Announcing General Availability of Software Defined Networking (SDN) on Azure Local
Starting in Azure Local version 2510, we’re excited to announce the General Availability of Software Defined Networking (SDN) on Azure Local enabled by Azure Arc. This release introduces cloud-native networking capabilities for access control at the network layer, utilizing Network Security Groups (NSGs) on Azure Local. Key highlights in this release are: 1- Centralized network management: Manage Logical networks, network interfaces, and NSGs through the Azure control plane – whether your preference is the Azure Portal, Azure Command-Line Interface (CLI), or Azure Resource Manager templates. 2- Fine-grained traffic control: Safeguard your edge workloads with policy-driven access controls by applying inbound and outbound allow/deny rules on NSGs, just as you would in Azure. 3- Seamless hybrid consistency: Reduce operational friction and accelerate your IT staff’s ramp-up on advanced networking skills by using the same familiar tools and constructs across both Azure public cloud and Azure Local. Software Defined Networking (SDN) forms the backbone of delivering Azure-style networking on-premises. Whether you’re securing enterprise applications or extending cloud-scale agility to your on-premises infrastructure, Azure Local, combined with SDN enabled by Azure Arc, offers a unified and scalable solution. Try this feature today and let us know how it transforms your networking operations! Feature Capabilities Here’s what you can do today with SDN enabled by Azure Arc: ✅ Run SDN control plane (Network Controller) as a Failover Cluster service on the Azure Local physical hosts — no VMs required! ✅ Deploy logical networks — use VLAN-backed networks in your datacenter that integrate with SDN enabled by Azure Arc. ✅ Attach VM Network Interfaces — assign static or DHCP IPs to VMs from logical networks. ✅ Apply NSGs - create, attach, and manage NSGs directly from Azure on your logical networks (VLANs in your datacenter) and/or on the VM network interface. This enables a generic rule set for VLANs, with a crisper rule set for individual Azure Local VM network interface using a complete 5-tuple control: source and destination IP, port, and protocol. ✅ Use Default Network Policies — apply baseline security policies during VM creation for your primary NIC. Select well-known inbound ports such as HTTP (while we block everything else for you), while still allowing outbound traffic. Alternatively, you can select an existing NSG you already have. ✅ Azure Arc Resource Bridge (ARB) Disaster Recovery capable - In case ARB on the cluster needs to be recovered, NSGs and its rules can be recovered along with VMs and its associated resources. SDN enabled by Azure Arc vs. SDN managed by on-premises tools Choosing Your Path: Some SDN features like virtual networks (vNETs), Load Balancers (SLBs), and Gateways are not yet supported in SDN enabled by Azure Arc. But good news: you’ve still got options. If your workloads need those features today, you can leverage SDN managed by on-premises tools: - SDN Express (PowerShell) - Windows Admin Center (WAC) The SDN managed by on-premises tools continues to provide full-stack SDN capabilities, including SLBs, Gateways, and VNET peering, while we actively work on bringing this additional value to complete SDN enabled by Azure Arc feature set. You must choose one of the modes of SDN management and cannot run in a hybrid management mode, mixing the two. Please read this important consideration section before getting started! Thank You to Our Community This milestone was only possible because of your input, your use cases, and your edge innovation. We're beyond excited to see what you build next with SDN enabled by Azure Arc. To try it out, head to the Azure Local documentation Let’s keep pushing the edge forward. Together!Upgrade Azure Local operating system to new version
11/14/2025 Revision The recommended upgrade paths have changed with the Azure Local 2510 release, and the information in this blog is now outdated. Please refer to the following release notes for the latest information: Azure Local release information Today, we’re sharing more details about the end of support for Azure Local, with OS version 25398.xxxx (23H2) on October 31, 2025. After this date, monthly security and quality updates stop, and Microsoft Support remains available only for upgrade assistance. Your billing continues, and your systems keep working, including registration and repair. There are several options to upgrade to Azure Local, with OS version 26100.xxxx (24H2) depending on which scenario applies to you. Scenario #1: You are on Azure Local solution, with OS version 25398.xxxx If you're already running the Azure Local solution, with OS version 25398.xxxx, there is no action required. You will automatically receive the upgrade to OS version 26100.xxxx via a solution update to 2509. Azure Local, version 23H2 and 24H2 release information - Azure Local | Microsoft Learn for the latest version of the diagram. If you are interested in upgrading to OS version 26100.xxxx before the 2509 release, there