AKS enabled by Azure Arc: Powering AI Applications from Cloud to Edge [Ignite 2025]
A New Era for Hybrid Kubernetes and AI Microsoft Ignite 2025 continues to accelerate Azure’s hybrid vision, extending cloud-native innovation into datacenters, factories, retail sites, and remote, fully disconnected environments. This year’s announcements expand the capabilities of AKS enabled by Azure Arc, making it the most versatile and secure platform for deploying modern applications and AI workloads across any environment. AKS Arc now underpins Azure’s hybrid and edge strategy — and increasingly its hybrid AI strategy by delivering consistent operations, strong security, and flexible deployment models for distributed applications. TL;DR: New AKS Arc offering and features in 2025 Azure Kubernetes Fleet Manager for Arc-enabled clusters Public Preview AKS on Azure Local Disconnected Operations Public Preview Improvements to AKS on Azure Local, including lifecycle, portability, additional GPU support and hardware support expansion. Improvements to AKS on Windows Server, improved platform reliability, security, and consistency through fixes to image packaging, dependency handling, node/agent synchronization, certificate and key management, error detection, telemetry and cleanup of stale resources 2-Node High Availability for AKS Arc at the edge Private Preview AI Foundry Local integration for offline/hybrid AI development KAITO on AKS Arc Public Preview for hybrid/edge model deployment Edge RAG on Azure Local Arc Gateway for AKS Arc Public Preview KMS v2 for secrets encryption on AKS on Azure Local Expanded GPU support for AKS Arc on Azure Local (RTX 6000 Ada GA, NVIDIA L-series Preview) AKS Container Apps on Azure Local Public Preview AKS Edge Essentials release for improved stability and offline operations Arc-enabled Azure Monitor Pipeline, Workload Identity Federation, and Azure Container Storage enhancements Azure Linux 3.0 support, Key Vault Secret Store extension Azure Kubernetes Fleet Manager for Arc-enabled clusters As customers scale Kubernetes across datacenters, edge sites, and multiple clouds, fleet operations become increasingly complex. To address this, Azure Kubernetes Fleet Manager now supports Azure Arc-enabled clusters in Public Preview, extending centralized fleet management to any CNCF-compliant Kubernetes distribution, regardless of where it runs. With Arc-enabled clusters onboarded as Fleet Manager members, teams gain a single place to monitor fleet health, enforce governance, and deploy apps and configurations consistently across environments. Intelligent workload placement further simplifies running the right workloads in the right places, helping customers reduce operational overhead while improving agility and reliability for distributed Kubernetes at scale. Fleet Manager now supports Arc-enabled Kubernetes clusters for unified multi-cluster management. Enables centralized health visibility, consistent configuration rollout, and smarter workload placement across hybrid and multi-cloud fleets. Learn more. AKS on Azure Local: Evolving the Hybrid Managed Kubernetes Platform This year, AKS on Azure Local introduces several major enhancements that broaden where and how customers can deploy AKS as their managed Kubernetes platform at the edge. Disconnected Operations Public Preview AKS on Azure Local can now operate entirely offline, supporting customers in sovereign, regulated, or isolated environments. Clusters can be deployed, managed, and updated without continuous Azure connectivity, syncing only when connectivity is temporarily restored. Small Form Factor Bare-Metal Preview The new SFF edition brings AKS to compact industrial PCs and constrained retail or factory environments. It delivers bare-metal performance in a much smaller footprint, including optional GPU support for edge inferencing. Improvements to Azure Local Azure Local continues to mature with expanded hardware compatibility, improved lifecycle reliability, and better workload portability across cloud and local deployments — enabling enterprises to standardize on AKS across all tiers of infrastructure. 2-Node High Availability for the Edge For space- and cost-constrained environments, AKS Arc can support HA clusters with only two nodes, enabling robust production workloads in places where traditional 3-node clusters are not feasible. Operational Excellence with AKS Arc Enterprises operating distributed Kubernetes fleets will benefit from new governance and connectivity capabilities. AKS Arc Gateway Public Preview Arc Gateway simplifies hybrid connectivity by streamlining cluster onboarding and reducing required firewall rules. This creates a more secure and operationally efficient pattern for managing large fleets of Arc-enabled clusters. KMS v2 for Kubernetes secrets encryption at rest in etcd KMS v2 enhances Kubernetes secret encryption for hybrid and on-prem clusters, delivering improved reliability, stronger security boundaries, and consistency with Azure’s cloud-native cryptography approach. AKS as the Hybrid AI Application Platform AI is the defining theme of Ignite 2025 and AKS enabled by Azure Arc is now the foundation for deploying AI where the data resides. Organizations increasingly need to run AI models in datacenters, factories, field environments, and sovereign locations, and this year’s updates establish AKS Arc as Azure’s platform for distributed and offline AI workloads. AI Foundry Local: Build and Fine-Tune AI Models Anywhere AI Foundry Local brings Azure AI Foundry’s core capabilities: the curated model catalog, development tools, templates, and fine-tuning support into customer environments. It allows developers to run foundation models locally using optimized execution paths for GPUs, NPUs, and CPUs; fine-tune models with LoRA/QLoRA in regulated or offline scenarios; and package model artifacts for deployment on AKS clusters. This enables a complete hybrid AI development loop that works both online and fully disconnected. KAITO Public Preview on AKS Arc KAITO automates model serving across cloud, datacenter, and edge. Now available on AKS Arc, it provides one-click packaging, optimization, and deployment of models built in AI Foundry Local. Customers can run ONNX, Hugging Face, or custom models with edge-aware performance optimization across diverse hardware, including CPU-only and GPU-accelerated nodes. Expanded GPU Capabilities Hybrid AI workloads benefit from expanded GPU options, including general availability of the NVIDIA RTX 6000 Ada, preview support for NVIDIA L-series GPUs, and new GPU Partitioning (GPU-PV) support for efficient resource utilization. These capabilities make it possible to run high-performance inferencing and training workloads across a wide range of hybrid deployment scenarios. RAG on Azure Local: Bring Generative AI to On-Premises Data RAG (Retrieval-Augmented Generation) on Azure Local enables organizations to ground AI in their own on-premises data without moving information to the cloud. Delivered as a first-party Azure Arc extension, it provides an integrated retrieval pipeline for ingesting, indexing, and querying enterprise content stored in datacenters or edge locations. With support for hybrid search, multi-modal data, evaluation tooling, and responsible AI controls, organizations can build RAG applications that remain fully compliant with data sovereignty requirements while reducing latency and improving accuracy. By running the full RAG workflow locally — from retrieval to generation — customers can create intelligent applications that leverage proprietary documents, images, and other unstructured data directly within their secure environments. Expanding Application Capabilities at the Edge AKS Container Apps on the Edge A major milestone this year is the public preview of ACA on the edge, enabling teams to bring the simplicity of Azure Container Apps to Azure Local. Developers can deploy AI-powered microservices, inference endpoints, and event-driven applications at the edge using the same ACA programming model used in Azure. AKS Edge Essentials The latest release improves cluster stability, enhances offline lifecycle operations, and strengthens both