All news with #azure tag

🔧 This third post in the Azure IaaS series argues that cloud performance must be managed as a coordinated system across compute, storage, and networking rather than as isolated resource choices. It highlights platform features like Azure Boost, Ultra Disk, and Premium SSD v2 that offload processing, tune I/O, and decouple capacity from throughput. The article examines requirements for AI, cloud-native, and business-critical workloads and explains how Azure services such as AKS, Azure Container Storage, ExpressRoute, and advanced networking (eBPF/Cilium, Accelerated Networking) combine to deliver consistent, scalable, and recoverable performance.

🔒 Microsoft says it disrupted a malware-signing-as-a-service operation that abused its Azure Artifact Signing platform to generate fraudulent short-lived code-signing certificates used by ransomware gangs and other cybercriminals. The actor, tracked as Fox Tempest, created over 1,000 certificates and hundreds of Azure tenants and subscriptions. Microsoft seized the signspace[.]cloud domain, took virtual machines offline, revoked certificates, and filed a lawsuit in the Southern District of New York.

🔐 Microsoft reports that a threat actor tracked as Storm-2949 is abusing Self-Service Password Reset (SSPR) and social engineering to steal Microsoft Entra ID credentials and bypass MFA for privileged users. The attackers trick targets into approving authentication prompts, reset passwords, remove MFA, and enroll Microsoft Authenticator on attacker devices. Using Microsoft Graph and custom scripts they enumerate tenants, exfiltrate files from OneDrive and SharePoint, and pivot into Azure to harvest secrets from Key Vaults, storage accounts, and SQL databases. Microsoft recommends least privilege, conditional access, phishing-resistant MFA for admins, limiting RBAC, and extended Key Vault logging to mitigate these attacks.

🔐 Microsoft Threat Intelligence details how Storm-2949 converted targeted identity compromise into a broad cloud breach, exfiltrating data from Microsoft 365 and production workloads in Azure. The actor abused SSPR-based social engineering to bypass MFA, performed directory discovery via Graph API, and leveraged management-plane operations to retrieve Key Vault secrets and download large volumes of data. Organizations should adopt behavior-based detections such as Microsoft Defender and tighten RBAC and administrative controls to detect and mitigate similar identity-driven cloud attacks.

🔒 A security researcher alleges Microsoft quietly changed Azure Backup for AKS behavior after rejecting his March disclosure and blocking a CVE, arguing the issue required pre-existing administrative access. The reported flaw purportedly allowed a user with only the Backup Contributor role to gain cluster-admin privileges via Trusted Access. Microsoft maintains the behavior was expected and that no product changes were made, yet the researcher observed new permission checks and a shift to manual Trusted Access configuration after disclosure. CERT/CC validated the bug but the CVE process stalled, leaving defenders with limited visibility.

🔒 Azure IaaS combines a layered defense-in-depth architecture with Microsoft’s Secure Future Initiative—secure by design, secure by default, and secure in operation—to protect compute, networking, storage, and operations. Hardware roots of trust, measured boot, and host isolation reduce platform exposure while VM protections such as Trusted Launch and confidential computing guard workloads at runtime. Network defaults enforce least privilege and private connectivity, and centralized telemetry in Azure Monitor and Defender for Cloud enables continuous detection and response.

🔐 Microsoft is open-sourcing the firmware, drivers, and software stack for the Azure Integrated HSM, a tamper-resistant hardware security module built into new Azure servers and engineered to meet FIPS 140-3 Level 3. The move, announced at the OCP EMEA Summit, includes publishing validation artifacts and launching an OCP workgroup to guide ongoing development. Azure says the HSM protects keys in hardware so they never appear in host or guest memory, reducing classes of exfiltration attacks, and will be available in Azure V7 VMs globally in the coming weeks.

🔬 Microsoft Discovery is an extensible platform that brings agentic orchestration, advanced reasoning, a graph-based knowledge foundation, and high-performance computing to enterprise R&D. It equips specialized agents to reason across proprietary data and external literature, generate hypotheses, and validate them through simulation and lab integrations under centralized governance. Built on Azure, the platform emphasizes security, compliance, partner interoperability, and enterprise-grade controls while remaining in preview.

🚀 Azure Accelerate for Databases is a Microsoft program that helps organizations modernize database estates to become AI-ready. It bundles a Savings Plan (up to 35% vs. pay-as-you-go), delivery funding, Azure credits, zero-cost Cloud Accelerate Factory support, partner services, AI-enhanced assessments, and role-based skilling. The offering aims to reduce friction and speed migrations at scale. Microsoft highlights Thomson Reuters’ migration of over 18,000 databases as a customer example.

🛡️ Microsoft awarded $2.3 million to security researchers after receiving nearly 700 submissions during this year’s Zero Day Quest hacking contest, compensating teams for high‑impact cloud and AI vulnerabilities uncovered at the live event. Participants from more than 20 countries tested within authorized environments under Microsoft’s Rules of Engagement and demonstrated issues such as credential exposure, SSRF chains, and cross‑tenant access without accessing customer data. The contest is part of the Secure Future Initiative, and Microsoft said findings will be shared through the CVE program to strengthen cloud and AI security.

