Kingdom

Update: Egress and data transfer with Azure in the United Kingdom

We support customer choice, including the choice to transfer your data between Azure and environments outside of Azure.

Azure has offered free egress and at-cost data transfer for customers and CSP partners in Europe transferring data via the internet between Azure to another data processing service provider. This situation is common where multiple services of different providers are used in parallel, in an interoperable manner.

We have made some changes for customers with billing address in the United Kingdom (UK) transferring data from UK datacenters, including the scoped networks, transfer window, and scoped services.

If your application is built to transfer data cross-cloud, or you are leaving any number of single Azure services, please follow the steps for egress or in-parallel data transfer to contact Azure Support to claim a credit. Please be aware of the eligibility requirements for this credit.

Generally Available: Prefix-scoped access for User Delegation SAS
Support for prefix-scoped access for User Delegation SAS for Azure Blob Storage is generally available in all Azure regions. SAS tokens for Blob Storage have historically supported two levels of scope: container and individual blob. With this release, you can now scope access to a prefix or virtual directory within a container, granting access to all blobs beneath the path.

This is especially valuable for applications that organize data by tenant, workspace, project, or department within a shared container. Instead of granting access to an entire container or generating many blob-level tokens, you can now issue a single SAS token scoped to a set of blobs through a prefix.

Prefix-scoped access is supported for both Blob and Data Lake storage accounts.

Generally Available: Azure Functions support for Java 25
Azure Functions support for Java 25 is now generally available.

You can now develop apps using Java 25 locally and deploy them to supported Azure Functions plans on Linux and Windows, including the Flex Consumption plan.

Generally Available: Microsoft Azure Red Hat OpenShift is now available in Austria East
The Austria East region is now generally available to Azure Red Hat OpenShift customers and partners. The region includes three availability zones, supporting resilient and scalable operations.

Why it matters:

• In-country data residency: Data stored in Austria East remains within Austria, helping organizations meet local and EU regulatory requirements such as GDPR.
• Lower latency: Local infrastructure reduces latency for applications serving users in Austria and nearby regions.
• Supports regulated workloads: Enables public sector and regulated industries to adopt cloud with greater control over data location
  Getting started:

Customers can deploy Azure Red Hat OpenShift resources in Austria East via the Azure portal, CLI, or ARM templates.

Generally Available: Microsoft Agent Framework 1.0
Microsoft Agent Framework is now version 1.0 for both .NET and Python, with stable APIs and a long-term support commitment. Agent Framework 1.0 supports multi-agent orchestration, multi-provider model support, and cross-runtime interoperability via A2A and MCP.

Public Preview: Memory in Foundry Agent Service
Foundry’s memory (preview) is a managed long-term memory capability built directly into Foundry Agent Service and now integrates natively with Microsoft Agent Framework and LangGraph— no external databases to provision, scale, or secure.

Public Preview: Container Network Insights Agent
Troubleshooting Kubernetes networking issues is often slowed by logs and metrics scattered across multiple tools, requiring engineers to manually correlate signals during incidents. The Container Network Insights Agent provides a lightweight, web‑based interface that translates natural‑language problem descriptions into read‑only diagnostics using live AKS cluster telemetry. It orchestrates safe diagnostic workflows and consolidates networking insights into structured summaries with recommended next steps. By reducing the need for manual correlation across logs, metrics, and flows, the agent helps teams identify likely root causes faster, improves troubleshooting consistency, and reduces time spent during incident investigations—while keeping customers fully in control of any changes.

Generally Available: Connect to Azure Elastic SAN from Windows VM via VM Extension
Azure Elastic SAN now supports volume connectivity for Windows Virtual Machines using the Elastic SAN VM extension, directly from the Azure Portal. This capability enables customers to connect Elastic SAN volumes during virtual machine deployment, simplifying setup by reducing the need for manual post‑deployment configuration.

Generally Available: Cross-region IPAM pool association in Azure Virtual Network Manager
Managing IP address space across multiple regions can be difficult to scale and prone to configuration mistakes.
With cross-region IPAM pool association, you can associate a single IPAM pool with virtual networks across multiple Azure regions. This helps centralize address planning, simplify governance, and maintain consistent CIDR allocation across global environments.

Key benefits:

• Centralized address management: Use one multi-region IPAM pool instead of creating and maintaining separate pools for each region.
• Consistent governance: Apply CIDR allocation policies across regions, with the flexibility to define regional restrictions when needed.
• Backward compatibility: Existing single-region IPAM pools continue to work as they do today, with no required changes.
• This capability helps customers support global-scale Azure deployments by reducing operational overhead while preserving strong control over IP address allocation across their Azure footprint.

Public Preview: Microsoft HTTP DDoS Ruleset for Azure WAF on Azure Front Door Premium
Announcing the public preview of the HTTP DDoS Ruleset on Azure Front Door Premium.

HTTP-layer DDoS attacks remain a leading cause of application downtime, and traditional static controls often fall short against evolving botnets. The new HTTP DDoS Ruleset for Azure WAF introduces automated, adaptive Layer 7 protection that learns, detects, and defends with minimal configuration. Once assigned, the ruleset continuously baselines normal traffic for each Azure Front Door Profile and, when attack surges are detected, selectively blocks offending clients with no emergency tuning required.

The HTTP DDoS Ruleset features:

• Automated learning of traffic baselines at both the profile and per-client level.
• Dynamic thresholds and sensitivity settings to balance protection and user experience.
• Two core rules: one for high-rate client anomalies and one for suspected bots, leveraging Microsoft Threat Intelligence.