Linux and Windows support, making it easier to operate AKS at scale in constrained or intermittently connected environments. Enhanced Storage, Telemetry, and Security for Hybrid AI Distributed AI workloads require robust identity, storage, and observability patterns, and Ignite brings major updates in all three areas. The Arc-enabled Azure Monitor Pipeline improves telemetry ingestion across disconnected or segmented networks, caching data locally and syncing to Azure when connectivity is available. Workload Identity Federation for Arc enables secure, secret-less identity for workloads running at the edge. And Azure Container Storage enabled by Arc, now expanded for AKS Arc clusters, provides a high-performance persistent storage layer suited for vector stores, embedding caches, cloud ingest and mirror. Conclusion Ignite 2025 represents a major step forward for AKS enabled by Azure Arc as both a hybrid Kubernetes platform and a hybrid AI application platform. With disconnected operations, edge-native Container Apps, improved GPU acceleration, KAITO for unified model serving, AI Foundry Local for offline model development, and a fully consistent operational model across cloud, datacenter, and edge, AKS Arc now enables organizations to run their most critical cloud-native and AI workloads anywhere they operate. We look forward to continuing to support customers as they build the next generation of hybrid and edge AI applications.Public Preview Refresh Announcement - Site Manager
Public Preview Refresh Announcement - Site Manager Introduction: Modern industrial environments—such as factories, manufacturing plants, and distributed infrastructure sites— and retail environments are increasingly hybrid and edge-driven. These sites often run Azure Arc-enabled resources (servers, VMs, Kubernetes clusters, IoT assets) alongside on-prem systems. Managing them at scale introduces unique challenges: Complexity of Distributed Environments, Operational Risk and Downtime, Governance at Scale and Unified Observability. We’re excited to announce the Public Preview Refresh of Azure ARC Site Manager, a powerful solution designed to streamline site configuration and lifecycle observability and management for modern edge and cloud environments. After months of feedback during preview, Site Manager is now ready for production use, delivering enterprise-grade reliability and enhanced capabilities. Site Manager addresses the challenges in managing Azure Edge resources by providing a single pane of glass that aggregates security, alerts, updates and connectivity status across all sites; enabling policy-driven compliance and consistent monitoring; and ensuring streamlined operations, improved reliability, and simplified management at scale. Key features of Site Manager 1. Flexibility of Site Scope with Service Groups Site Manager enables customers to create sites using flexible scopes— Resource Groups, Subscriptions, and Service Groups. The Service Group scope allows organizations to logically group resources across multiple resource groups and subscriptions, such that they reflect real-world operations, making it easier to manage distributed environments, apply consistent policies, and streamline workflows across hybrid and edge deployments. The result is improved scalability, governance, and operational efficiency. 2. Hierarchical Site Organization - a representation of Business Organization Site Manager supports multi-level site hierarchy, including parent sites and subsites, for better representation of physical or logical locations. This hierarchy improves navigation and enables views for distributed infrastructure. Site Manager supports creating sites that mirror an organization’s hierarchical structure, such as Regions, Business Units, Factories, Stores etc. This alignment makes it easier for customers to manage resources in a way that reflects their operational reality, enabling clear visibility and streamlined views across distributed teams and locations. 3. Aggregated Monitoring and Insights Site Manager offers a single pane of glass for monitoring distributed environments. It aggregates Connectivity status, Updates, Alerts and Security status for all resources within a site, enabling quick identification of issues across the hierarchy, efficient prioritization and reduced operational complexity. 4. Site Configurations Site Manager helps define configurations—such as network settings and secrets management—at the site level and reuse them across deployments. This ensures consistency and reduces operational overhead for large-scale environments. The configurations can also be reused across partner solutions like workload orchestration and Zero-Touch Provisioning (ZTP). This approach ensures consistency, accelerates deployments, and reduces manual effort, delivering a more integrated and efficient operational experience across hybrid and edge environments. Architecture & Workflow: Azure Arc Site Manager is a cloud-native service within the Azure Arc suite that empowers customers to manage and monitor their on-premises infrastructure at scale. Its architecture streamlines status aggregation by unifying connectivity, security baseline, alerts, and update data from diverse resource types into a single schema. This aggregated data is surfaced through an extension resource, enabling the Azure portal and other clients to retrieve summary views from a centralized location. Built on Azure Resource Manager, Site Manager benefits from fine-grained Role-Based Access Control (RBAC), ensuring secure and scoped operations across sites. Management actions—such as creating, updating, or querying Arc sites—can be performed through familiar client tools including SDKs, CLI, PowerShell, Terraform, or directly via the Azure portal, offering flexibility and consistency across environments. Important Details & Limitations: Azure Resource Supported: Currently, site manager supports the following Azure resources with the following capabilities: Site manager only provides status aggregation for the supported resource types. Site manager doesn't manage resources of other types that exist in the resource group or subscription, but those resources continue to function normally otherwise. Regions and Availability: Site manager supports resources that exist in supported regions, with a few exceptions. For the following regions, connectivity and update status aren't supported for Arc-enabled machines or Arc-enabled Kubernetes clusters: Brazil South, UAE North, South Africa North Feedback and Engagement We’d love to hear your feedback! As you try out Site Manager, please share your experiences, questions, and suggestions. You can leave a comment below this blog post – our team will be actively monitoring and responding to comments throughout the preview. Let us know what worked well, what could be improved, and any features you’d love to see in the future. Your insights are incredibly valuable to us and will help shape the product as we progress toward General Availability. If you encounter any issues or have urgent feedback, you can also engage with us through the following channels: Please fill up the form at SMfeedback for feedback Contact your Microsoft account representative or support channel and mention “Site Manager Public Preview Refresh” – they can route your feedback to us as well. Occasionally, we may reach out to select customers for deeper feedback sessions or to participate in user research. If you’re interested in that, please mention it in your comment or forum post. We truly consider our users as co-creators of the product. Learn More To help you get started and dive deeper into workload orchestration, we’ve prepared a set of resources: Site Manager Documentation – What is Azure Arc site manager (preview) - Azure Arc | Microsoft Learn CLI Reference – Command reference: Detailed documentation of all site manager CLI commands with examples. Az.Site Module | Microsoft Learn Conclusion: We’re thrilled for you to explore Site Manager and see how it can transform your unified observability strategy at scale. This Public Preview Refresh is a major step towards aggregated status monitoring and site management at edge.
