Azure Compute Blog articles

AI-Powered Downtime Investigation for Azure VMs: Automating Root Cause Analysis

Jon_Andoni_Baranda — Wed, 22 Apr 2026 18:34:50 GMT

Co-authors: Jie Su, Abhinav Dua, Mukthar Ahmed, Dhruv Joshi

In a previous post, we shared how Azure Automated VM Recovery works to minimize virtual machine downtime through a three-stage approach: Detection, Diagnosis, and Mitigation. This post goes one layer deeper into how our team is using AI to transform incident investigation, one of the most time-consuming parts of that process.

When an alert fires for a recovery event taking longer than expected, a DRI is notified and a ticket is opened. From there, the DRI must manually dig through logs across multiple sources, build Kusto queries from scratch, and correlate timestamps across systems to identify where time was lost. This has historically taken a long time. On top of that, an engineering manager or TPM had to review the incident, understand the failure, and route it to the right engineer, often resulting in multiple handoffs before the right owner was found. Across a platform the size of Microsoft Azure, that time adds up. That is the problem we set out to solve.

How do we use AI for long duration downtime investigation?

Model Context Protocol (MCP) is a standardized protocol that connects AI models to external tools; in our case, Kusto databases, log analyzers, and incident metadata extractors. Rather than generating text about what might be wrong, the AI actually runs real queries against live telemetry. Critically, this is not a chatbot. There is no interface for a DRI to interact with. When an incident fires, the system triggers automatically, runs the full investigation pipeline, and attaches a structured analysis report directly to the ticket. By the time a DRI opens the alert, the work is already done.

The real intelligence in this system goes beyond incident analysis. It comes from encoded domain knowledge about what "normal" looks like: expected recovery timelines for different error categories, log patterns that indicate specific failure modes, and the precise meaning of each phase in the healing workflow. The system knows, for example, how to distinguish a diagnostics bottleneck from a node isolation bottleneck, and what it signals when a particular isolation step runs longer than expected. This is knowledge that took our team years to accumulate, now automatically applied to every incident. Ultimately, the goal is not to replace the DRI but to eliminate the manual investigation work so they can focus on what matters most: making the right call. The system surfaces the analysis; a human always makes the final decision.

How the System Works

The investigation pipeline follows a six-step reasoning chain that mirrors how our best engineers approach manual triage.

Step 1 (Parse and Identify): The system extracts the key metadata from the ticket incident: the affected node identifier, container identifier, the timestamp when the VM went down, and the total duration of the outage. These parameters become the inputs for everything that follows.

Step 2 (Query VM Health Events): Using the extracted metadata, the AI invokes the AI assisted triage against VM availability tables, retrieving the sequence of state transitions the virtual machine experienced during the incident window.

Step 3 (Check Host Health): The AI then queries host-level health event tables, examining node state changes to understand what the underlying host was doing during the same period. This establishes whether the issue originated at the VM level or at the node level.

Step 4 (Correlate Repair Service Logs): With both the VM and host picture in hand, the AI cross-references repair service logs to trace when our repair orchestration service was triggered, what actions it took, and how long each step took.

Step 5 (Build the Timeline): The AI assembles all of the retrieved data into a chronological, end-to-end timeline of the recovery event. This timeline maps directly to the three phases we track: Time to Detect (TTD), Time to Diagnose (TTDiag), and Time to Mitigate (TTM), as well as Time to Isolate (TTI) when service healing is involved.

Step 6 (Root Cause and Report): Finally, the AI analyzes the timeline, identifies which phase contained the largest gap, determines what operation caused the bottleneck, and generates a structured investigation report that is automatically attached to the ticket incident.

Results and conclusion

The results are measurable across three dimensions. On speed, the investigation pipeline now completes in under 5 minutes, down from 30 to 60 minutes manually, a roughly 90% reduction that shaves 50% off total triage time. On consistency, 100% of qualifying incidents receive the same thorough analysis regardless of who is on call, with the full phase breakdown (TTD, TTDiag, TTMitigate, and TTIsolate) applied every time. On ownership, the generated report gives managers and TPMs immediate context to assign the incident to the right engineer from the start, eliminating the back-and-forth handoffs that previously delayed remediation. This solution has saved Engineering Manager and TPM 10-20 minutes of manual work per incident.

By encoding our team's best practices into an automated pipeline, we turned a slow, inconsistent manual process into something fast, thorough, and always available. MCP offers a practical path for any engineering team to make the knowledge of their most experienced engineers universally accessible, not as documentation, but as an automated system that applies it to every incident, every time. We will continue to share updates as this evolves and would love to hear from teams working on similar problems.

Public Preview: Ephemeral OS Disk with full caching for VM/VMSS

viveksingla — Mon, 30 Mar 2026 19:37:31 GMT

Today, we’re excited to announce the public preview of Ephemeral OS disk with full caching, a new feature designed to significantly enhance performance and reliability by utilizing local storage. This feature is ideal for IO-sensitive stateless workloads, as it eliminates dependency on remote storage by caching the entire OS image on local storage.

Key Advantages:

High Performance: Provides extremely high-performance OS disks with consistently fast response times.
Reliability: Ensures high availability, making it suitable for critical workloads.

Why Full OS Caching?

Currently, Ephemeral OS disks store OS writes locally but still rely on a remote base OS image for reads. With Ephemeral OS Disk with full caching, the entire OS disk image is cached on local storage, removing the dependency on remote storage for OS disk reads. Once caching is complete, all OS disk IO is served locally. This results in:

Consistently fast OS disk performance with low‑millisecond latency
Improved resilience during remote storage disruptions
No impact to VM create times, as caching happens asynchronously after boot

This capability is well suited for IO-sensitive stateless workloads that need fast OS disk access, including:

AI workloads
Quorum‑based databases
Data analytics and real‑time processing systems
Large‑scale stateless services on General Purpose VM families

These workloads benefit directly from lower OS disk latency and reduced exposure to remote storage outages.

How It Works?

When full OS caching is enabled:

VM’s Local storage (cache disk, resource disk, or NVMe disk) is used to host the full OS disk
Local storage capacity is reduced by 2× the OS disk size to accommodate OS caching
The OS disk is cached in the background after VM boot, ensuring fast provisioning
All OS disk IOs happen on the local storage, thus providing 10X better IO performance and resiliency to storage interruptions

Public Preview Availability

During public preview, Ephemeral OS disk with full caching is available for most general purpose VM SKUs (excluding 2‑vCPUs and 4‑vCPUs VMs) in 29 regions - AustraliaCentral, AustraliaCentral2, AustraliaSouthEast, BrazilSoutheast, CanadaCentral, CanadaEast, CentralIndia, CentralUSEUAP, EastAsia, GermanyWestCentral, JapanEast, JioIndiaCentral, JioIndiaWest, KoreaCentral, KoreaSouth, MalaysiaSouth, MexicoCentral, NorthEurope, NorwayWest, QatarCentral, SouthAfricaNorth, SwedenCentral, SwitzerlandWest, TaiwanNorth, UAECentral, UKSouth, UKWest, WestCentralUS, and WestIndia.

We’re continuing to expand support across regions, and tooling as we move toward general availability.

Getting Started

Customers can enable Ephemeral OS disk with full caching when creating new VMs or VMSS by updating their ARM templates or REST API definitions and setting the enableFullCaching flag for Ephemeral OS disks.

ARM template to create VMs with full caching:

"resources": [ "name": "[parameters('virtualMachineName')]", "type": "Microsoft.Compute/virtualMachines", "apiVersion": "2025-04-01", .. .. "osDisk": { "diffDiskSettings": { "option": "Local", "placement": "ResourceDisk", "enableFullCaching": true }, "caching": "ReadOnly", "createOption": "FromImage", "managedDisk": { "storageAccountType": "StandardSSD_LRS" } }

ARM template to create VMSS with full caching:

"resources": [ "name": "[parameters('vmssName')]", "type": "Microsoft.Compute/virtualMachineScaleSets", "apiVersion": "2025-04-01", .. .. "osDisk": { "diffDiskSettings": { "option": "Local", "placement": "ResourceDisk", "enableFullCaching": true }, "caching": "ReadOnly", "createOption": "FromImage", "managedDisk": { "storageAccountType": "StandardSSD_LRS" } }

Your feedback during public preview will help shape the final experience.

Upcoming Compute API Change: Always return non-null securityType

AjKundnani — Mon, 09 Mar 2026 14:16:14 GMT

Overview

Starting with Azure Compute API version 2025‑11‑01, responses for Azure Virtual Machines (VMs) and Virtual Machine Scale Sets (VMSS) will include a non‑null securityType value in all operations.

While this is a small behavioral change, it can impact deployments if they rely on null checks in automation, validation, or post‑deployment scripts. This post explains what is changing, why the change was made, and what—if anything—you need to do to prepare.

This update applies only to the 2025‑11‑01 API version. Older API versions are unaffected and will continue to behave as they do today.

What’s changing?

With Azure Compute API version 2025‑11‑01, all VM and VM Scale Set operations—including create, update, and GET—will always return a populated securityType field in the response.

Specifically:

The securityType field will always return one of the following values, based on the resource configuration:

Input Security Type

Returned Security Type with new API version

<null>

Standard

Standard

Standard

TrustedLaunch

TrustedLaunch

ConfidentialVM

ConfidentialVM
If a VM or scale set is created or updated without specifying a securityType (that is, the value is omitted or set to null), the API response will now return securityType: "Standard"
Existing VMs or scale sets that already have a defined securityType (TrustedLaunch or ConfidentialVM) will continue to return their configured value, unchanged.

Important: This behavior change applies only to API version 2025‑11‑01. API versions prior to this will continue returning null when no securityType is specified.

Why this change is made

The securityType field represents an explicit security posture for a VM or scale set. Returning a consistent, non‑null value improves response clarity and aligns the API contract with actual runtime behavior, where resources always operate under a defined security model—even when not explicitly specified during creation.

This change makes API responses more predictable and reduces ambiguity for consumers interpreting resource configuration.

Will this impact existing workloads?

No. This change does not affect the runtime behavior of your existing VMs or scale sets. There is no impact to deployed resources, workloads, or infrastructure behavior.

However, you may be impacted if:

You use API version 2025‑11‑01, AND
You have automation, validation logic, or post-deployment scripts that:
- Explicitly check for securityType == null
- Treat a missing or null securityType as a special case

Only requests made using API version 2025‑11‑01 will return the updated, always‑present securityType value. Requests using older API versions are unchanged.

What actions do customers need to take?

If you will be using Azure Compute API version 2025‑11‑01, review and update any code that assumes securityType may be null.