will be an opt-in process available in the future with production support. Scenario #2: You are on Azure Stack HCI and haven’t performed the solution upgrade yet Scenario #2a: You are still on Azure Stack HCI, version 22H2 With the 2505 release, a direct upgrade path from version 22H2 OS (20349.xxxx) to 24H2 OS (26100.xxxx) has been made available. To ensure a validated, consistent experience, we have reduced the process to using the downloadable media and PowerShell to install the upgrade. If you’re running Azure Stack HCI, version 22H2 OS, we recommend taking this direct upgrade path to the version 24H2 OS. Skipping the upgrade to the version 23H2 OS will be one less upgrade hop and will help reduce reboots and maintenance planning prior to the solution upgrade. After then, perform post-OS upgrade tasks and validate the solution upgrade readiness. Consult with your hardware vendor to determine if version 24H2 OS is supported before performing the direct upgrade path. The solution upgrade for systems on the 24H2 OS is not yet supported but will be available soon. Scenario #2b: You are on Azure Stack HCI, version 23H2 OS If you performed the upgrade from Azure Stack HCI, version 22H2 OS to version 23H2 OS (25398.xxxx), but haven’t applied the solution upgrade, then we recommend that you perform post-OS upgrade tasks, validate the solution upgrade readiness, and apply the solution upgrade. Diagram of Upgrade Paths Conclusion We invite you to identify which scenarios apply to you and take action to upgrade your systems. On behalf of the Azure Local team, we thank you for your continuous trust and feedback! Learn more To learn more, refer to the upgrade documentation. For known issues and remediation guidance, see the Azure Local Supportability GitHub repository.
A Guide to Adaptive Cloud at Microsoft Ignite 2025
Get ready to supercharge your Ignite experience! This guide is your go‑to playbook for all things Adaptive Cloud. You’ll find clear pointers on where to learn about the latest updates for unifying hybrid, multicloud, and edge environments, with the latest updates from Azure Monitor, Azure Local, Azure Backup, and more. Connect with experts and peers, prioritize sessions, and navigate the event flow with quick links to the session catalog and resources to confirm times and locations throughout the event. We can’t wait to connect!Azure Migrate Expands Capabilities to Accelerate Migration to Azure Local
As organizations accelerate their digital transformation, Microsoft provides flexible paths to migrate and modernize applications, enabling businesses to choose the best approach for their needs - whether embracing the cloud, leveraging cloud-managed infrastructure locally, or balancing both. Unified management, governance, and security can be applied across all strategies, empowering organizations to utilize cloud-based tools, policies, and monitoring wherever their workloads reside. Many organizations operate virtualized environments and can optimize and modernize their infrastructure with several proven approaches. These strategies allow teams to maximize existing investments while exploring new opportunities for agility, cost savings, and growth. Three Paths to Modernization Modernize and Move: For applications ready to evolve, Azure’s IaaS and PaaS offerings provide a secure and scalable foundation to reduce costs, increase agility, and spark innovation. Azure Migrate supports readiness assessments, cost estimates, business case development, and seamless transitions - all while maintaining centralized governance and security throughout the process. Lift and Optimize: For VMware customers looking for a fast path to the cloud, Azure VMware Solution (AVS) allows organizations to rehost existing VMware workloads with minimal disruption and no code changes. AVS is a VMware VCF private cloud in Azure that allows organizations to leverage their portable VCF licenses and connect to 200+ Azure services. Customers can use Azure Migrate for assessment and planning, leverage VMware HCX for seamless migrations, and connect Azure Arc for centralized governance, unified management and enhanced security across cloud and hybrid environments. Edge-Optimized Deployment: For workloads that need to remain close to where data is created or consumed – whether for low latency, regulatory compliance, data residency, or sovereign requirements - Azure Local leverages Azure Arc to extend Azure services across distributed environments, providing a sovereign, cloud-managed platform with local control. Azure Local and its centralized management enabled by Azure Arc supports OEM hardware partners such as Dell, Lenovo, HPE, and more, ensuring flexibility, operational assurance, and compliance-ready governance. Enhanced and Unified Management: Across all three options, organizations can enhance their strategy with unified management, governance, and security via Azure control plane - benefiting from cloud-based capabilities no matter where their workloads run. General Availability: Azure Migrate supports VMware VMs to Azure Local Today, we are excited to announce the General Availability of