Azure Local 22H2 Clusters: End of Service and Feature Degradation
Azure Local (formerly Azure Stack HCI) version 22H2 reached End of Service (EOS) on May 31, 2025. As communicated earlier, this means: No further security updates or bug fixes will be provided. CSS support is limited to upgrade assistance of the existing environment only. What’s Changing? Around February 23, 2026, Microsoft will begin degrading features on 22H2 clusters. These changes align with Microsoft’s Modern Lifecycle Policy, which requires customers to stay current with servicing and system requirements to maintain support. Under this policy, failure to upgrade can lead to significant degradation of product functionality, starting with: Disabling ESU: Extended Security Updates will no longer be available. Disabling WSS: Windows Server Subscription benefits will be removed. Once these changes take effect: Customers will not be able to purchase or renew ESU or WSS for 22H2 clusters, meaning: ESU updates will no longer be offered, leaving guest operating systems exposed to security vulnerabilities. Guest operating systems will no longer be licensed, which can lead to compliance violations and potential service disruptions. Any degraded feature will not be restored under best-effort support. Customer Responsibility If the customer chooses to remain on 22H2: They assume full responsibility for any security vulnerabilities, compliance issues, or government regulatory requirements associated with running an unsupported version. Microsoft does not provide guarantees or remediation for risks arising from continued use of 22H2. Next Steps To maintain a secure and supported environment: Upgrade to 24H2 as soon as possible. Learn how to upgrade → We strongly recommend planning your upgrade now to avoid service disruptions and compliance risks.Announcing the preview of Azure Local rack aware cluster
We are excited to announce the public preview of Azure Local rack aware cluster! We previously published a blog post with a sneak peek of Azure Local rack aware cluster and now, we're excited to share more details about its architecture, features, and benefits. Overview of Azure Local rack aware cluster Azure Local rack aware cluster is an advanced architecture designed to enhance fault tolerance and data distribution within an Azure Local instance. This solution enables you to cluster machines that are strategically placed across two physical racks in different rooms or buildings, connected by high bandwidth and low latency within the same location. Each rack functions as a local availability zone, spanning layers from the operating system to Azure Local management, including Azure Local VMs. The architecture leverages top-of-rack (ToR) switches to connect machines between rooms. This direct connection supports a single storage pool, with rack aware clusters distributing data copies evenly between the two racks. Even if an entire rack encounters an issue, the other rack maintains the integrity and accessibility of the data. This design is valuable for environments needing high availability, particularly where it is essential to avoid rack-level data loss or downtime from failures like fires or power outages. Key features Starting in Azure Local version 2510, this release includes the following key features for rack aware clusters: Rack-Level Fault Tolerance & High Availability Clusters span two physical racks in separate rooms, connected by high bandwidth and low latency. Each rack acts as a local availability zone. If one rack fails, the other maintains data integrity and accessibility. Support for Multiple Configurations Architecture supports 2 machines up to 8 machines, enabling scalable deployments for a wide range of workloads. Scale-Out by Adding Machines Easily expand cluster capacity by adding machines, supporting growth and dynamic workload requirements without redeployment. Unified Storage Pool with Even Data Distribution Rack aware clusters offer a unified storage pool with Storage Spaces Direct (S2D) volume replication, automatically distributing data copies evenly across both racks. This ensures smooth failover and reduces the risk of data loss. Azure Arc Integration and Management Experience Enjoy native integration with Azure Arc, enabling consistent management and monitoring across hybrid environments—including Azure Local VMs and AKS—while maintaining the familiar Azure deployment and operational experience. Deployment Options Deploy via Azure portal or ARM templates, with new inputs and properties in the Azure portal for rack aware clusters. Provision VMs in Local Availability Zones via the Azure Portal Provision Azure Local virtual machines directly into specific local availability zones using the Azure portal, allowing for granular workload placement and enhanced resilience. Upgrade Path from Preview to GA Deploy rack aware clusters with the 2510 public preview build and update to General Availability (GA) without redeployment—protecting your investment and ensuring operational continuity. Get started The preview of rack aware cluster is now available to all interested customers. We encourage you to try it out and share your valuable feedback. To get started, visit our documentation: Overview of Azure Local rack aware clustering (Preview) - Azure Local | Microsoft Learn Stay tuned for more updates as we work towards general availability in 2026. We look forward to seeing how you leverage Azure Local rack aware cluster to power your edge workloads!Microsoft 365 Local is Generally Available
In today’s digital landscape, organizations and governments are prioritizing data sovereignty to comply with local regulations, protect sensitive information, and safeguard national security. This growing demand for robust jurisdictional controls makes the Microsoft Sovereign Cloud offering especially compelling, providing flexibility and assurance for complex requirements. For those with the most stringent needs, Azure Local enables data and workloads to remain within jurisdictional borders, supporting mission-critical workloads and now expanding to include Microsoft’s productivity solutions—so customers can securely collaborate and communicate within a sovereign private cloud environment. Today, we’re excited to announce the general availability of Microsoft 365 Local. Microsoft 365 Local is a deployment framework for enabling core collaboration and communication tools—including Exchange Server, SharePoint Server, and Skype for Business Server—on Azure Local. Built on a validated reference architecture using Azure Local Premier Solutions , it provides compatibility and support for sovereign deployments. Partner-led services provide guidance on sizing and configuration, ensuring a full-stack deployment including best practices for networking and security. Managing infrastructure across a wide range of workloads is simplified with Azure as your control plane, offering cloud-consistent, at-scale management capabilities. In the Azure portal, you get full visibility into your Microsoft 365 