Operate everywhere with AI-enhanced management and security

Hello, Azure community!

Businesses of all sizes have been building and operating their mission-critical distributed systems on Azure. We are seeing increased urgency among our customers to leverage artificial intelligence to reduce their operating costs, delight their customers, and innovate faster. Operations teams that are more productive with AI are responding faster to these growing business needs and helping their companies succeed. At Microsoft Azure, my team’s mission is to make the life of operators easier by providing comprehensive tools that streamline the operation and management of infrastructure – across clouds, on-premises, and at the edge. With Azure’s AI-enhanced management offerings, our customers realize the benefits of configuration management and governance, resiliency and observability, built-in security and control, and universal AI assistants like Copilot in Azure.

Today, I’m thrilled to share the many new capabilities that we’ve added to Azure’s management offerings that will further increase your productivity:

• We have made it much easier for you to acquire Azure’s management offerings to operate and manage your Windows servers and virtual machines. At no additional cost, customers with Software Assurance (SA) or active subscription licenses can take advantage of Windows Server management capabilities enabled by Azure Arc – which gives you access to key Azure management services like Azure Update Manager, Machine Configuration, Change Tracking and Inventory in addition to Windows Server capabilities like Azure Site Recovery configuration and Best Practices Assessment. With these capabilities, you can centralize and modernize management across hybrid, multi-cloud, and edge environments.
• With Windows Server 2025 we are excited to announce Hotpatching support in Azure Update Manager and Azure Arc that enables you to install patches and security updates without down time, in Public Preview. Further, Azure Update Manager now supports patching Azure Local clusters and machines that are hardened up to CIS standards. With improved scale and performance, Azure Update Manager now supports customized deployment workflows and scheduling patching for machines in up to 200 subscriptions and parallel deployment of patches on Linux servers.
• Next, we have made it much simpler for you to connect your hybrid environments with Azure using the new Azure Arc gateway for Servers and Kubernetes clusters. Without Azure Arc gateway, more than 50 URLs and endpoints need to be allowed in your enterprise proxy to enable communication with various Azure Arc services. Now, simply enable outbound communication with Azure Arc gateway endpoints and simplify your networking configuration for connecting large hybrid and multi-cloud environments with Azure Arc.
• Further, we have made it much simpler to connect your AWS environments with Azure Arc using the new multicloud connector for AWS. Get up-to-date inventory of your infrastructure in AWS and automatically connect your AWS EC2 virtual machines and AWS Elastic Kubernetes Service clusters with Azure using Azure Arc multicloud connector for AWS. These new features will enhance your productivity by making it easier to operate and manage your AWS and on-premises resources, using the same tools and processes that you use for your Azure resources.
• We have made it much simpler to explore and analyze your operations and management logs with Log Analytics Simple Mode, which will be generally available in January 2025. Now, you have the most used Azure Monitor Logs functionality in an intuitive, spreadsheet-like experience. Just point and click to filter, sort, and aggregate data and get the insights that you often need. You can switch seamlessly from Simple to KQL mode and get the full power of Kusto Query Language (KQL) to derive deeper insights from your logs. Further, we are working to make it easier for you to enable Azure Monitor’s comprehensive performance and reliability monitoring for your Java and Node.js applications running on Azure Kubernetes Service (AKS) with auto-instrumentation (public preview). In the first quarter of 2025, you’ll be able to enable OpenTelemetry-based application monitoring for your AKS namespaces without modifying any application code and get detailed observability into every step of your end-to-end transactions across all your microservices.
• Next, we have made it easier for you to compare your total cost of ownership (TCO) of using Azure Arc and Azure’s management offerings with the TCO of your current onpremises estate with Azure Migrate Business Case. Now you can visualize the cost savings and benefits of using Microsoft Defender for Cloud, Azure Monitor, Azure Update Manager, and ESUs enabled by Azure Arc and review the business case report with your stakeholders. This public preview will help you make better data-driven decisions as you chart your cloud migration roadmap.
• And finally, we are delighted to announce new Copilot in Azure capabilities that simplify cloud management, enhance troubleshooting, and provide intelligent recommendations. Easily automate tasks across Azure services—like Kubernetes management, disaster recovery, and cost optimization. With advanced diagnostics and performance analysis, you can quickly resolve issues, while intelligent recommendations help you choose the right infrastructure and security settings. These updates streamline operations, boost efficiency, and accelerate your success in a hybrid, multi-cloud environment.

I invite you to explore these new capabilities and experience the benefits of Azure’s management offerings. Connect with us in Chicago at Microsoft Ignite 2024 and watch the Operations and Management breakout session in-person or online.

I’m looking forward to hearing from you – simply ask your questions and share your feedback in the comments section below. Thank you for your continued trust and partnership with Microsoft Azure.

---

Acquire Azure’s management offerings for Windows with Software Assurance

Customers can attest to their Windows Server Software Assurance (SA) coverage for machines onboarded to Azure Arc for the activation of additional Azure Benefits including:

• Azure Update Manager for unified assessment and deployment of software updates
• Azure Change Tracking and Inventory for auditing guest software
• Azure Machine Configuration for Azure Policy and governance capabilities
• Windows Admin Center in Azure
• Remote Support
• Accelerated Networking
• Best Practices Assessment
• Azure Site Recovery configuration

Together, these valuable capabilities, available for free for Windows Server SA customers, help accelerate customers in their journey of modernizing to cloud-centric server management across their heterogeneous infrastructure.