Recommended actions:

✅ Update validation logic to accept "Standard" as the default value

✅ Remove or adjust null checks that gate logic or fail deployments

✅ Ensure post‑deployment checks and compliance scripts handle all supported securityType values

For example, a VM created without specifying securityType will now return "Standard" instead of null.

No action is required if you are using API versions earlier than 2025‑11‑01.

Example: GET response behavior (API version 2025‑11‑01)

The following example shows a GET VM response where no securityType was specified at creation time. Note that the response still includes a non‑null value (Standard).

{ "id": "<vmResourceId>", "name": "<vmName>", "type": "Microsoft.Compute/virtualMachines", "properties": { "securityProfile": { "securityType": "Standard" } } }

Next steps

Review your automation, validation or/and post-deployemnt scripts now to ensure a smooth transition when adopting Azure Compute API version 2025‑11‑01.

Public Preview: Automatic zone balance for Virtual Machine Scale Sets

HilaryWang — Tue, 17 Feb 2026 17:30:00 GMT

We're excited to announce the public preview of automatic zone balance for Azure Virtual Machine Scale Sets. This new capability helps you maintain zone-resilient workloads with zero manual intervention. Automatic zone balance continuously monitors your scale set and redistributes VMs across availability zones, reducing the risk that a single zone failure disproportionately impacts your applications.

Maintain Optimal Resiliency Posture with Continuous Monitoring

When you deploy a Virtual Machine Scale Set across multiple availability zones, Azure spreads your VMs as evenly as possible for maximum resiliency. However, capacity constraints, scaling operations, and other factors can cause your scale set to become imbalanced over time, with some zones holding more VM instances than others. This imbalance often goes unnoticed, but it means a zone failure could take down a larger share of your workload than expected.

Figure 1: If an outage occurs in Zone 1, an imbalanced scale set would experience a 50% impact on its workload, while a balanced scale set would only experience 33% impact to an outage in any zone.

Automatic zone balance addresses these challenges by continuously monitoring your scale set for zonal imbalances and tracking capacity in under-provisioned zones. When capacity becomes available, VMs are automatically created in the under-provisioned zone, eliminating the need for manual trial-and-error.

When rebalancing occurs, Automatic zone balance uses a create-before-delete approach. New VMs are created in under-provisioned zones and verified healthy before VMs in over-provisioned zones are removed, ensuring your workload capacity is never reduced during the process. Health checks are performed through integration with Application Health Extension or Load Balancer Health Probes, so only healthy VMs are kept.

Built-in safety guardrails ensure rebalancing respects instance protection policies and pauses during active scale set operations. To minimize churn, rebalancing includes back-off periods between operations and moves only one VM at a time.

When you enable Automatic zone balance, automatic instance repairs is also activated by default, giving you both zone-level resiliency and instance-level health monitoring. Together, these capabilities help you maintain resilient, well-distributed workloads with minimal operational overhead, reducing the blast radius of zone failures while ensuring gradual, controlled changes to your scale set.

How to Get Started

To get started with Automatic zone balance:

Register for the preview: Enable the AutomaticZoneRebalancing feature flag in your subscription via Azure portal, CLI, or PowerShell.
Ensure prerequisites: Your scale set must span at least 2 availability zones, use best-effort zone balancing mode, and have application health monitoring configured.
Enable Automatic zone balance: Turn on the feature through Azure portal, CLI, PowerShell, or REST API.

For detailed instructions, visit the automatic zone balance documentation.

Azure Automated Virtual Machine Recovery: Minimizing Downtime

Jon_Andoni_Baranda — Wed, 04 Feb 2026 19:23:11 GMT

Co-authors: Mukhtar Ahmed, Shekhar Agrawal, Harish Luckshetty, Vinay Nagarajan, Jie Su, Sri Harsha Kanukuntla, David Maldonado, Shardul Dabholkar.

Keeping virtual machines running smoothly is essential for businesses across every industry. When a VM stays down for even a short period, the impact can cascade quickly; delayed financial transactions, stalled manufacturing lines, unavailable retail systems, or interruptions to healthcare services. This understanding led to the creation of this solution, with its primary goal of ensuring fast and reliable recovery times so customers can focus on their business priorities without worrying about manual recovery strategies. This feature helps ensure your business Service-Level Agreements are consistently met.

When a VM experiences an issue, our system springs into action within seconds, working to restore your service as quickly as possible. It automatically executes the optimal recovery strategy, all without customer intervention. The feature operates continuously in the background, monitoring the health of VMs through multiple detection mechanisms. Lastly, it automatically selects the fastest recovery path based on the specific failure type.

Getting Started

The best part? Azure Automated VM Recovery requires no setup or configuration. Running quietly in the background, this service helps guarantee the highest level of recoverability and a smooth experience for every Azure customer. Your VMs are already benefiting from faster detection, smarter diagnosis, and optimized recovery strategies.

The Importance of Automated VM Recovery

Automated VM recovery is essential to keeping cloud services resilient, reliable, and interruption-free. Automated recovery ensures that the moment a failure occurs, the platform responds instantly with fast detection, intelligent diagnostics, and the optimal repair action, all without requiring customer intervention.

Better experience for customers: By minimizing VM downtime, it helps customers keep their services online, avoiding disruptions and potential business losses.
Stronger trust in Azure: Fast, reliable recovery builds customer confidence in Azure’s platform, reinforcing our reputation for dependability.
Reduced financial impact for customers: The lower the downtime, the less time your customers will be impacted, reducing potential loss of revenue and minimizing business disruption during critical operations.
Empowering internal teams: Automated monitoring and clear visibility into recovery metrics help teams track health, onboard easily, and identify opportunities for improvement with minimal effort.

How Azure Automated VM Recovery Works: A Three-Stage Approach

Azure automatically handles VM issues through a three-stage recovery framework: Detection, Diagnosis, and Mitigation.

Detection

From the moment a failure occurs, multiple parallel mechanisms identify issues quickly. Azure hardware devices send regular health signals, which are monitored for interruptions or degradation. At the application level, operational health is tracked via response times, error rates, and successful operations to detect software-level problems rapidly.

Diagnosis

Once detected, lightweight diagnostics determine the best recovery action without unnecessary delays. Diagnostics operates at multiple levels; host level checks asses underlying infrastructure, VM level diagnostics evaluate the virtual machine state and system-on-chip (SoC) level analysis examines hardware components. This includes network checks, resource utilization assessments, and service responsiveness tests. Detailed data is also collected for post-incident analysis, continuously improving diagnostic algorithms while active recovery proceeds.

Mitigation

Based on diagnostics, the system automatically executes the optimal recovery strategy, starting with the least disruptive methods and escalating as needed. Hardware failures may trigger VM migration, while software issues might be resolved with targeted service restarts. If needed, a host reset is performed while preserving virtual machine state, ensuring minimal disruption to running workloads. Post-mitigation health checks ensure full VM functionality before recovery is considered complete.

Recovery Event Annotations

Recovery Event Annotations are specialized annotations that provide detailed visibility into every stage of VM recovery, going beyond simple uptime metrics. These indicators act as custom monitoring metrics, breaking down each incident into precise time segments. For example, TTD (Time to Detect) measures the time between a VM becoming unhealthy and the system recognizing the issue, while TTDiag (Time to Diagnose) tracks the duration of diagnostic checks. By analyzing these segments, Recovery Timing Indicators help identify bottlenecks, optimize recovery steps, and improve overall reliability. Key benefits include:

Understanding why some VMs recover faster than others.
Identifying which diagnostics add value versus those that don’t.
Highlighting opportunities that provide a faster path of recovery.
Enabling early detection of regressions through event annotation-driven alerts.
Establishing a common language across Azure teams for measuring and improving downtime.

Customer Impact and Results

Azure Automated VM Recovery demonstrates our commitment to not only high availability but also rapid recovery. By minimizing downtime, it helps customers build resilient applications and maintain business continuity during unexpected failures. Over the past 18 months, this solution has cut average VM downtime by more than half, significantly enhancing reliability and customer experience. Our ongoing goal is to provide a platform where customers can deploy workloads with confidence, knowing automated recovery will minimize disruptions.

Announcing General Availability of Azure Da/Ea/Fasv7-series VMs based on AMD ‘Turin’ processors

ArpitaChatterjee — Tue, 27 Jan 2026 21:54:30 GMT

Today, Microsoft is announcing the general availability of Azure’s new AMD based Virtual Machines (VMs) powered by 5th Gen AMD EPYC™ (Turin) processors. These VMs include general-purpose (Dasv7, Dalsv7), memory-optimized (Easv7), and compute-optimized (Fasv7, Falsv7, Famsv7) series, available with or without local disks.

Azure’s latest AMD based VMs offer faster CPU performance, greater scalability, and flexible configurations, making them the ideal choice for high performance, cost efficiency, and diverse workloads.

Key improvements include up to 35% better CPU performance and price-performance compared to equivalent v6 AMD-based VMs. Workload-specific gains are significant—up to 25% for Java applications, up to 65% for in-memory cache applications, up to 80% for crypto workloads, and up to 130% for web server applications just to name a few.

Dalsv7-series VMs are cost-efficient for low memory workloads like web servers, video encoding, and batch processing. Dasv7-series suit general computing tasks such as e-commerce, web front ends, virtualization, customer relationship management applications (CRM), and entry to mid-range databases. Easv7-series target memory-heavy workloads like enterprise applications, data warehousing, business intelligence, in-memory analytics and more. Falsv7-, Fasv7-, and Famsv7 series deliver full-core performance without Simultaneous Multithreading (SMT) for compute-intensive tasks like scientific simulations, financial modeling, gaming and more. You can now choose constrained-core VM sizes — reducing the vCPU total by 50% or 75% while maintaining the other resources.

Dasv7, Dalsv7, and Easv7 VMs now scale up to 160 vCPUs, an increase from 96 vCPUs in the previous generation. The Fasv7, Falsv7, and Famsv7 VMs, which do not include Simultaneous Multithreading (SMT), support up to 80 vCPUs—up from 64 vCPUs in the prior generation—and introduce a new 1-core option. These VMs offer a maximum boost CPU frequency of up to 4.5 GHz for faster compute-intensive operations.

The new VMs deliver increased memory capacity —up to 640 GiB for Dasv7 and 1280 GiB for Easv7—making them ideal for memory-intensive workloads. They also support three memory (GiB)-to-vCPU ratios: 2:1 (Dalsv7-series, Daldsv7-series, Falsv7-series and Faldsv7-series), 4:1 (Dasv7-series, Dadsv7-series, Fasv7-series and Fadsv7-series), and 8:1 (Easv7-series, Eadsv7-series, Famsv7-series and Famdsv7-series).