Local deployment across the servers and clusters. All hosts and virtual machines (VMs) are Arc-enabled out of the box, providing built-in visibility into connectivity, health, updates, and security alerts and recommendations. Microsoft 365 Local leverages Azure Local’s best-in-class sovereign and security controls, including Network Security Groups managed with Software Defined Networking enabled by Azure Arc, to isolate networks and secure access to infrastructure and workloads. Azure Local also uses a secure by default strategy by applying a security baseline of over 300 settings on both the host infrastructure and the VMs running the productivity workloads. These security baselines incorporate best practices for network security, identity management, privileged access, data protection, and more—helping organizations maintain compliance and reduce risk. Customers who want to take advantage of Azure as the control plane for Microsoft 365 Local can now benefit from a seamless cloud-based infrastructure management experience, including Azure services like Azure Monitor and Microsoft Defender for Cloud—available today with Microsoft 365 Local connected to Azure. For organizations with the most stringent jurisdictional requirements that need to operate Microsoft 365 Local in a fully disconnected environment, support for Azure Local disconnected operations will be available in early 2026. To learn more about Microsoft 365 Local, visit https://aka.ms/M365LocalDocs. If you’d like to connect with an authorized partner for consultation and deployment support, reach out to your Microsoft account team or visit https://aka.ms/M365LocalSignup.
What’s new in Azure Local: Cloud infrastructure for distributed locations enabled by Azure Arc
Today’s enterprises are navigating competing challenges: delivering AI-enabled digital experiences at the edge while also meeting growing demands for data sovereignty and regulatory compliance. Whether it’s a hospital needing local compute for patient care, or a government agency requiring full control over its infrastructure, the need for flexible, secure, and cloud scale solutions has never been greater. That’s why we introduced Azure Local—Microsoft’s solution for running Azure services and workloads at distributed locations, all managed through Azure Arc. With Azure Local, customers can deploy cloud-native and traditional applications on their own infrastructure while maintaining centralized visibility and control through the Azure portal. This approach is resonating: Microsoft has been named a Leader in the Gartner® Magic Quadrant™ for Distributed Hybrid Infrastructure every year since its inception. Azure Local is the foundation of Microsoft’s Sovereign Private Cloud, delivering Azure consistent services in customer controlled environments which meet strict data residency and compliance requirements. Read more about our recent Sovereign announcements here. See the Sovereign Private Cloud come to life here: Today, we’re so excited to tell you about the incredible new capabilities on Azure Local including support for external SAN storage, rack aware clustering, larger scale deployments, and more. Operate and scale with the power of the cloud Azure Local empowers organizations to operate and scale infrastructure with the power of the cloud, no matter where it’s deployed. From the Azure portal, customers can define and deploy infrastructure across distributed locations, apply one-click updates to entire clusters, and centrally monitor performance, health, and security. This cloud-based control plane ensures consistency and agility across environments—whether in datacenters, branch offices, or sovereign sites. NEW: Local Identity with Azure Key Vault (Preview) Azure Local now supports deployments without Active Directory using local identity with Azure Key Vault, currently in preview. This new option simplifies setup by removing the need for domain controllers, while still providing secure access and centralized secret management through Azure. Read the announcement here. Ready for all your apps, VMs and containers alike Azure Local is built to run all your applications—whether they’re virtual machines, containers, or Azure services. It offers full-featured, general-purpose VMs with cloud-consistent management, and includes Azure Kubernetes Service (AKS) built-in for modern containerized workloads. Customers can also deploy some of Azure’s most popular PaaS services like Azure Virtual Desktop, SQL Managed Instance, and Azure IoT Operations directly on Azure Local. With support for GPU-enabled nodes and Arc VM extensions, Azure Local is ready for everything from legacy line-of-business apps to AI-powered workloads. Migrate from VMware to Azure Local (Generally Available) Azure Migrate from VMware to Azure Local is now generally available, enabling customers to seamlessly move VMware virtual machines into their Azure Local infrastructure. This agentless migration path keeps data flows local, minimizes downtime, and simplifies onboarding with a cloud-consistent experience. Customers can discover, replicate, and migrate workloads using the Azure portal, with support for validated hardware and reference architectures. Azure Migrate unlocks a fast path to modernization for organizations consolidating legacy infrastructure. Read the announcement here. Customer Spotlight: How Publix Employees Federal Credit Union strengthened its disaster recovery strategy with Azure Loc... NEW: Microsoft 365 Local to meet your Private Sovereign Cloud needs (Generally Available) Microsoft 365 Local brings trusted productivity services like Exchange Server, SharePoint Server, and Skype for Business Server into customer-controlled environments, running directly on Azure Local infrastructure. Designed for those who need productivity tools in a private cloud environment, it leverages Azure Arc to provide a unified control plane for easy infrastructure management, simplified deployment, and streamlined updates. The solution features a validated reference architecture with certified hardware to ensure optimal performance and reliability, along with a hardened security baseline and robust controls to safeguard your infrastructure. It’s a key part of Microsoft’s Sovereign Private Cloud strategy, now generally available. Read the announcement here. Flexibility to meet your requirements Azure Local gives customers the flexibility to deploy infrastructure that fits their exact needs—whether that’s choosing from over 100 validated hardware platforms in the Azure Local catalog or operating in fully connected or disconnected environments. You can run Azure Local in public Azure regions or in Azure Government cloud, supporting both commercial and regulated workloads. Azure Local adapts to everything from retail edge sites to sovereign datacenters, disconnected oil rigs to connected manufacturing plants, all while maintaining a consistent Azure management experience. NEW: SAN Support (Preview) Azure Local now delivers greater infrastructure flexibility with expanded