🔍 This article outlines durable principles for cloud cost optimization and explains why ongoing cost management remains essential as workloads scale. It highlights how AI workloads add unpredictability, iteration-driven spikes, and specialized infrastructure needs that amplify cost risk. The post recommends core practices—visibility, governance guardrails, rightsizing, and continuous review—while distinguishing cost management from action-oriented cost optimization. It concludes by urging measurement of value alongside cost and pointing to Azure guidance such as FinOps and AI ROI resources.

🏆 Microsoft has been named a Leader in The Forrester Wave: Sovereign Cloud Platforms, Q2 2026, reflecting strong scores for current offering and strategy. The recognition highlights Microsoft’s platform approach that applies consistent sovereign controls across public cloud, private cloud, and partner-operated national clouds using technologies such as Azure Arc, Azure Local, and region-specific residency controls like EU Data Boundary. It underscores Microsoft’s commitment to help organizations adopt cloud and AI while maintaining control, compliance, and operational independence.

💡 This Azure blog launches a multi‑part Cloud Cost Optimization series that guides organizations on maximizing ROI from AI while controlling consumption‑based expenses. It identifies primary cost drivers—variable usage patterns, specialized infrastructure, and cross‑team lifecycle activities—and explains why AI cost optimization differs from conventional cloud cost control. The post urges linking cost decisions to measurable business outcomes and adopting continuous governance to sustain long‑term value.

🔁 Azure IaaS delivers an enterprise-grade platform with built-in capabilities across compute, storage, and networking to help keep mission-critical applications available during hardware issues, maintenance, zonal disruptions, and regional incidents. The platform emphasizes isolation, redundancy, failover, and recovery through features like Virtual Machine Scale Sets, availability zones, and multiple storage redundancy tiers. Networking services such as Azure Load Balancer, Application Gateway, Traffic Manager, and Azure Front Door help maintain reachability and reroute traffic when paths fail. Customers are encouraged to combine these primitives with IaC, testing, and operational practices to meet workload-specific RTO/RPO objectives.

⚠️ Microsoft Azure Monitor alerts are being abused to distribute callback phishing messages that impersonate billing and security notices. Attackers create alert rules with custom descriptions and configure them to send emails to lists they control, causing legitimate azure-noreply@microsoft.com messages to reach targets and pass SPF/DKIM/DMARC checks. Recipients are urged to call listed numbers, a tactic that can lead to credential theft, payment fraud, or remote access compromise.

🚀 At SQLCon 2026 in Atlanta, Microsoft detailed enhancements that position its database portfolio as a foundation for agentic AI and unified analytics across edge, PaaS, and SaaS. Key announcements include Azure SQL innovations such as GitHub Copilot in SSMS, a one‑year Savings Plan for databases, and Hyperscale advances (vector index performance, SQL MCP Server, and larger vCore options). The new Database Hub in Microsoft Fabric (early access) and enterprise security features for SQL in Fabric aim to simplify migration, governance, and AI‑driven app development.

🚀 Microsoft outlines how moving from legacy on-prem Oracle to Azure Database for PostgreSQL and the new Azure HorizonDB can reduce costs, boost performance, and improve agility. The post highlights an Apollo Hospitals migration that cut operational costs by 60%, improved uptime to 99.95%, and delivered a 3x performance gain. It also describes an AI-assisted Oracle-to-PostgreSQL migration tool integrated into VS Code that automates schema and application conversion, testing, and validation to reduce risk and accelerate adoption.

🗂️ Microsoft will add granular file- and folder-level restore to Microsoft 365 Backup, allowing administrators to browse, search and recover individual files from SharePoint and OneDrive restore points rather than restoring entire sites or drives. The capability is limited to tenants with the backup service enabled and requires the SharePoint Backup Administrator role; end users will not see restore operations. Public preview began in early March 2026 and Microsoft expects general availability between late April and early May 2026. Customers are advised to review coverage, train backup administrators, and update recovery runbooks to incorporate file- and folder-level restores.

⚙️ The Azure IaaS Resource Center centralizes guidance, demos, architectures, and best practices to help teams design, optimize, and operate cloud infrastructure across compute, storage, and networking. It advocates a system-level approach that unifies hardware, intelligent software, networking, and orchestration to deliver consistent performance and resiliency. The center highlights built-in security, AI-ready VM families, scalability options, and cost-optimization tools to align infrastructure decisions with business outcomes.

🚀 Azure now supports instant access for incremental snapshots of Premium SSD v2 (Pv2) and Ultra Disk, enabling immediate restores and near-full performance from creation. Restored disks hydrate rapidly and deliver single-digit millisecond reads and sub-millisecond writes without waiting for background copy. This reduces recovery time for rollbacks, maintenance, and rapid scale-out of stateful applications. Enable the feature via the existing snapshot API by adding the InstantAccessDurationMins parameter.