Remote storage performance is improved up to 20% higher IOPS, up to 50% greater throughput, while local storage performance offers up to 55% higher throughput. Network performance is also enhanced up to 75% compared to corresponding D-series and E-series v6 VMs. New VM series Fadsv7, Faldsv7, and Famdsv7, introduce local disk support.

The new VMs leverage Azure Boost technology to enhance performance and security, utilize the Microsoft Azure Network Adapter (MANA), and support the NVMe protocol for both local and remote disks.

The 5th Generation AMD EPYC™ processor family, based on the newest ‘Zen 5’ core, provides enhanced capabilities for these new Azure’s AMD based VM series such as AVX-512 with a full 512-bit data path for vector and floating-point operations, higher memory bandwidth, and improved instructions per clock compared to the previous generation. These updates provide the ability to handle compute-intensive tasks for AI and machine learning, scientific simulations, and financial analytics, among others. AMD Infinity Guard hardware-based security features, such as Transparent Secure Memory Encryption (TSME), continue in this generation to ensure sensitive information remains secure.

These VMs are available in the following Azure regions: Australia East, Central US, Germany West Central, Japan East, North Europe, South Central US, Southeast Asia, UK South, West Europe, West US 2, and West US 3. The large 160 vCPU Easv7-series and Eadsv7-series sizes are available in North Europe, South Central US, West Europe, and West US 2. More regions are coming in 2026. Refer to Product Availability by Region for the latest information.

Our customers have shared the benefits they’ve observed with these new VMs:

“Elastic enables customers to drive innovation and cost-efficiency with our observability, security, and search solutions on Azure. In our testing, Azure’s latest Daldsv7 VMs provided up to 13% better indexing throughput compared to previous generation Daldsv6 VMs, and we are looking forward to the improved performance for Elasticsearch users deploying on Azure.” — Yuvraj Gupta, Director, Product Management, Elastic

“The Easv7 series of Azure VMs offers a balanced mix of CPU, memory, storage, and network performance that suits the majority of Oracle Database configurations very well. The 80 Gbps network with the jumbo frame capability is especially helpful for efficient operation of FlashGrid Cluster with Oracle RAC on Azure VMs.” — Art Danielov, CEO, FlashGrid

"Our analysis indicates that Azure’s new AMD based v7 series Virtual Machines demonstrate significantly higher performance compared to the v6 series, particularly in single-thread ratings. This advancement is highly beneficial, as several of our critical applications, such as ArcGIS Enterprise, are single-threaded and CPU-bound. Consequently, these faster v7 series VMs have resulted in improved performance with the same number of users, evidenced by lower server utilization and faster client-side response times." — Thomas Buchmann, Senior Cloud Architect, VertiGIS

Here’s what our technology partners are saying:

“AMD and Microsoft have built one of the industry’s most successful cloud partnerships, bringing over 60 VM series to market through years of deep engineering collaboration. With the new v7 Azure VMs powered by 5th Gen AMD EPYC processors, we’re setting a new benchmark for performance, efficiency, and scalability—giving customers the proven, leadership compute they expect from AMD in the world’s most demanding cloud environments.” — Steve Berg, Corporate Vice President and General Manager of the Server CPU Cloud Business Group at AMD

“Our collaboration with Microsoft continues to empower developers and enterprises alike. The new AMD based v7-series VMs on Azure offer a powerful foundation for the full spectrum of modern workloads, from development to production AI/ML pipelines. We are excited to support this launch, ensuring every user gets a seamless experience on Ubuntu, with the enterprise security and long-term stability of Ubuntu Pro available for their most critical systems." — Jehudi Castro-Sierra, Public Cloud Alliances Director

"The new Azure Da/Ea/Fa v7-series AMD Turin-based instances running SUSE Linux Enterprise Server provide a significant performance uplift during initial tests. They show an impressive 20%-40% increase with typical Linux kernel compilation tasks compared to the same instance sizes of the v6 series. This demonstrates the enhanced capabilities the v7 series brings to our joint customers seeking maximum efficiency and performance for their critical applications.” — Peter Schinagl, Sr. Technical Architect, SUSE

You can learn more about these latest Azure AMD based VMs by visiting the specification pages at Dasv7-series, Dadsv7-series, Dalsv7-series, Daldsv7-series, Easv7-series, Eadsv7-series, Fasv7-series, Fadsv7-series, Falsv7-series, Faldsv7-series, Famsv7-series , Famdsv7-series, constrained-core sizes.

For pricing details, visit the Azure Virtual Machines pricing page. These VMs support all remote disk types. See Azure managed disk type for additional details. Disk storage is billed separately.

Azure Integrated HSM (Hardware Security Module) will continue to be in preview with these VMs. Azure Integrated HSM is an ephemeral HSM cache that enables secure key management within Azure VMs by ensuring that cryptographic keys remain protected inside a FIPS 140-3 Level 3-compliant boundary throughout their lifecycle. To explore this new feature, please sign up using the form.

Have questions? Please reach us at Azure Support and our experts will be there to help you with your Azure journey.

Improving Efficiency through Adaptive CPU Uncore Power Management

PulkitMisra — Wed, 21 Jan 2026 16:00:00 GMT

In a competitive landscape, Microsoft Azure, like other major cloud service providers, must continuously balance two competing objectives: maximizing performance and improving power efficiency. By using power more effectively, Azure can deploy more servers within its existing datacenter footprint to quickly meet growing customer compute demands and improve sustainability.

While power management encompasses a broad range of technologies, this article focuses on uncore power management, which targets components outside the CPU cores but within the processor package. The uncore domain includes the mesh interconnect, memory controllers, and I/O subsystem.

Figure 1: An illustration of a diurnal workload’s resource utilization

The Need for Uncore Power Management

Cloud servers often operate under low load due to diurnal resource utilization patterns (e.g., user-facing workloads such as Microsoft Teams), which exhibit reduced demand during weeknights and weekends, as shown in Figure 1. In addition, customers often provision VMs for peak demand, causing servers to run under reduced load during off-peak periods.

Even under reduced load, server CPUs continue to consume significant power. Although idle cores can enter deep low-power states (e.g., core C6), the uncore typically remains active and operates at its highest frequency, as the presence of even a single active core prevents it from entering an idle state. The few active cores may be running background Azure server agents for monitoring and maintenance, which generally have relaxed performance requirements. Moreover, workloads operating under reduced load can often tolerate slightly higher latency without degrading tail performance. Together, these characteristics make it feasible to leverage active low-power techniques, such as reducing uncore frequency, to improve power efficiency.

While modern CPUs support dynamic uncore frequency scaling, software-only approaches to reducing uncore frequency under low load are limited in effectiveness, as they struggle to respond quickly to sudden bursts of workload activity.

Hardware/Software Co-design For Improving CPU Power Efficiency

Intel and Microsoft Azure co-designed Efficiency Latency Control (ELC), a mechanism for managing uncore frequency that is now available on Intel Xeon 6 (Granite Rapids) processors. The implementation allows software to define CPU utilization thresholds and their corresponding uncore frequency targets, which are communicated to the CPU firmware for enforcement. This division of responsibility enables software to tailor power–performance behavior to workload characteristics, while the hardware ensures fast and reliable execution of the frequency control logic.

Figure 2: Managing uncore frequency and power using ELC

ELC mode allows software to specify three uncore frequency points—Low, Mid, and High—along with two CPU utilization thresholds -- Low and High. When utilization is at or below the Low threshold, firmware sets the uncore frequency to the defined minimum value, thereby maximizing power savings. As utilization rises above the Low threshold, the frequency is increased to the Mid-level, balancing performance and power efficiency. Finally, when utilization exceeds the High threshold, the uncore frequency is increased up to the defined maximum, subject to package power constraints, to meet performance demands under heavy load.

Figure 2 illustrates several ELC configuration strategies, each representing a different tradeoff between latency and power efficiency. Config #1 prioritizes latency by maintaining a consistently high uncore frequency across all CPU utilization levels, mirroring the default high-performance mode. This delivers optimal responsiveness but incurs higher power consumption, particularly under low-load conditions. Config #2 lowers the uncore frequency under very low utilization, improving power efficiency when background tasks (e.g., agents) are active and VMs are largely idle. Finally, Config #3 offers a balanced approach, allowing moderate frequency scaling at low load to conserve power while maintaining acceptable performance. This configuration is appropriate when a slight tradeoff in responsiveness is tolerable in exchange for improved power efficiency. The Perf/Watt Optimized curve represents the ideal dynamic scaling behavior, adjusting uncore frequency to maximize performance per watt across varying workload intensities.

Real-World Impact

ELC mode provides compelling benefits:

Figure 3: Power and performance impact for SPEC CPU Integer benchmark suite

ELC reduces power consumption by up to 11% under iso-performance for moderate loads. Figure 3 shows the performance and power impact of ELC Config #1 (latency-optimized) and Config #3 on the SPEC CPU Integer benchmark suite under moderate load, where only a subset of CPU cores are active while the rest remain idle. As the figure illustrates, Config #3 achieves comparable performance to Config #1 while reducing power consumption by up to 11% (9% on average). At higher loads (not shown), the power savings of Config #3 diminish, as the uncore must operate at higher frequencies to match the performance of Config #1.

Figure 4: Performance/watt improvement under lightly loaded storage operations

ELC provides up to 1.5× improvement in performance per watt under very low load. Figure 4 compares the performance-per-watt of ELC Config #1 and Config #3 under very low storage loads. Config #1 maintains a consistently high uncore frequency, which limits efficiency. In contrast, Config #3 can lower the uncore frequency to the Low setting under light load, slightly reducing absolute performance but achieving substantially higher performance per watt.

These results demonstrate that ELC’s configurability can deliver performance comparable to latency-optimized mode with significantly higher power efficiency, enabling Azure to increase server deployments within its existing datacenter power footprint to quickly meet customer compute demands while also improving sustainability.

Looking Forward

As cloud workloads continue to evolve, the importance of hardware–software co-design in enabling adaptive infrastructure will increase. The integration of hardware and software controls for CPU uncore frequency management marks a significant step towards improving server power and energy efficiency. Looking ahead, further collaboration between Microsoft Azure and hardware vendors will unlock new opportunities for efficiency, sustainability, and cost effectiveness.

Appendix

ELC mode details: Intel® Xeon® 6 Processors - Performance and Power Profiles - Default, Latency-Optimized Mode, and Other Options Technical Article

Scaling Azure Compute for Performance

DanaCozmei — Tue, 02 Dec 2025 21:20:46 GMT

Ignite 2025 highlighted a clear trend across customer and partner discussions: modern workloads—AI inference, data-intensive analytics, and globally distributed applications—require infrastructure that delivers consistent performance, rapid scale-out, and adaptive behavior under real-world pressure. The focus this year was on practical capabilities that remove bottlenecks, simplify operations, and provide the compute foundation needed to support the next wave of innovation.