support for leading external SAN storage solutions, a capability that customers have long sought. Customers can now integrate their existing Fiber Channel-based SAN storage from leading vendors such as Pure Storage, NetApp, Dell, Lenovo, HPE, and Hitachi directly with Azure Local clusters. External storage support allows organizations to achieve high performance, scalability, and resilience while continuing to use their trusted storage infrastructure. It also enables consistent management across virtual machines, AKS clusters, and Arc-enabled services through the familiar Azure experience. Customers now have the freedom to modernize their environments while maximizing the value of their existing investments. Our customers are already exploring the impact this brings to enterprise customers. “We’re excited to partner with Microsoft and their trusted storage vendors to test external storage support for Azure Local,” said David McKenney, VP of Public Cloud Products at TierPoint. “This milestone gives customers greater flexibility to address performance, scalability, resilience, and investment protection needs. It reflects Microsoft’s ongoing dedication to making Azure Local the leading distributed cloud solution by listening to the needs of their customers and partners.” Support for more Storage protocols and other storage capabilities coming soon. Reach out to Microsoft or our storage partners to be part of this limited preview. NEW: Rack Aware Clusters (Preview) Rack aware clustering is now available in preview for Azure Local, enabling intelligent placement and resiliency across multi-rack deployments using one storage pool. This feature allows Azure Local to detect physical rack boundaries and distribute workloads accordingly, improving fault tolerance and minimizing impact from localized hardware failures. It’s especially valuable for larger deployments where high availability and service continuity are critical. Rack awareness integrates seamlessly with Azure Local’s update orchestration and VM placement logic, helping ensure infrastructure stays resilient at scale. Read the announcement here. NEW: Support for NVIDIA RTX PRO 6000 Blackwell Server Edition GPUs (Generally Available) Azure Local now supports the NVIDIA RTX PRO 6000 Blackwell Server Edition GPU, generally available for high-performance workloads including AI inferencing, simulation, and visualization. This enterprise-grade GPU delivers exceptional compute density and energy efficiency, making it ideal for deployments that require advanced acceleration. Customers can deploy this powerful GPU in new Azure Local solutions—including Dell AX-770, Lenovo ThinkAgile MX650a V4, and HPE ProLiant DL380 Gen 12. Read the announcement here. NEW: Azure Local for larger deployments (Preview) Azure Local now scales further, with instances of up to 10,000+ cores across 100+ nodes delivered as multiple integrated racks with disaggregated storage. This enables customers to run the same familiar Azure Arc-enabled infrastructure and services at significantly larger scale, supporting a greater variety of workloads and scenarios. This new capability is available now in preview. Contact your Azure account representatives to learn more. Secure by default Azure Local is built with security at its core, offering a hardened infrastructure stack aligned with Microsoft’s secure-by-default principles, built-in Microsoft Defender for Cloud integration, and trusted launch VMs. Every VM is Azure Arc-enabled, allowing customers to apply security baselines, monitor threats, and enforce policies using familiar Azure tools. These protections are automatically enabled, so customers can operate confidently from day one. Network segmentation (Generally Available) To protect and isolate your network traffic between VMs or logical networks, Azure Local now supports network security groups (NSGs), generally available as of the 2510 release. NSGs enable precise filtering of network traffic using policy-driven access controls by applying inbound and outbound allow/deny rules. Rules support the full five-tuple of source IP, source port, destination IP, destination port, and protocol, and are enforced within the virtual switch at the virtual port level. NSGs can be applied to both logical networks and individual network interfaces and can be managed using the Azure Portal for centralized policy management of your edge workloads. Read the announcement here. Get Started Today For new production deployments Azure Local is generally available for production use. Explore the solutions catalog to find hardware from your preferred vendor and read the deployment overview to get started today. For evaluation (virtual) Want to try out Azure Local but don’t have hardware? Get a dedicated Azure Local sandbox in one click with Azure Arc Jumpstart. All you need is an Azure subscription to get started. Thank you! As we mark the second year since announcing Azure Local, we want to extend a heartfelt thank you to our customers, partners, and community. It’s incredibly rewarding to see Azure Local continue to be the infrastructure of choice for enterprises seeking flexibility, security, and innovation at the edge. We’re excited to continue delivering the solutions you need to thrive in a rapidly evolving world. Thank you for trusting Azure Local to power your most important workloads—here’s to another year of partnership and progress! If you’re at Ignite this week, please come say hello at: Our session dedicated to Azure Local What’s new in Azure Local Our booth “Azure Arc and Azure Local” in the Cloud and AI Platforms neighborhood See everything going on with Adaptive Cloud on our Ignite website Adaptive Cloud @Ignite 2025 FAQ What is Azure Local? Azure Local is Microsoft’s full-stack infrastructure software that runs on validated hardware in your own facilities. It brings Azure capabilities to distributed or sovereign locations, so you can run virtual machines, containers, and select Azure services locally while maintaining a consistent management experience through Azure Arc. How are Azure Local and Private Sovereign Cloud related? Azure Local is the foundation and core product fueling Microsoft’s Private Sovereign Cloud offering. It enables customers to meet strict data residency and regulatory requirements by hosting workloads on-premises, disconnected or semi-connected, while still benefiting from Azure innovation and security. When should I use Azure Local? Use Azure Local when you need modern cloud capabilities in locations where connectivity is limited, data sovereignty is critical, or latency-sensitive applications must run close to where data is generated. It’s ideal for industries like manufacturing, retail, and government that require local control with Azure consistency.Expanding Azure Arc for Hybrid and Multicloud Management