Azure Migrate support for migrating VMware VMs to Azure Local. With this release, organizations can easily move their VMware workloads to cloud-managed infrastructure while maintaining consistency across environments. Key Features Orchestrate migrations from Azure portal: Gain full visibility into replication progress, cutover readiness, and migration history. Leverage an agentless architecture: Simplify deployment across large VMware environments without installing agents on source VMs. Replicate with no downtime impact: Keep critical workloads running while data synchronizes in the background. Migrate securely with sovereign control: Maintain full data residency and operational sovereignty while keeping all VM migration traffic and data entirely on-premises. Perform cutovers with minimal downtime: Use optimized Azure Migrate techniques to reduce disruption. This GA milestone brings several advanced features shaped by customer and partner feedback during the preview, such as: Static IP address retention for Windows and Linux VMs. PowerShell migration support for scripting and automation. Advanced compute and disk customization during migration. Get Started! Ready to get started? Visit Azure Migrate documentation to explore: Monthly product updates. Prerequisites and requirements. Tutorials for VMware to Azure Local VM migrations. FAQs and troubleshooting guides. Thank you to our Community We’d like to thank all the customers and partners who participated in the preview program and provided invaluable feedback. Your input has directly shaped this GA release, and we’re excited to continue building with you.Operate everywhere with AI-enhanced management and security
Farzana Rahman and Dushyant Gill from Microsoft discuss new AI-enhanced features in Azure that make it simpler to acquire, connect, and operate with Azure's management offerings across multiple clouds, on-premises, and at the edge. Key updates include enhanced management for Windows servers and virtual machines with Windows Software Assurance, Windows Server 2025 hotpatching support in Azure Update Manager, simplified hybrid environment connectivity with Azure Arc gateway, a multicloud connector for AWS, and Log Analytics Simple Mode. Additionally, Azure Migrate Business Case helps compare the total cost of ownership, and new Copilot in Azure capabilities that simplify cloud management and provide intelligent recommendations.
Addressing Air Gap Requirements through Secure Azure Arc Onboarding
This blog post explores the challenges and solutions for implementing air gap environments in highly regulated sectors like finance, healthcare, and government. It discusses the complexities of air gap implementation, the importance of control and data plane separation, and provides architectural patterns for secure Azure Arc onboarding. By adopting a zero-trust approach and leveraging Azure Arc, organizations can achieve secure, compliant connectivity while modernizing their IT operations.
Announcing General Availability of Azure Local on Microsoft Azure Government Cloud
We are excited to announce that Azure Local is now generally available for Azure Government customers. Building on the momentum from our public preview, Azure Local is ready for production deployments, enabling government organizations to run cloud-connected infrastructure at their own physical locations under their operational control and helps them align compliance with stringent regulatory and security requirements. What is Azure Local? Azure Local brings the familiar Azure experience to your on-premises infrastructure allowing agencies to deploy, manage, and scale infrastructure locally while more easily integrating with the broader Azure ecosystem. With Azure Local, government customers benefit from unified management, robust security, and operational flexibility, whether running virtual machines, containers, or mission-critical applications. Key Features Streamlined Deployment & Management: Azure Local enables agencies to deploy, configure, and manage infrastructure directly from the Azure portal or using infrastructure-as-code tools like ARM templates. This approach helps simplify provisioning, allows for consistency across environments, and reduces operational overhead. IT teams can quickly set up clusters, define networking and storage, and automate updates, making day-to-day management predictable and efficient. Unified Observability: With native integration to Azure Monitor and Azure Arc, Azure Local provides comprehensive visibility across all distributed resources. Agencies can monitor virtual machines, Kubernetes clusters, and physical infrastructure from a single dashboard, leveraging over 60 built-in metrics, insights dashboards, and customizable alert rules. This unified view helps teams proactively manage performance, troubleshoot issues, and maintain compliance across both local and cloud environments. Non-Disruptive Updates: Azure Local helps support easier update management through Azure Update Manager. Administrators can schedule and apply updates to one or multiple instances with just a few clicks. The platform orchestrates workload