Azure’s newest advancements reflect that direction. Breakthroughs like Direct Virtualization enable low-latency access to GPUs and NVMe; Large Container sizes push new limits for AI/ML and analytics; VM Applications streamline global deployments; Scheduled Actions bring automation to thousands of VMs; Azure Compute Gallery boosts resiliency with Soft Delete and ZRS; and VMSS Instance Mix improves capacity acquisition through flexible SKU selection.

This retrospective highlights the capabilities that shaped Ignite and how Azure is advancing a high-performance, adaptive compute platform built for the next generation of workloads.

Direct Virtualization – Breaking Barriers for Performance

Direct Virtualization generated a lot of excitement at Ignite, enabling performance-sensitive workloads like AI inference and gaming to launch faster and more affordably. Key highlights:

Direct access to devices like NvMe disks and GPUs with near Bare metal performance.
Isolation for child VMs hosting hostile workloads.
Lower latency and cost efficiency for demanding applications.
High throughput data access from child VMs for high performance workloads.

Available in limited preview, please sign up here: aka.ms/DirectVirtualizationPreview

Large Containers sizes: Supercharging Compute-Intensive Apps

Large containers were well received at Ignite. Why? Because they unlock massive performance gains for AI/ML training, big data analytics, and high-throughput services. With higher vCPU and memory configurations, customers can:

Accelerate AI workloads: Train models faster and scale inference seamlessly.
Simplify orchestration: Fewer containers, less complexity.
Reduce latency: Minimize inter-container chatter for blazing-fast execution.

Now Generally Available!

Learn more: aka.ms/bigcontainersblog

VM Applications: Global Reach, Zero Hassle

We were happy to announce General Availability for VM applications. Managing apps across thousands of VMs, at Ignite we showcased how VM Applications make this effortless. Customers loved the ability to:

Deploy up to 25 applications (2GB each) per VM together.
Deploy consistently across regions with automatic replication.
Automate updates without manual intervention.
Scale globally with confidence.

This simplifies operational overhead for enterprises running distributed workloads.

Learn more: https://aka.ms/VMApps/blogs/ignite2025

Scheduled Actions: Automation at Scale

Operational efficiency was a hot topic, and Scheduled Actions, now Generally Available solves this problem. Now you can schedule power operations for up to 5,000 VMs in one go. Scheduled actions enables:

Cost optimization during off-peak hours.
Reliability with built-in throttling safeguards.
Time savings through automation.
Actions available in GA: Start, Stop, Hibernate, with support for more actions coming soon!

Azure Compute Gallery – Enhance resiliency

Azure Compute Gallery (ACG) continues to evolve, introducing robust features that safeguard your virtual machine (VM) images and application artifacts. Two key resiliency innovations: the new Soft Delete feature (announced in preview) and Zonal Redundant Storage (ZRS) as the default storage type for image versions.

The combination of Soft Delete and ZRS by default provides Azure customers with enhanced operational reliability and data protection. Whether overseeing a suite of VM images for development and testing purposes or coordinating production deployments across multiple teams, these features offer the following benefits:

Mitigate operational risks associated with accidental deletions or regional outages.
Minimize downtime and reduce manual recovery processes.
Promote compliance and security through advanced access controls and transparent recovery procedures.

Acquiring capacity at Scale

We know that capacity acquisition can get complicated and can prohibit scale. With SKU fungibility in a single deployment where you can define up to 5 SKUs using VMSS Instance Mix with allocation policies simplifies capacity fungibility at scale. Customers can:

Mix up to five VM sizes in a single scale set.
Use allocation strategies like CapacityOptimized, LowestPrice, or Prioritized.
Secure capacity during peak demand while optimizing costs.

This approach ensures agility and resilience for unpredictable workloads.

Best Practices

We also shared best practices for Scale and performance. The session emphasized:

Using latest SKUs for best performance and price/performance.
Using Instance mix for acquiring capacity at scale using different SKUs.
Use VM Apps for delivering apps reliably and at scale.
For Virtual Desktop use cases, use Schedule actions for managing power states at scale.
Building resiliency and security from the get-go.

Session on-demand link: ignite.microsoft.com/en-US/sessions/BRK173?source=/speakers/80665103-5e69-4b8c-ad15-1d1f84c8dd6a

Conclusion: Customer Excitement on AI + Azure Infra

Ignite made it clear that scaling for performance is no longer about simply adding more compute; it’s about intelligent architecture, automation at scale, and flexible capacity models that adapt to real-world demands. Capabilities such as Direct Virtualization, Large Container sizes, VM Applications, Scheduled Actions, and SKU fungibility are not incremental enhancements; they represent foundational building blocks for AI-ready, resilient, and cost-efficient infrastructure.

Customers are approaching Azure with bold AI ambitions, and the momentum is unmistakable. Whether training large models or deploying inference globally, the innovations showcased at Ignite demonstrate that Azure Compute is engineered to support these next-generation workloads with precision, scale, and operational excellence.

As the industry accelerates toward more intelligent and distributed systems, Azure’s compute platform is evolving in lockstep—delivering the performance, automation, and adaptability required to turn ambitious ideas into production-ready breakthroughs.

Here’s to scaling smarter, operating more efficiently, and powering the next decade of cloud innovation—together.

Golazo: A Framework for Streamlined Engineering

Ben Martens — Thu, 20 Nov 2025 16:37:24 GMT

We’re excited to announce the public open-source release of Golazo!

Golazo is an open-source framework designed to help engineering teams work efficiently and transparently. It’s designed for real-world practicality by emphasizing design documentation before code, multiple peer reviews, visual workflow boards, shared ownership, and customer validation.

Every work item is scoped to less than two weeks and begins with a concise design document. Peer signoff is required before coding starts, helping eliminate architectural surprises during PR reviews. These documents not only provide immediate context but also serve as a lasting knowledge base for the team and a valuable resource for AI coding agents and LLMs.

There’s no assigned ownership of workstreams. Engineers are encouraged to pick up any ticket that interests them, supported by team conversations and the design doc knowledge base. Successes and learning opportunities are shared by all.

Golazo is built for asynchronous collaboration, making it ideal for both in-person teams and hybrid teams across time zones. Daily standups focus on lessons learned and moving work forward, not just status updates. Regular retrospectives celebrate wins and identify ways to improve efficiency. Planning is a group activity, ensuring everyone’s perspective is included.

Curious about the details? Explore the full documentation on GitHub or the rendered HTML version on GitHub pages to see how Golazo can help your team thrive.

Introducing Metadata Security Protocol (MSP): Elevating Platform Security for Azure VMs

Amjad_Shaik — Wed, 19 Nov 2025 19:36:55 GMT

We are excited to announce the General Availability (GA) of Metadata Security Protocol (MSP), an industry-first innovation designed to mitigate vulnerabilities at the platform layer. Azure becomes the first major cloud provider to integrate strong authentication and authorization (AuthN and AuthZ) for metadata service endpoints inside virtual machines. MSP introduces a default-closed security model for the Instance Metadata Service (IMDS) and WireServer, ensuring only trusted processes can access sensitive data over it, eliminating a subset of attack classes, reducing another subset of attack surfaces and aligning with zero-trust security principles.

What is MSP and Why Does It Matter?

The Instance Metadata Service (IMDS) provides critical information to virtual machines, including instance details, managed identity tokens, and platform configuration data. Historically, IMDS endpoints across the industry cloud providers including Azure, were accessible security boundary of protection being the Guest Virtual machine. With the advent of containerization and nested virtualization, the new MSP protocol invests in a strong authentication layer, which enables sub-VM security boundary protection for hosted cloud services infrastructure. And this additionally, helps eliminate several security anti-patterns and attack subclasses related to:

Server-Side Request Forgery (SSRF) over IMDS endpoints – curtailing exploitation of unauthenticated metadata APIs to gain access to sensitive tokens or configuration data.
Hosted-on-Behalf-of (HoBo) nested tenancy bypasses – eliminating attack scenarios bypasses for nested virtualization setup for multi-tenancy or misconfigured trust boundaries allowed indirect access to metadata.
Implicit trust within the VM – adding strong application layer defense in depth beyond network isolation for sub-VM boundaries.

MSP addresses this by introducing industry-first protections:

Authentication for IMDS calls – uses a trusted delegate and HMAC to ensure only verified processes can access metadata. Every IMDS and WireServer request is authenticated and validated using trusted delegates and HMAC signatures, ensuring only verified processes can access metadata.

Improved isolation – MSP offers enhanced protection against risks from container network misconfiguration.

Default-Closed Model – IMDS access is locked down by default, requiring strict allowlisting of approved in-guest software and users, aligning with zero-trust principles.

Guest Proxy Agent (GPA) – GPA leverages eBPF to verify the source of every metadata request and enforce Role-Based Access Control (RBAC) at the process level.

Fine-grained access control – allowing you to restrict IMDS access to specific users or processes with advanced configuration, reducing the attack surface significantly.

With MSP, you can limit IMDS access to approved applications, reducing your attack surface and improving your security posture.

Benefits of MSP

By adopting MSP, you gain:

Defense-in-depth against metadata-related attacks: MSP adds an extra security layer to protect sensitive metadata and identity tokens, reducing exposure from misconfigurations or compromised processes.

Granular control over IMDS access within your VMs: With fine-grained RBAC and allowlisting, you decide which applications and users can access metadata, ensuring only trusted components interact with critical services.

Peace of mind with industry-leading protections: MSP introduces a default-closed model and per-request authentication, aligning with zero-trust principles and making Azure the first major cloud to deliver this level of in-guest security.

How to Get Started?

The goal of onboarding is to configure your VMs so that only approved applications can access the WireServer/IMDS endpoints. Here’s the recommended approach:

Enable MSP in Audit Mode: Start by enabling MSP in audit mode to monitor which processes are accessing IMDS.
Create an Allowlist: Use audit logs to identify legitimate applications and build an allowlist.
Enable MSP Enforcement: Once the allowlist is finalized, switch MSP to enforcement mode to restrict access.

Start today by enabling MSP in audit mode and take the first step toward securing your Azure environment against evolving threats. For detailed instructions, visit the MSP Microsoft Learn page.