Hybrid and multi-cloud environments are no longer optional—they’re essential for modern enterprises. At Ignite 2025, we are announcing key enhancements to Azure Arc based on your feedback, designed to simplify governance, improve security, and deliver operational consistency across diverse infrastructures. Here’s what’s new: 1. Multicloud Connector for GCP – Public Preview Azure Arc now extends its multicloud reach with Google Cloud Platform (GCP) support in public preview. Customers can now inventory and manage resource and gain a single pane of glass across AWS, GCP, and Azure resources. Learn more https://aka.ms/multicloud-connector-gcp-blog Agentless inventory discovery: Automatically detects GCP resources and projects them into Azure Resource Graph for unified visibility. Arc onboarding for GCP VMs: Bring GCP virtual machines under Azure management to apply monitoring, policy, and security controls. Secure authentication via OIDC federation: Eliminates the need for storing credentials, reducing security risk. 2. Azure virtual desktop for hybrid environments As part of this wave of new releases, Azure Virtual Desktop for hybrid environments is now available in preview through Azure Arc server. Building on the current offering of Azure Virtual Desktop for Azure Local, this capability enables organizations to deliver a rich virtual desktop experience on-premises—without requiring new hardware investments or hypervisor changes. In this release, Azure Virtual Desktop is enabled on Arc connected servers to address scenarios with high-latency, data residency, or application constraints that demand local VDI, while leveraging the Azure management plane for streamlined operations. This expansion provides greater deployment flexibility and supports customers who need both local and cloud-based solutions. To learn more: https://aka.ms/AVDHybridIgnite2025Blog 3. Azure Arc Auto-Agent Upgrades Managing Connected Machine Agents just got easier. With auto agent upgrades we reduce the operational overhead and minimizes downtime risk. Ensures machines stay secure and compliant with the latest features and patches automatically. Learn more Public Preview: Auto agent upgrade for Azure Arc-enabled servers | Microsoft Community Hub Automatic agent upgrade: Keeps agents current without manual intervention. Flexible control: Enable or disable auto-upgrade via Azure Portal, CLI, or PowerShell. Resilience built-in: Includes rollback and retry mechanisms for failed upgrades. 4. Azure Machine Configuration: OS Configuration Editor and Policy The new OS Configuration Editor simplifies compliance at scale. Accelerates compliance initiatives and reduces configuration drift. Non-technical teams can manage OS settings visually, improving agility and reducing errors. Learn more https://aka.ms/MCBaselinesPreviewBlog Visual authoring interface: Create and apply guest configuration policies without writing code. Fleet-wide auditing: Enforce OS settings across Azure and Arc-enabled servers. Integration with Azure Policy: Centralized governance for hybrid environments. 5. Windows Server Recovery Configuration Audit via Arc Part of the Windows Resiliency initiative, Azure Arc now supports recovery audits. Improves disaster recovery preparedness and compliance reporting. Enterprises can proactively identify gaps and reduce downtime during critical incidents. Learn more Audit WinRE policies: Validate Windows Recovery Environment readiness across Arc-enabled servers. Compliance visibility: View recovery status in Azure portal dashboards. Future roadmap: Configure your servers to receive boot critical updates and remote remediation for disaster recovery scenarios. 6. Workload Identity for Arc-enabled Kubernetes – General Availability Secure identity management for Kubernetes workloads is now GA. Strengthens security posture by eliminating secret sprawl. Simplifies identity management for hybrid and edge-native applications, reducing operational risk. Learn more https://aka.ms/workload-identity-arc-for-kubernetes-ga Federated identity integration: Connect workloads to Microsoft Entra without static secrets. Token-based authentication: Pods securely access Azure resources without manual credential rotation. Broad compatibility: Works across multiple Kubernetes distros connected via Azure Arc. 7. Azure Arc Site Manager – Public Preview Refresh Site Manager is a powerful solution designed to streamline site configuration and edge infrastructure observability and management at scale, making it easier to manage distributed environments, apply consistent policies, and streamline workflows across hybrid and edge deployments. Learn more Hierarchical Site Organization: Site creation that mirror an organization’s hierarchical structure Aggregated Monitoring and Insights: Single pane of glass for monitoring distributed environments for Connectivity, Updates, Alerts and Security baseline status Site Configurations: Define configurations at the site level and reuse them across partner solutions 8. Simplified migration journey for Arc customers - Preview Azure Migrate now natively integrates with Azure Arc to simplify the migration journey for Arc customers. Customers can leverage Azure Arc data to generate a comprehensive business case for migration as well as full estate migration readiness assessments with no additional on-premises deployments. Learn more Simple set up: Create a project and scope Arc resources by subscription. Azure Migrate generates business cases and assessments automatically. Optionally deploy the Azure Migrate Collector VM extension to collect additional information to improve the accuracy of business cases and assessments. Comprehensive business case: Compare the Total Cost of Ownership of your current Arc-enabled on-premises estate with that in Azure as well as insights into sustainability improvements of migrating to Azure. Full-estate readiness assessment: Assess the readiness of your workloads to various Azure targets such as Azure VMs, Azure SQL Databases, Azure SQL Managed Instance etc. Get right-sized recommended SKUs as well as potential monthly costs for your workloads in Azure. 9. Azure Key Vault Secret Store Extension – General Availability Azure Key Vault Secret Store Extension (SSE) is now generally available for Arc-enabled on-premises Kubernetes, including clusters that you connect yourself and AKS Arc managed clusters. SSE automatically fetches secrets from an Azure Key Vault to the on-premises cluster for offline access. Learn more Offline Access: With SSE, workloads can access Azure Key Vault secrets from the local Kubernetes secrets store regardless of internet connectivity interruptions. Scalability: SSE helps very large distributed deployments with hundreds or thousands of clusters to work with Azure Key Vault by spreading demand over time. These innovations reinforce Azure Arc’s position as the most comprehensive platform for hybrid and multicloud management. From easy connecting to AWS/GCP to Azure through multicloud connector to enabling secure workload identities and resilient OS configurations, Azure Arc is helping enterprises stay agile, secure, and compliant.
Workload Identity support for Azure Arc-enabled Kubernetes clusters now Generally Available!
