Everything New in Azure Governance @ Build 2025

mutemwamasheke

Microsoft

May 21, 2025

Azure Governance is proud to share new releases across our product portfolio to enable agility and control across your cloud environment!

You've come to the right place if you're looking for everything happening with Azure Governance at Microsoft Build, May 19-22, 2025.

Azure Governance is an ecosystem of neatly integrated services that provide the ability to ensure speed and control across your cloud environment. From enforcing rules in your cloud environment to querying the state of your resources at-scale, Azure Governance services keep your resources secure and compliant with corporate standards.

Join us at Microsoft Build!

#MSBuild Session: "Unlock developer agility with a well governed environment" - Thurs, May 22 @ 8:30 AM PDT

In a world where app and env requirements are ever changing, maintaining control can be a moving target. Come learn how to empower your developers to achieve more, without compromising on security, compliance, or operational best practices through Azure Governance products. In this session we'll be discussing newly released features within Azure Policy, dive deep into Policy as code, and announce a new grouping construct called Service groups designed to optimize cross subscription management

Join the session here: https://aka.ms/AzGovBuild25

Sign up for our #MSBuild Product Roundtable Sessions!

Are you going to attend Build 2025 in person in Seattle? If the answer is Yes, Azure product teams would like to invite you to the following Customer Feedback Roundtable sessions at Microsoft Build 2025.

Sign up here to join our roundtable sessions: aka.ms/AzGovRoundtable.

This is a unique opportunity for you to share your insights and help shape the future of Azure. These roundtables will be filled on a first come, first serve basis, so don't miss your chance to sign up now!

If you are not attending Build in person, no problem! If you are interested, we would like to invite you to participate in future online feedback sessions.

New Releases @ Build 2025

The Azure Governance team is excited to share all the following new features across our product portfolio. For each of the features, you will find an accompanying announcement with scenario details, documentation and blog posts to follow along!

(New!) Azure Service Groups

Azure Service Groups - Public Preview

A Service Group (SG) is a new grouping structure in Azure that supports flexible grouping of cross-subscription resources and multiple hierarchies of groups. Service Groups provide a unified view and management capabilities, enabling:

Low Privilege Management: Service Groups are designed to operate with minimal permissions, ensuring that users can manage resources without needing excessive access rights and appealing to multiple personas.
Flexible Cross-Subscription Grouping: Azure resources and scopes, from anywhere in the tenant, can become members of one or multiple service groups.
Varying Hierarchies: Service Groups can be self-nested providing the ability to have multiple hierarchy structures of resource containers.
Data Aggregation & Views: Aggregate data from resources across subscriptions for practical workloads. View application health (via Health Model) and important data values centered around your wanted perspective.

You can reach our team by email at mailto:azureservicegroups@microsoft.com for any questions or comments!

TechCommunity Blog: https://aka.ms/servicegroupspreview
MS Learn Documentation: http://aka.ms/servicegroups

Azure Policy

New Features currently in Private Preview

Many of the Azure Policy enhancements, including user-based exemptions, caller-type based enforcement (e.g., type user or service principal) and IP filtering are currently in private preview and will soon be available to the public. Stay tuned!

Azure Machine Configuration

Linux SSH Posture Control Policy - Generally Available

We are excited to announce additional built-in capabilities for Linux management scenarios through Azure policy and Machine Configuration. Through new built-in policies, you can manage your SSH configuration settings declaratively at-scale.

SSH Posture Control enables you to use the familiar workflows of Azure Policy and Machine Configuration to:

Ensure compliance with standards in your industry or organization
Reduce attack surface of remote management features
Ensure consistent setup across your fleet for security and productivity

SSH Posture Control also provides detailed Reasons describing how compliance or non-compliance was determined. These Reasons help you to document compliance for auditors with confidence and evidence. They also enable you to take action when non-compliance is observed.

MS Learn Documentation: What is SSH Posture Control? | Microsoft Learn

Windows Server 2025 Audit Policy (powered by OSConfig) - Generally Available

You can now deploy the Windows Server 2025 security baseline to your environment and ensures that desired security measures are in place, providing a comprehensive and standardized security framework. The Windows Server 2025 baseline includes over 300 security settings to ensure that it meets industry-standard security requirements. It also provides co-management support for both on-premises and Azure Arc-connected devices. The OSConfig tool is a security configuration stack that uses a scenario-based approach to deliver and apply the desired security measures for your environment.

MS Learn documentation: Configure security baselines for Windows Server 2025 | Microsoft Learn

Onboarding Arc Machines at-scale to Machine Config in Azure Portal - Public Preview

With the integration of Machine Configuration audit policies in the Arc at-scale onboarding experience, you can now quickly deploy audit policies to get a deeper look at the security posture of your Arc-enabled servers. Whether you're seeking to test Machine Configuration on an Arc machine or looking to deploy a policy across a broader scope of machines, your deployment workflow just got incredibly easy with this new integration.

Azure Resource Graph (ARG)

ARG GET/LIST API - Private Preview

Now in Private Preview is the Azure Resource Graph GET/LIST API, a highly scalable, fast, and performant alternative to existing control plane GET and List API calls within the Azure ecosystem. This API allows you to mitigate issues related to throttling, such as performance degradation and failed requests offering a 10X higher Read throttling quota to callers, ensuring faster and more efficient read operations for your critical cloud native workload. Contact argpms@microsoft.com to join the private preview program!

Azure Resource Graph Copilot – Generally Available

With the release of the Azure Resource Graph (ARG) skill within Copilot, customers can access the ARG query skill through Azure Portal or Github Copilot. Questions about resource governance like “how many Linux VMs do I own” will be sent to the ARG Skill. With this release, customers can easily turn natural language questions into ARG queries. ARG Copilot helps users create queries to quickly surface insights about resources and simplify operational investigations.

MS Learn documentation: https://learn.microsoft.com/azure/copilot/get-information-resource-graph

Azure Resource Manager (ARM)

EU Data Boundary enabled by ARM - Generally Available

Going beyond Azure's existing data storage commitments, you can now store and process EU Data in the EU by leveraging Azure data boundaries enabled by Azure Resource Manager. With Azure Resource Manager, you can ensure that in-scope, global Azure metadata data, including EUII, EUPI, Customer Content, and Support Data, are routed, processed, and stored entirely within EU data boundary countries and datacenter locations. This builds on Azure's existing regional metadata privacy commitments and helps our European customers achieve greater control over data locality to meet regulatory, compliance, and sovereignty requirements.