Announcing the Preview of the new Azure Ebsv6 VMs based on the 5th Gen Intel® Xeon® processor

misha-bansal — Tue, 18 Nov 2025 17:35:49 GMT

Authored by Misha Bansal, Product Manager, Azure Compute

We are excited to announce the public preview of the new Azure Ebsv6 and Ebdsv6 Virtual Machines, powered by 5th Generation Intel® Xeon® Platinum 8573C (Emerald Rapids) processors. These VMs deliver significantly higher remote storage performance, scaling up to 800,000 IOPS and 14 Gbps of remote disk throughput featured by Azure Boost which is designed to accelerate storage and networking capabilities.

The Ebsv6 VMs are purpose-built for memory-intensive workloads, including relational database servers, large-scale data warehousing, and advanced analytics. This generation delivers up to 2× higher remote storage performance compared to Ebsv5, enabling greater workload consolidation and efficiency. With an NVMe interface for both local and remote disks, these VMs provide fast, low-latency storage access. The VM series also offers flexible configurations, with options for local SSD across multiple VM sizes.

Key feature improvements compared to the previous generation Ebsv5 Intel based VMs including:

Up to 15-30% better CPU performance, powered by the 5th Generation Intel® Xeon® Platinum 8573C (Emerald Rapids) processor
Up to 192 vCPU and 1832 GiB memory
Azure Boost which enables up to:
- 800K IOPS and 14GB/s remote storage throughput with Premium v2 and Ultra Disk support
- 15% higher remote storage performance per vCPU with up to 6600 IOPS/vCPU
- 10% higher remote storage throughput per vCPU
- Increased networking bandwidth, up to 200Gbps
- Enhanced security through Total Memory Encryption (Intel® TME) technology

In today’s data-driven world, organizations need to process, analyze, and extract insights from massive datasets quickly and efficiently. Workloads such as OLTP and OLAP, which power real-time transactions and analytics, demand high-performance compute and storage. Azure Ebsv6 VMs are built to meet these challenges by delivering fast, low-latency storage and flexible configurations to support demanding applications.

Ebsv6 & Ebdsv6 Series VM Spec Summary:

VM Series	vCPU	Memory (GiB)	Uncached Ultra Disk and Premium SSD v2 IOPS	Uncached Ultra Disk and Premium SSD v2 Throughput (MB/s)
Ebsv6/Ebdsv6	2 - 192	16 - 1832	13200 - 800000	330 - 14000

For local temp disk options, please refer to the Ebdsv6 page for full specifications. Whether you choose a VM with a local temp disk or not, you can attach remote persistent disk such as Premium Disk v1, Premium Disk v2, or Ultra Disks to the VMs.

Getting Started:

These VMs are available for Public Preview in the US East region. To request access to the preview, please fill out this survey.

You can learn more here:

Have questions? Please reach us at Azure Support and our experts will be there to help you with your Azure journey.

Announcing General Availability of Scheduled Actions for Azure Virtual Machines

TravisCragg_MSFT — Tue, 18 Nov 2025 17:35:21 GMT

Managing VMs at scale in Azure can be a pain. Subscription throttling can prevent your operations from being received, and having to track and retry intermittent failures adds extra overhead. Scheduled Actions reduces the complexity of managing concurrent API requests in Azure at scale and allows for scheduling actions at a time in the future.

What is Scheduled Actions?

Scheduled Actions is a separate resource provider that sits above our REST API and makes calls on your subscription’s behalf at the time that you specify. Schedule Actions gives the ability to manage the lifecycle of VMs at high scale on a periodic basis. Subscription throttling and retries due to transient errors are handled automatically to ensure that your operations succeed without additional overhead.

Scheduled Actions supports the following VM operations:

Stop
Start
Hibernate

Key Benefits

Scheduling

You can schedule actions to occur immediately or at a time you specify in the future.

Scale

Scheduled Actions supports up 5,000 concurrent operations for a single action.

Throttling

Scheduled Actions knows your subscription’s throttling limits and makes sure to send operations to Azure at your subscription’s limit until all operations have been received.

Retries

Scheduled Actions automatically tracks and retries errors that are transient in nature and likely to succeed with a retry.

How it Works

Scheduled Actions sits above the APIs for VM power state operations and sends actions on your behalf. Scheduled Actions ensures maximum operational throughput for your subscription on large-scale concurrent requests. Operations that fail due to intermittent or transient errors are automatically retried.

You can use batch calls of up to 100 VMs at a time to submit up to 5000 VMs for a single action. Scheduled Actions will generate an operation ID for each VM which can be used for checking the status of those operations. Actions can be executed immediately or can be submitted to trigger at a specified time. Actions scheduled at a future time can be cancelled.

Use Case – Contoso’s Event

Contoso needs 3,000 existing Azure VMs ready to use for a big weekend launch. The VMs need to be ready at 8am and be hibernated by 6:30pm.

Using Scheduled Actions, Contoso sends 30 batches of 100 VM IDs to start at 7:45am so they are available by 8. They do not need to have someone to submit the requests manually or create a custom application to send the requests.

They send another 30 batches of 100 VM IDs to Hibernate at 6:15pm so that all the VMs are Hibernated by 6:30pm. Scheduled Actions allows Contoso’s cloud infrastructure team to save time and effort in managing their Virtual Machines.

Getting Started

Visit the Scheduled Actions doc page here. - https://aka.ms/ScheduledActionsDocs

Enhancing Resiliency in Azure Compute Gallery

Sandeep-Raichura — Tue, 18 Nov 2025 18:32:42 GMT

In today's cloud-driven world, ensuring the resiliency and recoverability of critical resources is top of mind for organizations of all sizes. Azure Compute Gallery (ACG) continues to evolve, introducing robust features that safeguard your virtual machine (VM) images and application artifacts. In this blog post, we'll explore two key resiliency innovations: the new Soft Delete feature (currently in preview) and Zonal Redundant Storage (ZRS) as the default storage type for image versions. Together, these features significantly reduce the risk of data loss and improve business continuity for Azure users.

The Soft Delete Feature in Preview: A safety net for your Images

Many Azure customers have struggled with accidental deletion of VM images, which disrupts workflows and causes data loss without any way to recover, often requiring users to rebuild images from scratch. Previously, removing an image from the Azure Compute Gallery was permanent and resulted in customer dissatisfaction due to service disruption and lengthy process of recreating the image. Now, with Soft Delete (currently available in public preview), Azure introduces a safeguard that makes it easy to recover deleted images within a specified retention period.

How Soft Delete Works

When Soft Delete is enabled on a gallery, deleting an image doesn't immediately remove it from the system. Instead, the image enters a "soft-deleted" state, where it remains recoverable for up to 7 days. During this grace period, administrators can review and restore images that may have been deleted by mistake, preventing permanent loss. After the retention period expires, the platform automatically performs a hard (permanent) delete, at which point recovery is no longer possible.

Key Capabilities and User Experience

Recovery period: Images are retained for a default period of 7 days, giving users time to identify and restore any resources deleted in error.
Seamless Recovery: Recover soft-deleted images directly from the Azure Portal or via REST API, making it easy to integrate with automation and CI/CD pipelines.
Role-Based Access: Only owners or users with the Compute Gallery Sharing Admin role at the subscription or gallery level can manage soft-deleted images, ensuring tight control over recovery and deletion operations.
No Additional Cost: The Soft Delete feature is provided at no extra charge. After deletion, only one replica per region is retained, and standard storage charges apply until the image is permanently deleted.
Comprehensive Support: Soft Delete is available for Private, Direct Shared, and Community Galleries. New and existing galleries can be configured to support the feature.

To enable Soft Delete, you can update your gallery settings via the Azure Portal or use the Azure CLI. Once enabled, the "delete" operation will soft-delete images, and you can view, list, restore, or permanently remove these images as needed.

Learn more about Soft Delete feature at https://aka.ms/sigsoftdelete

Zonal Redundant Storage (ZRS) by Default

Another major resiliency enhancement in Azure Compute Gallery is the default use of Zonal Redundant Storage (ZRS) for image versions. ZRS replicates your images across multiple availability zones within a region, ensuring that your resources remain available even if a zone experiences an outage. By defaulting to ZRS, Azure raises the baseline for image durability and access, reducing the risk of disruptions due to zone-level failures.

Automatic Redundancy: All new image versions are stored using ZRS by default, without requiring manual configuration.
High Availability: Your VM images are protected against the failure of any single availability zone within the region.
Simplified Management: Users benefit from resilient storage without the need to explicitly set up or manage storage account redundancy settings.

Default ZRS capability starts with API version 2025-03-03; Portal/SDK support will be added later.

Why These Features Matter

Mitigate operational risks associated with accidental deletions or regional outages.
Minimize downtime and reduce manual recovery processes.
Promote compliance and security through advanced access controls and transparent recovery procedures.

To evaluate the Soft Delete feature, you may register for the preview and activate it on your galleries through the Azure Portal or RestAPI. Please note that, during its preview phase, this capability is recommended for assessment and testing rather than for production environments. ZRS is already available out-of-the-box, delivering image availability starting with API version 2025-03-03.

For comprehensive details and step-by-step guidance on enabling and utilizing Soft Delete, please review the public specification document at https://aka.ms/sigsoftdelete

Conclusion

Azure Compute Gallery continues to push the envelope on resource resiliency. With Soft Delete (preview) offering a reliable recovery mechanism for deleted images, and ZRS by default protecting your assets against zonal failures, Azure empowers you to build and manage VM deployments with peace of mind. Stay tuned for future updates as these features evolve toward general availability.

Reimagining VM Application Management for an AI-Powered, Secure Future

tanmay-gore — Tue, 18 Nov 2025 16:00:00 GMT

The Next Evolution in VM Software Management

Enterprises today face two simultaneous shifts that are transforming how virtual machine (VM) software is built, delivered, secured, and managed:

AI-driven automation is accelerating productivity — applications and configurations are now being generated, packaged, and deployed faster than ever before.
Rising security threats and global outages demand stronger administrative controls, trusted software sources, and local resiliency.

Traditional VM software deployment methods—such as scripts, custom images, or manual updates—can’t keep pace with these demands. They introduce risks like configuration drift, inconsistent environments, and limited visibility post-deployment.

Azure VM Applications provides a managed, end-to-end solution for VM software lifecycle management that enables faster publishing, secure deployment, and consistent governance at cloud scale.

End-to-end software management using Azure VM Applications

Achieving Faster Application Publishing & Deployment

Modern AI agents, DevOps workflows, and automated build pipelines are generating workloads at unprecedented speed. Azure VM Applications allows teams to match that pace with a reliable and managed way to deliver software into Azure Virtual Machines (VMs) and Virtual Machine Scale Sets (VMSS).