We’re excited to announce that Workload Identity support for Azure Arc-enabled Kubernetes is now Generally Available (GA)! This milestone brings a secure way for applications running on Arc-connected clusters running outside of Azure to authenticate to Azure services without managing secrets. Traditionally, workloads outside Azure relied on static credentials or certificates to access Azure resources like Event Hubs, Azure Key Vault, and Azure Storage. Managing these secrets introduces operational overhead and security risks. With Microsoft Entra Workload ID federation, your Kubernetes workloads can now: Authenticate securely using OpenID Connect (OIDC) without storing secrets. Exchange trusted tokens for Azure access tokens to interact with services securely. This means no more manual secret rotation and reduced attack surface, all while maintaining compliance and governance. How It Works The integration uses Service Account Token Volume Projection and aligns with Kubernetes best practices for identity federation. The process involves a few concise steps: Enable OIDC issuer and workload identity on your Arc-enabled cluster using Azure CLI. az connectedk8s connect --name "${CLUSTER_NAME}" --resource-group "${RESOURCE_GROUP}" --enable-oidc-issuer –-enable-workload-identity Configure a user-assigned managed identity in Azure to trust tokens from your Azure Arc enabled Kubernetes cluster's OIDC issuer URL. This involves creating a federated identity credential that links the Azure identity with the Kubernetes service account. Applications running in pods, using the annotated Kubernetes service account, can then request Azure tokens via Microsoft Entra ID and access resources they’re authorized for (e.g., Azure Storage, Azure Key Vault). This integration uses Kubernetes-native construct of Service Account Token Volume Projection and aligns with Kubernetes best practices for identity federation. Supported platforms We support a broad ecosystem of distributions, including: Red Hat OpenShift Rancher K3s AKS-Arc (In preview) VMware Tanzu Kubernetes Grid (TKGm) So, whether you’re running clusters in retail stores, manufacturing plants, or remote edge sites, you can connect them to Azure Arc and enable secure identity federation for your workloads to access Azure services. Ready to get started? Follow our step-by-step guide on Deploying and Configuring Workload Identity Federation in Azure Arc-enabled Kubernetes to secure your edge workloads today!
Bridging the Digital and Physical Worlds with Azure IoT Hub and Azure IoT Operations
Operational excellence starts with people. Empowering those people with the most up to date insights and recommendations requires bridging the gap between the physical and digital worlds to generate the best possible outcomes for real time decision making. Creating this bridge transforms data into insights, insights into intelligent actions, and actions into real-world results. Digital Operations, integrated with AI insights, help make this possible by combining data from connected assets across a variety of physical locations and deployment topologies, and transforming that data into insights and decisions that scale using AI and Analytics. At Microsoft Ignite, we’re extending this vision with new Azure IoT Hub and Azure IoT Operations capabilities to manage connected assets at scale, unify digital operations, and realize AI-enabled outcomes across your enterprise. Connected Operations in Action Azure IoT Hub and Azure IoT Operations form the backbone of connected operations, where every asset, sensor, and system contributes to a continuous loop of intelligence by moving data to Microsoft Fabric for real-time analytics, and for use with AI agents. This pattern applies to nearly every sector of the economy. In manufacturing, these capabilities allow production engineers to predict and avoid equipment failures by analyzing vibration and temperature data at the edge before costly downtime occurs. In energy and utilities, distributed sensors can provide data to control points that help balance load, optimize grid efficiency, and ensure safe operations even in remote areas. In transportation and logistics, connected fleets use edge AI models to detect safety risks in real time, while cloud-based analytics optimize routing and fuel efficiency across entire regions. Across industries, this edge-to-cloud collaboration enables the ability for intelligent systems to sense, reason, and act in the physical world with speed, safety, and precision. From Data to Intelligent Action Organizations today must capture and act on data from both geographically dispersed and tightly collocated assets. That data needs to be processed close to where it’s generated, at the edge, to enable real-time decision-making, reduce latency, and enhance security. At the same time, the cloud remains vital for contextualizing operational data with enterprise systems, training AI models, and managing a consistent identity and security framework across all assets. AI models trained in the cloud can then be deployed back to the edge, where they act on events in real time. Operators can work with AI agents to reason over this data whether it’s structured or unstructured, organized in silos, or contained in free-text fields, to provide results to a mixed team of human and AI operational assets. We have a portfolio of products uniquely designed to make this continuum, from edge to cloud, more intelligent, secure, and repeatable. Together with our partners, we help bridge Operational Technology (OT) with Information Technology (IT) to deliver better business outcomes. New at Ignite: Accelerating Digital Operations We’re excited to share our latest set of investments at Ignite across our portfolio of services. A few key announcements: Azure IoT Hub New Features (Preview): Simplifying Secure Connectivity at Scale Azure IoT Hub empowers organizations to securely and reliably manage connected assets across the globe, providing real-time visibility and control over diverse operations. With proven scalability, broad device support, and robust management tools, IoT Hub delivers a unified platform for developing and operating IoT solutions. As customers evolve, Azure IoT Hub continues to advance, deepening its integration with the Azure ecosystem and enabling AI-driven, connected operations for the next generation of applications. The next generation of Azure IoT Hub investments makes it easier and more secure than ever to connect and manage distributed assets. At Ignite, we’re previewing: New certificate management capabilities that simplify device onboarding and lifecycle management. Integration with Azure Device Registry (ADR) that brings all devices into a common control plane, enabling unified identity, security, and policy management. ADR enhancements that make it easier to register, classify, and monitor assets, paving the way for consistent governance and operational insight across millions of devices. This deeper Azure integration with ADR standardizes operations, simplifies oversight of edge portfolios including IoT devices, and brings the full power of Azure’s management ecosystem to IoT and Digital Operations workloads. Azure IoT Operations New Features (GA): The Foundation for AI in the Physical World Azure IoT Operations is more than an edge-to-cloud data plane, it’s the foundation for achieving AI in the physical world, enabling intelligent operational systems that can perceive, reason, and act to drive new operational efficiencies. Built on Arc-enabled Kubernetes, Azure IoT Operations unifies operational and business data across distributed environments, eliminating silos and providing a repeatable, scalable foundation for