Acquiring Azure Management Offerings for Servers and Virtual Machines with Windows Server Software Assurance

Get started with Windows Server 2025 hotpatching and other new capabilities in Azure Update Manager

Applying software updates is critical to maintaining a high Microsoft Secure Score, that is indicative of your infrastructure’s security posture. Regular updates address vulnerabilities and security gaps, ensuring that your systems are protected against the latest threats. However, application of software updates on production machines comes with an associated risk of downtimes. Azure Update Manager provides a unified patch management for Azure and Arc machines, ensuring timely and consistent deployment across all systems, with built-in reporting into the update status of the machines. The following enhancements to Azure Update Manager provide you with additional control while defining the patching process for your infrastructure.

• Manage deployment of hotpatches on  Windows Server 2025 machines enabled for Hotpatch public preview
• Support for managing all Azure VMs and Arc-enabled Servers including machines that are hardened up to CIS standards, and Azure Stack HCI clusters.
• Enhanced scale and performance for patch schedules with applying a schedule to machines in up to 200 subscriptions and parallel deployment of patches on Linux servers
• Customize deployment workflows in patch schedules using pre and post events

Azure Update Manager with Windows Server 2025 hotpatching and support for CIS hardened servers and virtual machines

Connect your AWS environments with Azure Arc using Multicloud connector

We are thrilled to announce that the Multicloud connector is now generally available for AWS with the following capabilities:

• Inventory: Get an up-to-date, comprehensive view of your cloud assets across different cloud providers. Starting with a wide range of AWS services (EC2, S3, Lambda, and more), you can now gain insights into your Azure & AWS environments in a single pane of glass. The agentless inventory solution will periodically scan your AWS environment, project the discovered resources in AWS as Azure resources, including all of the AWS metadata like AWS tags. Now, you can easily view, query, and tag these resources from a centralized location.
• Azure Arc onboarding: Automatically Arc-enable your existing and future EC2 instances so you can leverage Azure and Microsoft services, like Azure Monitor and Microsoft Defender. Through the Multicloud connector, the Azure Arc agent will be automatically installed for machines that meet the pre-requisites.

You can easily set up the Multicloud connector by following our getting started guide which provides step by step instructions on creating the connector and setting up the permissions on the AWS console.

Automatic Arc Onboarding and Inventory for AWS with Multicloud connector enabled by Azure Arc

Compare your total cost of ownership (TCO) of Azure Arc and Azure’s management offerings with TCO of your current on-premises estate with Azure Migrate Business Case

With the Azure Migrate business case you can create a comprehensive business case comparing the total cost of ownership (TCO) of your on-premises estate with the prospective TCO on Azure as well as a year-on-year cash flow analysis as you migrate your on-premises workloads to Azure.

• Visualize the value of Azure Arc for your on-premises estates.
• Visualize the cost savings and other benefits of using Microsoft Defender for Cloud, Azure Monitor, and Azure Update Management with Arc for your on-premises servers.
• Visualize the benefits of using ESUs enabled by Azure Arc, as well as SQL Pay Go via Azure Arc.
• Compare your current on-premises TCO with combined Azure and Arc TCO in the final planned state.
• Configure the assumptions for Azure and on-premises costs to tailor fit the business case and share the report with your stakeholders.
• In addition, to get started quickly you have the option to use CSV import

Follow the step-by-step instructions here to create a business case: https://aka.ms/Business_case_for_Arc_Docs and start your Arc journey: https://aka.ms/Arc_Enable_Migrate_inventory

Azure Migrate Business Case with cost savings with Microsoft Defender, Azure Monitor, Azure Update Manager with Azure Arc

Get Started with Copilot in Azure

Simplify your cloud operations and management, optimize performance, and get in-depth diagnostics and intelligent recommendations with Copilot in Azure. Access to Copilot in Azure can be managed through the Copilot in Azure admin center. Copilot in Azure only has access to resources that the user has access to. It can only take actions that the user has permission to perform and requires confirmation before making changes. Copilot in Azure complies with all existing access management rules and protections such as Azure role-based access control (Azure RBAC), Privileged Identity Management, Azure Policy, and resource locks. Start by selecting the copilot button top center in your Azure portal.

Simplified Management and Automation

• Azure Resource Deployments: Copilot helps you create, configure, and deploy resources faster with natural language.
• AKS Cluster Creation & Management: Simplifies Kubernetes cluster creation, nodepool auto-scaling, monitoring, and in-depth troubleshooting.
• CLI/Shell: Copilot integrates with the command line to provide first-class support through a code-first approach.
• BCDR Automation: Automate disaster recovery planning and execution using Copilot’s AI-driven recommendations.

Enhanced Troubleshooting and Optimization

• Azure Monitor & Insights: Provides in-depth diagnostics within Copilot for faster issue resolution.
• Disk Performance & Elastic SAN Optimization: Analyzes your applications’ disk performance to provide cost-effective recommendations for scaling up or down storage resources.
• AKS Troubleshooting: Identifies root causes of issues within your Kubernetes clusters. Provides actionable LCM rules for optimization scenarios.

Intelligent Recommendations and Customization

• Workload Template Suggestions: Recommends templates (Terraform, ARM, Bicep) based on user needs.
• Compute Service Selection: Helps choose the right VM SKUs and services based on specific workload requirements.
• VM Size Recommendations: Suggests ideal VM sizes based on historical usage patterns. Helps optimize costs by identifying underutilized resources or recommending reserved instances where applicable.
• Role-Based Access Control Optimization: Identifies least-permissive roles for users. Recommends least privilege access policies to enhance security posture in Azure environments.

New Copilot in Azure capabilities simplify cloud management, enhance troubleshooting, and provide intelligent recommendations