migration and rolling updates across physical nodes, helping mission-critical applications remain available and uninterrupted, even during maintenance windows. Flexible Workload Support: Agencies can run a wide range of workloads on Azure Local, from general-purpose Azure Local Virtual Machines to containerized applications using Arc enabled Azure Kubernetes Services. The platform helps offer flexible sizing, networking, and storage options to meet diverse requirements. Customers can bring their own VM images for specialized needs or select from a curated set of images in the Azure Marketplace, enabling rapid deployment of both legacy and modern workloads. Security by Default: Azure Local is built with a hardened security posture, leveraging Microsoft’s best practices for infrastructure protection. Integration with Microsoft Defender for Cloud helps provide more unified security management, continuous threat detection, and automated remediation across all resources. Agencies can benefit from advanced security controls, including network isolation, identity management, and compliance monitoring. Extended Security Updates (ESU): For agencies running legacy Microsoft products, Azure Local helps offer access to Extended Security Updates, enabling continued protection with fundamental patches beyond end-of-support dates. This capability helps organizations maintain compliance and security for older workloads while planning for modernization. Trusted Launch: Azure Local supports Trusted Launch for virtual machines, providing enhanced protection against rootkits and bootkits. VMs are equipped with virtual TPM (vTPM), enabling Secure Boot and features like BitLocker encryption. The vTPM state is preserved during live migration and automatic failover, enabling data integrity and security throughout the VM lifecycle. Getting Started Visit the https://portal.azure.us/ to download the latest Azure Local OS image and create your instance. Customize your deployment to meet your agency’s requirements for cluster configuration, networking, and storage. To learn more, visit https://learn.microsoft.com/en-us/azure/azure-local/ Why Azure Local for Government? Azure Local helps deliver the scalability, reliability, and compliance government agencies desire while maintaining operational control and data residency. Agencies can confidently modernize infrastructure, support mission-critical workloads, and meet evolving regulatory standards. Conclusion The general availability of Azure Local in Azure Government marks a major milestone in empowering agencies with secure, scalable, and efficient distributed cloud infrastructure. We invite government customers to deploy Azure Local today and unlock new possibilities for modernization and operational excellence. Stay tuned for ongoing enhancements as we continue to innovate and expand Azure Local’s capabilities to support your mission.Announcing the General Availability of Arc Gateway for Azure Local
Hello everyone, Now that the Azure Arc gateway is GA is announced, we are super happy to also announce the General Availability of the Arc Gateway for Azure Local! This launch represents a major leap forward in how organizations can securely and efficiently connect their on-premises and edge environments to Azure. Arc Gateway revolutionizes Azure Local connectivity to Azure If you’ve ever tried to connect on-premises resources to Azure, you know the challenges: dozens (sometimes hundreds!) of outbound firewall rules, complex configurations, and ongoing security concerns. It’s a lot to manage, and frankly, it’s not the experience we want for our customers or partners. Arc Gateway changes the game. With a single, centralized HTTPS egress point for all Azure-bound traffic from your Azure Local instances and workloads, you dramatically reduce complexity and risk. Instead of managing countless endpoints, you only need to allow a small, well-defined set—making your environment more secure and much easier to operate. What Makes Arc Gateway for Azure Local to Stand Out? Let me highlight what makes Arc Gateway stand out: Unified and secure Azure Traffic Management: All HTTPS traffic from your Azure Local instances flows through one front door—the Arc Gateway. No more sprawling firewall rules or wildcards. Significantly Fewer Endpoints: We’ve reduced the number of required endpoints from over 100 to fewer than 28. This means less guess work and a much simpler security posture. Comprehensive Integration for your workloads: Arc Gateway isn’t just for infrastructure endpoints. It also fully supports Azure Local VMs with Arc gateway, and AKS clusters in preview mode, streamlining connectivity across your entire hybrid estate. Seamless Enterprise Proxy Integration: Already using an enterprise proxy? Arc Gateway fits right in, routing outbound traffic through your existing proxy before heading to Azure. For a deeper technical dive, I encourage you to check out our detailed article: Azure Local – Arc gateway outbound connectivity deep dive FAQs: Is it possible to enable Arc gateway on my existing Azure local clusters? We are working hard to enable this feature in a