autonomous, adaptive operations. By extending familiar Azure management concepts to physical sites, Azure IoT Operations creates an AI-ready infrastructure that supports autonomous, adaptive operations at scale. Our latest GA release of Azure IoT Operations introduced major enhancements: Wasm-powered data graphs deliver fast, modular analytics helping businesses make near real-time decisions at the edge. Expanded connectors now include OPC UA, ONVIF, REST/HTTP, Server-Sent Events (SSE), and direct MQTT for richer industrial and IT integrations. OpenTelemetry (OTel) endpoint support enables seamless telemetry pipelines and observability. Asset health monitoring to provide unprecedented visibility and control. These capabilities help bridge Information Technology, Operational Technology, and data domains, empowering customers to discover, collect, process, and send data using open standards while laying the groundwork for self-optimizing environments where AI agents and human supervisors collaborate seamlessly. Integration with Fabric IQ and Digital Twin Builder To fully unlock the value of connected data, organizations need to contextualize it, linking operational signals to business meaning. Fabric IQ, a new offering announced at Ignite, and Digital Twin Builder in Fabric make this possible, transforming raw telemetry into AI-ready context. This integration allows companies to model complex systems, run simulations, and create intelligent feedback loops across manufacturing, logistics, and energy environments. Edge AI: Real-Time Intelligence in the Physical World Azure’s AI capabilities for edge environments bring intelligence closer to where it matters most. And, because these services are Arc-enabled, organizations can develop, manage and scale AI workloads across diverse environments using consistent tooling. Today, we are announcing updates to two of our key services that enable AI at the edge: Live Video Analysis features (Public Preview) in Azure AI Video Indexer enabled by Arc: delivers real-time agentic video intelligence to improve safety, quality, and operations. Edge RAG (Retrieval Augmented Generation) Public Preview Refresh enables local generative AI reasoning with contextual awareness - empowering AI agents to act within industrial constraints securely and efficiently. These innovations accelerate time to insight and help organizations deploy AI where milliseconds matter. Partner Innovation: Scaling Real Business Value Last year, we showcased the breadth of Azure IoT Operations’ industrial ecosystem. This year, we’re celebrating how partners are integrating, co-innovating, and scaling real customer outcomes. Our partners are packaging repeatable, scalable solutions that connect operational data to enterprise systems—enabling AI-driven insights and automation across sites, regions, and industries. At this year’s Ignite, we’re highlighting some great new partner innovations: NVIDIA is working with Microsoft to enable factory digital twins using the OpenUSD standard Siemens is enabling adaptive production through AI- and digital-twin-powered solutions supported by the integration of Siemens Industrial Edge with Azure IoT Operations Litmus Edge integrates with Azure IoT Operations via the Akri framework to automatically discover industrial devices, enable secure data flows, and support Arc-enabled deployment. Rockwell Automation is streamlining edge-to-cloud integration with its FactoryTalk Optix platform by delivering contextualized, AI-ready data seamlessly within Microsoft Azure IoT Operations architectures. Sight Machine is driving advanced analytics for quality and efficiency across multi-site operations. Through initiatives like Akri, Co-Innovate, and Co-Sell Readiness, our ecosystem is developing managed applications, packaged solutions, and marketplace offerings that accelerate deployment and unlock new revenue streams. These collaborations show how Azure IoT Operations is not just a platform, but a growth engine for industrial transformation. The Path Forward With these advancements, we’re helping organizations bring AI to the physical world by turning data into intelligence and intelligence into action. Customers like Chevron and Husqvarna are scaling beyond initial pilots, expanding their deployments from single-site to multi-site rollouts, unlocking new use cases from predictive maintenance to worker safety, and proving how adaptive cloud architectures deliver measurable impact across global operations. By connecting assets, empowering partners, and delivering open, scalable platform solutions, Microsoft is helping industries achieve resilient, adaptive operations that drive measurable business value. The digital and physical worlds are coming together with solutions that are secure, observable, AI-ready, and built to scale from a single site to global operations. Together, we’re creating a smarter, more connected future. Learn More Learn more about Azure IoT Hub and Azure IoT Operations here: Azure IoT – Internet of Things Platform | Microsoft Azure Learn more about new IoT Hub public preview features here: Azure IoT Hub documentation Discover Partner Solutions: Learn how Litmus and Sight Machine are advancing industrial analytics and integration with Azure IoT Operations. Explore Rockwell Automation and Siemens for more on adaptive cloud architectures and shop floor intelligence. Going to Ignite? If you’re at Ignite this week, you can learn more about how Microsoft enables Industrial Transformation at the following sessions: The New Industrial Frontier Reshaping Digital Operations with AI from Cloud and Edge Or come visit us on the show floor at the Azure Arc Expert Meet Up Focus Area in the Cloud and AI Platforms neighborhoodPublic Preview: Multicloud connector support for Google Cloud
We are excited to announce that the Multicloud connector is now in preview for GCP environments. With the Multicloud connector, you can easily connect your GCP projects and AWS accounts to Azure with the following capabilities: Inventory: Get an up-to-date, comprehensive view of your cloud assets across different cloud providers. Now supporting GCP services (Compute VM, GKE, Storage, Functions, and more), you can now gain insights into your Azure, AWS, and GCP environments in a single pane of glass. The agentless inventory solution will periodically scan your GCP environment, project the discovered resources in GCP as Azure resources, including all of the GCP metadata like GCP labels. Now, you can easily view, query, and tag these resources from a centralized location. Azure Arc onboarding: Automatically Arc-enable your existing and future GCP VMs so you can leverage Azure and Microsoft services, like Azure Monitor and Microsoft Defender for Cloud. Through the multicloud connector, the Azure Arc agent will be automatically installed for machines that meet the prerequisites. How do I get started? You can easily set up the multicloud connector by following our getting started guide which provides step by step instructions on creating the connector and setting up the permissions in GCP which leveraged OIDC federation. What can I do after my connector is set up? With the inventory offering, you can see and query for all of your GCP and Azure resources via Azure Resource Graph. For Azure Arc onboarding, you can apply the Azure management services on your GCP VMs that are Arc-enabled. Learn more here. We are very excited about the expanded support in Google Cloud. Set up your multicloud connector now for free! Please let us know if you have any questions by posting on the Azure Arc forum or via Microsoft support. Here is the mutlicloud capabilities technical documentation. Check out the Ignite session here!