Key Benefits

Package anything – Package any binary, configuration script, app, file, or AI model into a reusable VM Application. VM Applications can act as a payload carrier, configuration service, app deployment engine, and monitoring service.
Publish & deploy faster – Publish within seconds, deploy or update independently without affecting other VM components.
Improved cross-team development – Different teams can publish independently. Deployment teams can deploy multiple published apps together or independently.
Deploy larger workloads – Deploy up to 25 applications (2 GB each) per VM without rebuilding images, making it ideal for workloads with large payloads like AI models, gaming apps, media rendering tools, data processing frameworks, etc.
Faster deployment than scripts – Applications are locally replicated within each Azure region or zone, enabling faster deployments than internet-based scripts.
Automation-ready integration – Works seamlessly with Azure DevOps, GitHub Actions, Jenkins, and GitLab Pipelines for CI/CD.
Instant updates through templates and APIs – Use ARM templates, PowerShell, or REST APIs to inject new app versions into existing workloads within seconds.

In short: Azure VM Applications turn traditional VM management into a modern, modular, and version-controlled process that keeps up with AI-scale automation.

Strengthening Security and Regional Resilience

The growth in security attacks across the software lifecycle and global service dependencies makes it essential to control what runs inside your VMs and where it comes from. Azure VM Applications enhances both security and operational resilience through trusted, locally managed publishing.

Key Benefits:

Private app repositories – Create private galleries and share to specific subscriptions and tenants. Published VM Applications are stored within your organization’s Azure environment.
Automatic regional replication – Apps are automatically replicated across Azure regions and zones for low-latency access and business continuity during outages.
Granular admin controls – Apply Azure Policy to inject and enforce apps and their versions across the infrastructure, ensuring compliance with security and governance standards.

Result: Localized control, compliance, and resilience—ensuring secure VM operations even under regional or global disruptions.

Managing the Complete Software Lifecycle

Azure VM Applications go beyond deployment. They embed management, governance, and monitoring directly into the platform—removing the need for separate tooling or manual oversight.

Key Benefits:

Versioned deployments for safe rollout and rollback.
Modular monitoring – Monitor the presence and state of each VM component across VMs and VMSS.
Unified monitoring and governance – Leverage Azure Resource Graph and Azure Policy for compliance and visibility.
Improved troubleshooting – Use Activity Logs and Resource Graph to track what’s running and changes across operations.

This unified approach replaces custom scripts and manual processes with a managed, traceable, and auditable software delivery model.

How to Publish and Deploy a VM Application

Publishing and deploying a VM Application in Azure is straightforward.

Step 1: Create and Publish

Upload your application package to an Azure Storage account.
Publish VM Application

Portal: Navigate to Azure Compute Galleries → Select a gallery → Create VM Application definition.

Add VM Application version

Portal: Navigate to Azure Compute Galleries → Select a gallery → Select VM Application definition → Add version.

Step 2: Deploy to VM or VMSS

Add during VM or VMSS creation
- Portal: Create VM/VMSS and add VM Applications under Advanced settings.
Update existing VMs or VMSS
- Portal: Navigate to Virtual Machines → Extensions + Applications under Settings → Add application.
Automate with CI/CD
- Integrate with Azure DevOps, GitHub Actions, Jenkins, or other CI/CD tools using PowerShell or CLI commands.

Result: Your VM Application is now published, versioned, and deployed securely across VMs and VMSS—ready for AI-scale workloads.

Learn More

Start modernizing your VM software management today:
👉 Azure VM Applications documentation
👉 How to deploy VM Applications

Announcing preview of new Azure Dlsv7, Dsv7, and Esv7 VMs based on Intel® Xeon® 6 processors

RishiGomatam — Tue, 18 Nov 2025 17:31:27 GMT

We are excited to announce the preview of new Azure Dlsv7/Dsv7 General Purpose and Esv7 Memory Optimized Virtual Machines (VMs) powered by the latest Intel® Xeon® 6 processors (Granite Rapids). These new VMs offer three different memory-to-vCPU ratios and offer options with and without local NVMe temp disks.

The latest Azure Intel-based v7 VMs are designed to power ever increasing compute demands in today’s data center environment and deliver exceptional performance across a wide range of workloads, from traditional enterprise applications to cutting edge AI.

These VMs deliver several important features and improvements as compared to the equivalent previous generation (v6) Intel-based VMs including:

Up to 15% better general compute performance, powered by Intel® Xeon® 6 CPUs with turbo frequencies up to 4.2 GHz and up to 2x higher memory bandwidth
Expanded sizes and memory capacity: Dsv7 and Esv7 VMs now scale up to 372 vCPUs with Esv7 VMs enabling up to 2.8TiB of memory
Increased networking and remote storage performance driven by latest Azure Boost capabilities:
- Up to 400 Gbps networking bandwidth with the largest size
- Up to 800k IOPS and 20 GBps throughput to Premium v2 and Ultra Disk remote storage with the largest size

The new VMs support three memory (GiB)-to-vCPU ratios with 2:1 (Dlsv7, Dldsv7), 4:1 (Dsv7, Ddsv7), and 8:1 (Esv7, Edsv7). Additionally, each VM family has options with and without local NVMe temp disks. Whether you choose a VM with a local temp disk or not, you can attach remote persistent disk such as Premium Disk v1, Premium Disk v2, or Ultra Disks to the VMs.

Dlsv7 and Dsv7 VMs offer a balance of memory to CPU performance and are ideal for many general computing workloads such as e-commerce systems, web applications, desktop virtualization solutions, application servers, and more.

Esv7 VMs offer a higher ratio of memory to CPU and are ideal for memory-intensive workloads such as SQL and noSQL database servers, data warehousing workloads, business intelligence applications, in-memory databases such as SAP and Redis, and in-memory analytics.

Join the Preview

Dlsv7, Dsv7, and Esv7 VM sizes with and without local NVMe temp disks will be available to test in preview in the East US 2 region. To request access to the preview, please fill out the survey form here. We look forward to hearing from you.

Your guide to Azure Compute at Microsoft Ignite 2025

melissahollingshed — Mon, 10 Nov 2025 20:41:35 GMT

The countdown to Microsoft Ignite 2025 is almost over— Microsoft Ignite - November 18–21, 2025! Whether you’ll be joining us in person or tuning in virtually, this guide is your essential resource for everything Azure Compute. Explore the latest advancements, connect with product experts, and expand your cloud skills through curated sessions and interactive experiences.

Attendees will have the opportunity to dive deep into new product capabilities and solutions, including ways to boost virtual machine performance, enhance resiliency, and optimize cloud operations. Be sure to add these sessions to your schedule for a personalized and can’t-miss Ignite experience.

Bookmark this guide for quick access to all the latest Azure Compute news and updates throughout Ignite 2025!

Featured sessions

Tuesday

BRK171: What's new and what's next in Azure IaaS

Level: Intermediate 200

In this session, we’ll introduce the latest capabilities across compute, storage, and networking. Uncover the advancements in Azure IaaS, driving performance, resiliency, and cost efficiency. We will present how Azure’s global backbone, enhanced capabilities, and expanding portfolio can support mission-critical, cloud native and AI workloads —while built-in security and flexible tiering help right-size app deployments and accelerate modernization.

Tuesday, November 18 | 2:30 PM-3:15 PM PST

Wednesday

BRK430: Inside Azure Innovations with Mark Russinovich

Level: Advanced 300

Join Mark Russinovich, CTO and Technical Fellow of Microsoft Azure. Mark will take you on a tour of the latest innovations in Azure architecture and explain how Azure enables intelligent, modern, and innovative applications at scale in the cloud, on-premises, and on the edge. Featuring some of the latest Compute announcements with Azure Boost.

Wednesday, November 19, 2:45 PM PST

Other related IaaS sessions

Use the following as a guide to build your session schedule with an emphasis on our Azure Compute topics. These sessions will be in person and recorded. Sessions Tuesday-Thursday will be live streamed.

Thursday

BRK176: Driving efficiency and cost optimization for Azure IaaS deployments

Level: Intermediate 200
Control cloud spend without compromising performance. This session shows how Azure IaaS helps IT leaders optimize costs through flexible pricing, built-in tools, and smart resource planning. Learn how to align infrastructure choices with workload requirements, reduce TCO, and make informed decisions that support growth and innovation. You will gain a deeper understanding of how Azure delivers a comprehensive set of services, tools, and financial instruments to optimize your cloud costs at scale.

Thursday, November 20^th, 9:45 AM PST

BRK217: Resilience by design: Secure, scalable, AI-ready cloud with Azure

Level: Advanced 300
Resiliency is foundational. Explore how resiliency on Azure enables secure, scalable, AI-ready cloud architectures. Learn to set resilience goals, simulate failures, and orchestrate recovery. See live demos and discover how shared responsibility empowers teams to deliver trusted, resilient outcomes.

Thursday, November 20^th, 1:00 PM PST

BRK178: Architecting for resiliency on Azure Infrastructure

Level: Intermediate 200
Discover how to build resilient cloud solutions on Azure by leveraging availability zones, multi-region deployments, and fungible products. This session explores architectural patterns, platform capabilities, and best practices to ensure high availability, fault tolerance, and business continuity for mission-critical workloads in dynamic and distributed environments.

Thursday, November 20, 1:00 PM PST

BRK148: Architect resilient apps with Azure backup and reliability features
Level: Advanced 300
Learn to use self-serve tools to strengthen zonal resiliency for critical workloads. Assess and validate resilience across VMs, DBs, and containers. Explore enhanced data and cyber resiliency with immutability and threat detection to guard against ransomware. Discover expanded workload coverage and real-time insights to proactively protect your applications and infrastructure.

Thursday, November 20, 3:30 PM PST

Friday

BRK146: Resiliency and recovery with Azure Backup and Site Recovery
Level: Advanced 300

This session will show how to secure, detect threats, and quickly recover critical workloads across Azure environments using advanced backup and disaster recovery solutions. It covers modern techniques like threat-aware backups, container protection, and seamless disaster recovery to help meet compliance and recovery objectives.

Friday, November 21, 9:00 AM PST

BRK149: Unlock cloud-scale observability and optimization with Azure
Level: Advanced 300
In this session, we'll deep dive into how Azure Monitor delivers end-to-end observability across your cloud and hybrid environments, helping you detect issues early and reduce mean time to recovery. We'll also share how new Copilot in Azure agents can extend this visibility into actionable cost and carbon efficiency insights—helping you identify optimization opportunities, validating recommendations, and streamlining resource performance for business impact.

Friday, November 21^st, 10:15 AM PST

BRK173: Azure IaaS best practices to enhance performance and scale

Level: Advanced 300

Azure IaaS can deliver excellent performance and scalability across a broad range of workloads. With high-throughput storage, low-latency networking, and intelligent auto-scaling, Azure supports demanding apps with precision. Learn how to optimize compute, storage, and network resources to meet performance goals, reduce costs, and scale confidently across global regions. Dive into the latest capabilities Azure Boost, Compute Fleet, Azure Virtual Machines, Azure Storage and Networking offer.