future release of Azure Local. Can I enable Arc gateway on my existing Azure Local VMs if it was not enabled for the infrastructure during deployment? Using Arc gateway for your Azure Local VMs is possible regardless of the infrastructure. If you have a working Arc gateway resource you can deploy new Azure Local VMs or attach existing Azure Local VMs if guest management is enabled. Can I enable Arc gateway on my existing Azure Local AKS Clusters? If you enabled Arc gateway during deployment for the Azure Local infrastructure, AKS Clusters will implicitly leverage the Arc gateway running on the hosts. AKS Clusters running in Azure Local with Arc gateway will remain in Public Preview until GA is released in the future. Getting Started: To get started with Arc gateway for Azure Local, visit our documentation and deployment guides. We encourage you to explore the new capabilities and share your feedback with the team. Arc gateway in Azure Local overview Overview of Azure Arc gateway for Azure Local - Azure Local | Microsoft Learn How to deploy Azure Local using Arc gateway. Register Azure Local using Arc gateway - Azure Local | Microsoft Learn How to deploy Azure Local VMs using Arc gateway. Create Azure Local virtual machines using Arc gateway - Azure Local | Microsoft Learn How to deploy AKS Clusters on Azure Local using Arc gateway. Create AKS cluster in Azure Local with Arc gateway | Microsoft Learn Cristian Edwards, Azure Local Principal Product ManagerAnnouncing the preview of Software Defined Networking (SDN) on Azure Local
Big news for Azure Local customers! Starting in Azure Local version 2506, we’re excited to announce the Public Preview of Software Defined Networking (SDN) on Azure Local using the Azure Arc resource bridge. This release introduces cloud-native networking capabilities for access control at the network layer, utilizing Network Security Groups (NSGs) on Azure Local. Key highlights in this release are: 1- Centralized network management: Manage Logical networks, network interfaces, and NSGs through the Azure control plane – whether your preference is the Azure Portal, Azure Command-Line Interface (CLI), or Azure Resource Manager templates. 2- Fine-grained traffic control: Safeguard your edge workloads with policy-driven access controls by applying inbound and outbound allow/deny rules on NSGs, just as you would in Azure. 3- Seamless hybrid consistency: Reduce operational friction and accelerate your IT staff’s ramp-up on advanced networking skills by using the same familiar tools and constructs across both Azure public cloud and Azure Local. Software Defined Networking (SDN) forms the backbone of delivering Azure-style networking on-premises. Whether you’re securing enterprise applications or extending cloud-scale agility to your on-premises infrastructure, Azure Local, combined with SDN enabled by Azure Arc, offers a unified and scalable solution. Try this feature today and let us know how it transforms your networking operations! What’s New in this Preview? Here’s what you can do today with SDN enabled by Azure Arc: ✅ Run SDN Network Controller as a Failover Cluster service — no VMs required! ✅ Deploy logical networks — use VLAN-backed networks in your datacenter that integrate with SDN enabled by Azure Arc. ✅ Attach VM Network Interfaces — assign static or DHCP IPs to VMs from logical networks. ✅ Apply NSGs - create, attach, and manage NSGs directly from Azure on your logical networks (VLANs in your datacenter) and/or on the VM network interface. This enables a generic rule set for VLANs, with a crisper rule set for individual Azure Local VM network interface using a complete 5-tuple control: source and destination IP, port, and protocol. ✅ Use Default Network Policies — apply baseline security policies during VM creation for your primary NIC. Select well-known inbound ports such as HTTP (while we block everything else for you), while still allowing outbound traffic. Or select an existing NSG you already have! SDN enabled by Azure Arc (Preview) vs. SDN managed by on-premises tools Choosing Your Path: Some SDN features like virtual networks (vNETs), Load Balancers (SLBs), and Gateways are not yet supported in the SDN enabled by Azure Arc (Preview). But good news: you’ve still got options. If your workloads need those features today, you can leverage SDN managed by on-premises tools: - SDN Express (PowerShell) - Windows Admin Center (WAC) The SDN managed by on-premises tools continues to provide full-stack SDN capabilities, including SLBs, Gateways, and VNET peering, while we actively work on bringing this additional value to complete SDN enabled by Azure Arc feature set. You must choose one of the modes of SDN management and cannot run in a hybrid management mode, mixing the two. Please read this important consideration section before getting started! Thank You to Our Community This milestone was only possible because of your input, your use cases, and your edge innovation. We're beyond excited to see what you build next with SDN enabled by Azure Arc. To try it out, head to the Azure Local documentation Let’s keep pushing the edge forward. Together!
EOL of Azure Linux 2.0 on Azure Kubernetes Service enabled by Azure Arc
Azure Linux 2.0 will reach its End of Life (EOL) in July 2025 Azure Linux 2.0 (formerly CBL-Mariner) will reach its official End of Life (EOL) on July 31, 2025. After this date, it will no longer receive updates, security patches, or support from the Azure Linux team. Starting with the Azure Local 2507 release, Azure Kubernetes Service enabled by Azure Arc will ship Azure Linux 3.0 images for all supported Kubernetes versions. This change applies to all AKS enabled by Azure Arc deployments, as we have used Azure Linux 2.0 as the base image in the past. To maintain security compliance and ensure continued support, all AKS Arc customers must plan on migrating to Azure Linux 3.0 at the earliest by upgrading their Azure Local instances to the 2507 release, when it is available. What's new in Azure Linux 3.0 Approximately every three years Azure Linux releases a new version of its operating system with upgrades to major components. Azure Linux 3.0 offers increased package availability and versions, an updated kernel, and improvements to performance, security, and tooling and developer experience. Some of the major components upgraded from Azure Linux 2.0 to 3.0 include: Component Azure Linux 3.0 Azure Linux 2.0 Release Notes Linux Kernel v6.6 (Latest LTS) V5.15 (Previous LTS) Linux 6.6 Containerd v1.7.13, but will also offer v2.0 once it becomes stable 1.6.26 Containerd Releases SystemD v255 V250 Systemd Releases OpenSSL v3.3.0 V1.1.1k OpenSSL 3.3 For more details on the key features and updates in Azure Linux 3.0 see the 3.0 GitHub release notes. Upgrading to Azure Linux 3.0 Once the Azure Local 2507 release is available, update to 2507 . Once your Azure Local instance has upgraded, you can then upgrade your Kubernetes clusters You can choose to the remain on the same Kubernetes version and provide the same version number in the aksarc upgarde command. Once the upgrade is completed, you should be able to check the kernel version on your Linux nodes. Kernel version v6.6 is the latest Azure Linux 3.0 version. Sample command kubectl --kubeconfig /path/to/aks-cluster-kubeconfig get nodes -o wide Sample output NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME moc-lsbe393il9d Ready control-plane 3h14m 100.72.248.133 100.72.248.133 <none> CBL-Mariner/Linux 6.6.92.2 Containerd://1.6.26 moc-lzwagtkjah5 Ready control-plane 3h12m 00.72.248.134 v1.30.4 <none> CBL-Mariner/Linux 6.6.92.2 Containerd://1.6.26 FAQs Is Azure Linux same as Mariner? Yes, Mariner was rebranded to Azure Linux. We will slowly update our documentation and VM/container image tags to reflect this name change When did Azure Linux 3.0 GA? Azure Linux 3.0 became generally available in August 2024. When will Azure Linux 3.0 reach End of Life (EOL)? We currently support each major version for 3 years after it becomes generally available. Azure Linux 3.0 will reach EOL in Summer 2027. How to keep in touch with the AKS Arc team For updates, feedback, and feature requests related to AKS Arc: Ask questions & submit feedback via AKS Arc GitHub Issues Partners with support questions can reach out to aks-hci-talk@microsoft.com