Friday, November 21, 10:15 AM PST

BRK172: Powering modern cloud workloads with Azure Compute

Level: Advanced 300
Uncover new VM offerings announcements and explore innovations like Azure Boost. Dive into the latest compute innovation at the core of Azure IaaS. Whether you're running mission-critical enterprise apps or scaling cloud-native services, discover how these innovations are unlocking new value for customers and get a preview of what’s coming next.

Friday, November 21, 11:30 AM PST

BRK168: Azure IaaS platform security deep dive

Level: Advanced 300
As organizations accelerate their cloud adoption, robust security for your Infrastructure as a Service platform is more critical than ever. This session will provide a comprehensive exploration of Azure’s security architecture, best practices, and innovations across four pillars: foundational security, compute security, network security, and storage security. Attendees will gain actionable insights to strengthen their cloud posture, ensure compliance, and protect sensitive workloads.

Friday, November 21^st ,11:30 AM PST

Upskill yourself with hands on labs

This section explains that live demos and hands-on labs are exclusively available to those who attend in person, providing them with a direct, firsthand experience.

Tuesday

LAB500: Attain unified observability and optimization in Azure

Level: Intermediate 200
Get an AI-powered view of your Azure workload health and performance while uncovering cost and carbon savings. In this lab, use AI to investigate anomalies, correlate telemetry, and drive optimization. Apply FinOps and sustainability insights, align health with SLI/SLO targets, and improve monitoring posture for lasting efficiency. Please RSVP and arrive at least 5 minutes before the start time, at which point remaining spaces are open to standby attendees.

Tuesday November 18^th, 2:45 PM PST

LAB520: Start, Get and Stay Resilient with Azure

Level: Intermediate 200
Understand the Start, Get, and Stay Resilient journey. Get equipped with tools & insights to architect mission critical applications with Azure’s Resiliency and Configuration experiences. Assess your resiliency posture, apply recommendations, validate your posture and orchestrate recovery. With the Essentials Machine Management bundle from Azure, manage and maintain the state of your resources, enforce configurations across devices and ensure resilience is not a one-time goal but an ongoing state. Please RSVP and arrive at least 5 minutes before the start time, at which point remaining spaces are open to standby attendees.

Tuesday, November 18^th, 4:30 PM PST

Revolutionizing Reliability: Introducing the Azure Failure Prediction and Detection (AFPD) system

andrewb710 — Fri, 31 Oct 2025 19:02:54 GMT

Blog authored by: Ayberk Ozturk, Andrew Boyd, Otis Smith, Sameer Hussain, Joao Madureira, Ronit Sharma, Isha Bhatia, Halley Ding, Parvaneh Alavi, Jelena Ilic, Kevin Meehan, Steven Li, Arhatha Bramhanand, Nathan Ernst, Abhishek Sanghai, Adam Wilson, Blake Wheaton, Dhruv Matta, Olubusola Femi-Fowode, Shweta Patil, and Tajinder Pal Singh Ahluwalia

Introduction

As part of the journey to consistently improve Azure reliability and platform stability, we launched Azure Failure Prediction & Detection (AFPD), Azure’s premiere shift-left reliability solution. AFPD became operational in 2024, unifying failure prediction, detection, mitigation, and remediation services into a single end-to-end system with the goal of preventing Azure Compute customer workload interruptions and repairing nodes at scale. AFPD builds upon previous reliability solutions such as Project Narya, adding new best practices and fleet health management capabilities on top of pre-existing failure prediction and mitigation capabilities. The end-to-end AFPD system has proven to further reduce the overall number of reboots by over 36% and allows for a proactive approach to maintaining the cloud. This system operates for all Azure Compute General Purpose, Specialized Compute, High Performance Computing (HPC)/Artificial Intelligence (AI) workloads and select Azure Storage scenarios. For a deeper dive, you can read the whitepaper here, which won Best Paper Award at the 2025 IEEE Cloud Summit!

How does AFPD advance Azure’s failure prediction and mitigation capabilities for customers?

Project Narya and several other existing Azure failure prediction and mitigation services effectively predicted and mitigated a broad range of hardware failures for customers, leveraging A/B testing and Multi-Armed Bandit models to improve mitigation techniques for customers over time. Building on the strengths of these systems, AFPD unifies prediction, detection, mitigation, notification, and remediation in a single end-to-end solution with a standard set of performance metrics. AFPD expands coverage to more hardware and software scenarios, uses new Contextual Bandit models alongside A/B and Multi-Armed Bandit methods, and introduces scaled node repair for better fleet health management. This proactive strategy improves reliability, reduces customer downtime, and enhances overall platform stability for a smoother Azure experience.

How does AFPD work?

AFPD’s ability to identify impending failure events and prevent downtime impact to customer workloads can be broken down into three phases: 1) failure prediction and detection, 2) failure mitigation, and 3) remediation.

Phase 1: Failure Prediction and Detection

Like Narya, AFPD rules and models monitor telemetry signals indicating node and component behavior from across the fleet. Current, AFPD primarily detects and predicts failures for key hardware components such as SSDs, along with select software scenarios. When these capabilities notice patterns in telemetry that indicate an ongoing failure or a likely future failure, the node in question is tagged and a request is sent to repair the node.

Phase 2: Mitigation

Once a repair request is sent, the mitigation service optimizes for both preventing customer impact and efficient node repair. Using optimized mitigation actions as suggested by a Contextual Bandit model or A/B testing and AFPD best practices, the mitigation service will take the following actions:

Mark the node “Unallocatable” to prevent new customer workloads from landing on the node
If eligible, Live Migrate customer workloads running on the node to a new, healthy node; if not eligible, a notification will be sent informing the customer that they need to take redeploy action (see "How can customers consume AFPD notifications?" section below)
Once customer migration actions have been taken, the node is ready to be swiftly removed from production and sent to be remediated

Phase 3: Remediation

Once customer workloads are evacuated from the node via Live Migration or customer redeploy, the node is assigned a fault code with relevant fault details. This ensures that once the node is sent to technicians for repair, the technicians can look at the targeted diagnostic information made beforehand by the subject matter expert prediction or detection capability, allowing for quicker testing to confirm the problem and perform swifter repair. Additionally, intelligent spare remediation capabilities proactively place spares so that once the affected node comes out, a spare part is ready and waiting to expedite repair. Once the node receives the correct repair and goes through additional diagnostics, it is quickly returned to production for customer use.

How can customers consume AFPD notifications?

To view and use AFPD notifications, we recommend leveraging both Flash Health events and Scheduled Events (SE). Flash Health events provide near real-time information on ongoing and historical availability disruptions. Scheduled Events offer proactive notifications prior to any impact on VM availability, including those detected by AFPD.

Navigating AFPD Events*

*The notification experience shown below is available for Azure public cloud customers in Compute and HPC/AI. Notifications may appear slightly different in Azure non-public offerings.

When AFPD detects potential issues, you’ll see detailed event notifications in the Azure portal under your Resource Health blade. These notifications provide context on the type of impact, timing, and recommended actions.

For example, if an unplanned degraded event is detected for the Host, and the workload can be automatically migrated by the platform, the following notification will be showcased:

Fig 1 - AFPD Event in Resource Health – note the recommended step to wait for migration completion

The notification will include:

Event details: Description of the issue (e.g., “The Physical Host in which your VM is running is potentially degraded”).
Deadline: A “before” timestamp indicating when the impact may occur (e.g., Redeploy before 8/21/2025 6:34 PM UTC).
Recommended steps: Based on your workload type, you may be asked to...

Wait for a completion notification, as the platform will attempt to automatically migrate your workload or,
Redeploy the VM to a different host to avoid disruption.

Additional resources: Links to documentation

Alternatively, if the VM cannot be moved automatically, the following event will clearly state that redeployment is the only action required, and may include a deadline:

Fig 2 - AFPD Event in Resource Health – note the recommended step to redeploy the VM with a specific deadline

Notification text: “Please redeploy your VM before 8/21/2025 9:49 PM UTC to a different host server to avoid unexpected disruptions.”
Recommended steps: Redeploy the VM immediately to a different host server as soon as possible.

Consume AFPD annotations through Project Flash endpoints*

* All below endpoints are available for Azure public cloud customers in Compute and HPC/AI. In Azure non-public offerings, the ARG and Event Grid endpoints are not yet available.

We’re making it easier than ever to stay on top of AFPD events and respond quickly to minimize disruption. AFPD events are delivered as part of the resource health annotations, which can be conveniently accessed through different endpoints of Project Flash.

You can easily find notifications related to AFPD events in the Resource Health portal along with other resource health events. This helps you stay aware of any ongoing platform issues affecting your resources.
For large-scale investigations, centralized tracking, or historical event lookups, you can query all the resource health annotations in HealthResources and HealthResourceChanges tables using Azure Resource Graph. The following example demonstrates how to retrieve only the AFPD annotations related to node degradation from the HealthResources table.

healthresources | where type =~ 'microsoft.resourcehealth/resourceannotations' | extend temp = parse_json(properties) | where temp.impactType == "Degraded"

Through Event Grid system topics, you can set up alerts and automatically trigger critical actions—such as redeploying or restarting VMs—using event handlers like Azure functions and Logic Apps. You also have full flexibility to manage your event filtering based on the JSON properties of the ResourceAnnotated events.

Consume AFPD events through Scheduled Events

We send events from AFPD through scheduled events so you can have a single source for all planned and unplanned availability impacts to your VMs. For automated resiliency, you can retrieve scheduled events within the VM through the Instance Metadata Endpoint. Then you can proactively migrate your workload away from at risk resources before the impact happens, reducing the downstream impact to your customers.

If you are a current user of scheduled events, you’re already receiving notifications from AFPD. You will just need to confirm that your workload is configured to handle not before times up to 7 days in the future. For new users, you can get started using scheduled events today with our code samples.

VM Watch for enhanced diagnostics and AFPD performance on L-Series

VM Watch is a lightweight, in-VM watchdog service that emits near real-time health signals from guest VMs, enabling Azure to detect regressions and initiate proactive recovery. Enabling VM Watch for L-Series workloads is specifically important for enabling better AFPD predictions and detections.

For onboarding, customers can enable VM watch through the Application Health Extension using tools like Azure CLI, PowerShell, ARM templates or Azure Policy. The onboarding process includes specifying a CohortId—typically a string name for customers, if they identify themselves—to group and track VM watch instances across a fleet. Once enabled, VM watch begins emitting signals immediately, thanks to its built-in suite of default tests that require minimal configuration. For L-Series VMs, which often run data-intensive workloads, VM watch can be particularly valuable in detecting issues like network connectivity failures, DNS resolution problems, and disk I/O anomalies. To onboard to VM watch, follow the steps in the linked page. In addition, VM watch can be configured to suit your specific requirements, including being able to view signals through a pre-configured Event Hub.

Streamline Cloud Spend with Azure Reserved VM Instances

kyleikeda — Wed, 29 Oct 2025 17:26:23 GMT

Cloud costs can feel like a runaway train, especially if you’re running GPU-heavy workloads for AI. Every hour of compute adds up, and before long, your forecasted budget is looking off.

This is where Azure Reserved Virtual Machine Instance can help. When customers commit to using a specific Virtual Machine in a region for a set time they’ll receive a discounted price.

In this blog we’ll follow a fictious company, Contoso, that is looking to optimize their VM spend while scaling their AI workloads. Contoso were training generative models and running inference on NC64as T4 v3 VMs in East US. These VMs are built for GPU acceleration, making them ideal for AI workloads. They used these VMs for deep learning inference, model fine-tuning, and batch processing at scale.

Performance was non-negotiable, but cost predictability was slipping away.

So how did they turn things around? With Azure Reserved VM Instances and leveraging Azure’s built-in tools.

What are Azure Reserved VM Instances?

Azure Reserved VM Instances (RIs) are an Azure commitment offer that provides a discount when you commit to Azure usage for 1 or 3 years. You pick a VM instance, region, and term, and Azure automatically applies the discount to any matching VM you run. No manual assignment, no runtime changes, just lower compute costs.

Why does this matter? Because if your workloads are predictable and stable, RIs can save you up to 72% compared to pay-as-you-go pricing for Windows and Linux virtual machines. For Contoso, that meant turning unpredictable GPU costs into a predictable, CFO-approved budget.

The challenge: “How do we start?”

Contoso had questions:

What if we resize VMs during model experiments?
What if usage shifts across subscriptions as teams grow?
How do we avoid overbuying and wasting money?

That’s where Azure’s ecosystem comes in:

Azure Advisor: Personalized recommendations based on your actual usage.
Instance size flexibility: Discounts apply across sizes in the same instance group.
Microsoft Cost Management: Monitor utilization, set alerts, and manage renewals.

Step 1: Let Azure Advisor do the math

Instead of guessing, Contoso opened Azure Advisor. Within seconds, they saw:

Which VM family (NCasT4_v3) was most consistent based on historical usage.
How many RIs to purchase.
Whether a 1-year or 3-year term made sense.

Azure Advisor even flagged idle VMs they could shut down before buying to avoid purchasing for resources that are not being used.

Step 2: Choosing the right scope

Here’s where Contoso faced a critical choice: scope. Scope determines where the RI discount applies:

Shared scope: Applies across all subscriptions in the same billing context.
Management group: Covers subscriptions grouped under a management hierarchy.
Single subscription: Simple, but limited to one subscription.
Resource group: Most accurate for chargeback costs.

Contoso had multiple teams running AI workloads in different subscriptions but under the same billing account. They wanted maximum utilization without losing visibility for chargeback. After reviewing governance policies, they chose Shared scope as it gave them broad coverage while keeping reporting simple in Cost Management.

Step 3: Buying RIs the smart way

Based on their Azure Advisor recommendations Contoso purchased:

NC64as T4 v3 RIs in East US for inference clusters (3-year term, upfront for maximum savings).

They scoped the reservations to Shared so discounts applied across multiple subscriptions. And they enabled instance size flexibility, meaning their NC64as T4 v3 RI could also cover smaller sizes in the NCasT4_v3 family if they scaled down during experiments. No lock-in panic.

Step 4: Monitoring like a pro

After purchase, Contoso didn’t just walk away. They set up:

Utilization alerts in Microsoft Cost Management (triggered if usage dipped below a predetermine threshold).
Auto-renewal to avoid unexpected spikes in cost when their RIs expired.

When they added new inference nodes for a production rollout, the RI discount applied automatically. When they resized a few training VMs for smaller models, instance size flexibility kept the savings intact.

The result? Big savings, zero compromise

Contoso cut GPU compute costs compared to pay-as-you-go. They kept performance rock solid, freed up budget for more experiments, and gave their CFO the predictability they craved.

What Contoso learned

Start with Advisor: It’s like having a FinOps analyst on demand.
Scope smartly: Shared scope boosts utilization, but align with your chargeback model.
Flexibility matters: Enable instance size flexibility for future-proofing.
Monitor relentlessly: Alerts and Cost Management dashboards keep you ahead of surprises.

Combine with Azure savings plan for compute if your workloads are less predictable and need additional flexibility

Why this matters for you

If you’re running AI workloads, or any predictable compute, Reserved Instances aren’t just a cost-saving trick. They’re a strategy for financial predictability, operational flexibility, and cloud efficiency.

Ready to start?
Visit the Azure portal to purchase your Reserved Instance today or read the Azure Reserved Instance documentation to learn more.

Resources:

Announcing Preview of vCore Customization: Disable Multithreading & Configurable Constrained Cores

eehindero — Thu, 23 Oct 2025 19:31:08 GMT

Today, we are excited to announce the public preview of VM vCore Customization feature in Azure introducing two powerful new capabilities: Disable Simultaneous Multi-Threading (SMT/HT) and Configurable Constrained Cores. These features give customers unprecedented control over virtual CPU configurations, enabling performance optimization and significant software licensing savings across a wide range of workloads.

VM vCore Customization is designed to meet the evolving needs of customers who require flexibility in how compute resources are allocated. Whether you're optimizing cost, performance, or compliance, these features allow you to tailor VM configurations to match your licensed capacity, workload profile, or infrastructure strategy without compromising on memory, storage, or I/O.

This launch marks a major milestone in Azure’s commitment to customizable infrastructure. By decoupling core count from VM size, customers can now deploy high-memory or high-bandwidth VMs with fewer active cores, reducing software licensing costs and improving efficiency. Combined with the ability to disable SMT for latency-sensitive workloads, VM vCore Customization unlocks new scenarios for database optimization, HPC, analytics, and more.

What’s New

With VM Customization, customers can now:

Disable Simultaneous Multi-Threading (SMT/HT Off): Configure supported VMs to run with one thread per core, giving workloads exclusive access to physical cores for improved performance and latency consistency.
Select Custom vCPU Counts: Choose from a guided list of valid vCPU counts per VM size to match licensing rights or workload needs without changing memory, storage, or I/O capabilities.

Why It Matters

VM vCore Customization is designed to resolve persistent customer challenges by offering greater flexibility in how virtual machines are configured. For performance-sensitive workloads such as high-performance computing or financial modeling, disabling hyperthreading allows for full-core isolation, which can significantly enhance performance.

For database workloads like SQL Server, Oracle, or SAP, VM vCore Customization enables customers to select only the number of cores they require, while still benefiting from the memory and bandwidth of larger VM sizes. This targeted approach can lead to substantial reductions in licensing costs.

Additionally, VM vCore Customization simplifies compliance and cost optimization, especially for organizations operating under Bring Your Own License (BYOL) models or per-core software agreements. By tailoring VM resources to precise needs, customers can better align their infrastructure with both technical and business requirements.

Join the Preview

VM vCore Customization is now available today in public preview across select regions, including West Central US, North Europe, East Asia, and UK South.

VM vCore Customization is available via Azure portal, ARM templates, Azure CLI and PowerShell. Only first-party OS images are supported, Marketplace images with third-party licensing are not supported.

To request access to the preview, please fill out the survey form here. We look forward to hearing from you.  

Public Preview for Sharing Capacity Reservation Groups - now available

Tarannum91 — Wed, 15 Oct 2025 22:47:39 GMT

The ability to share Capacity Reservation Groups (CRGs) with subscriptions is now in Public Preview.

Previously, customers could deploy VMs in a Capacity Reservation Group within the same subscription only. On-demand Capacity Reservation Group (CRG) can now be shared with other subscriptions. Using this option can make it easier to manage some common configuration needs like resource reuse, centralized capacity management, more cost-effective scale-out and separating security and capacity concerns.

For example, for resource reuse scenario, customers cannot use a Disaster Recovery Capacity Reservation Group for development testing purposes across subscriptions today. With the sharing feature, customers will be able to repurpose the Capacity Reservation Group for non-production workloads.

User Experience:

Sharing reserved capacity requires at least two subscriptions:

Provider subscription – the subscription that creates and hosts the Capacity Reservation Group and member Capacity Reservations.
Consumer subscription - another subscription that is granted access to the reserved capacity, obtaining the ability to deploy virtual machines (VMs) with the Capacity Reservation Service Level Agreement (SLA).

The deployed VMs must match one of the Capacity Reservations in the Capacity Reservation groups on SKU, location, and availability zone if applicable.

Example:

In this example, Subscription A is the Provider and Subscription B is the Consumer subscription.

Step 1: Share CRG X

A rights administrator in Subscription B must grant User “A” CRG “share” permissions.

User “A” (CRG owner) must then update the “sharing profile” of CRG X to include Subscription B. A given Capacity Reservation Group can be shared with up to 100 consumer subscriptions

Step 2: grant user access to CRG X

A rights administrator in Subscription A must grant User “B” (VM owner) read and deploy rights to CRG X in Subscription A.

Once complete, User B can deploy VMs by setting the “capacityReservationGroup” property on Virtual Machines or Virtual Machine Scale Sets.

Public Preview limitations:

Portal support is not available; API and other Azure clients are available.

Re-provisioning of VMSS VMs using a shared Capacity Reservation Group is not supported during a zone outage.

 Resources to get started: https://aka.ms/computereservationsharing.

Additionally, you can read the on demand capacity reservation documentation that includes sample code.

Background:

On-demand capacity reservations for Azure Virtual Machines let you deploy and manage the compute capacity required to run Azure Virtual Machines. This new feature enables your IT organization to reserve compute capacity for a VM size. The reservation can be for any length of time in any public Azure region or availability zone and supports most VM series. You can create and cancel an on-demand capacity reservation at any time; no commitment is required. 

The ability for you to access compute capacity–with SLA guarantees–ahead of actual VM deployments is particularly important to ensure the availability of business-critical applications running on Azure. On-demand capacity reservations can be combined with Azure Reserved VM Instances (RIs) to significantly reduce costs. 

Read the blog (link to tech community blog for Public Preview of specialty SKUs) for more details. You can also watch this video or read the documentation

Input Security Type	Returned Security Type with new API version
<null>	Standard
Standard	Standard
TrustedLaunch	TrustedLaunch
ConfidentialVM	ConfidentialVM