Announcing the Next generation Azure Data Box Devices
Microsoft Azure Data Box offline data transfer solution allows you to send petabytes of data into Azure Storage in a quick, inexpensive, and reliable manner. The secure data transfer is accelerated by hardware transfer devices that enable offline data ingestion to Azure. Our customers use the Data Box family to move petabytes-scale data into Azure for backup, archival, data analytics, media and entertainment, training, and different workload migrations etc. We continue to get requests about moving truly massive amounts of data in a secure, simple and quick manner. We’ve heard you and to address your needs, we’ve designed a new, enhanced product to meet your data transfer needs. About the latest innovation in Azure Data Box Family Today, we’re excited to announce the preview of Azure Data Box 120 and Azure Data Box 525, our next-generation compact, NVMe-based Data Box devices. The new offerings reflect insights gained from working with our customers over the years and understanding their evolving data transfer needs. These new devices incorporate several improvements to accelerate offline data transfers to Azure, including: Fast copy - Built with NVMe drives for high-speed transfers and improved reliability and support for faster network connections Easy to use - larger capacity offering (525 TB) in a compact form-factor for easy handling Resilient - Ruggedized devices built to withstand rough conditions during transport Secure - Enhanced physical, hardware and software security features Broader availability – Presence in more Azure regions, meeting local compliance standards and regulations What’s new? Improved Speed & Efficiency NVMe devices offer faster data transfer rates, with copy speeds up to 7 GBps via SMB Direct on RDMA (100-GbE) for medium to large files, a 10x improvement in data transfer speeds as compared to previous generation devices. High-speed transfers to Azure with data upload up to 5x faster for medium to large files, reducing the lead time for your data to become accessible in the Azure cloud. Improved networking with support for up to 100 GbE connections, as compared to 10 GbE on the older generation of devices. Two options with usable capacity of 120 TB and 525 TB in a compact form factor meeting OSHA requirements. Devices ship the next day air in most regions. Learn more about the performance improvements on Data Box 120 and Data Box 525. Enhanced Security The next generation devices come with several new physical, hardware and software security enhancements. This is in addition to the built in Azure security baseline for Data Box and Data Box service security measures currently supported by the service. Secure boot functionality with hardware root of trust and Trusted Platform Module (TPM) 2.0. Custom tamper-proof screws and built-in intrusion detection system to detect unauthorized device access. AES 256-bit BitLocker software encryption for data at rest is currently available. Hardware encryption via the RAID controller, which will be enabled by default on these devices, is coming soon. Furthermore, once available, customers can enable double encryption through both software and hardware encryption to meet their sensitive data transfer requirements. These ISTA 6A compliant devices are built to withstand rough conditions during shipment while keeping both the device and your data safe and intact. Learn more about the enhanced security features on Data Box 120 and Data Box 525. Broader Azure region coverage Recurring request from our customers has been for wider availability of our higher-capacity device to ease large migrations. We’re happy to share Data Box 525 will be available across most Azure regions where the Data Box service is currently live. This marks a significant improvement in availability of a large-capacity device as compared to the current Data Box Heavy. What our customers have to say For the last several months, we’ve been working directly with our customers of all industries and sizes to leverage the next generation devices for their data migration needs. Customers love the larger capacity with form-factor familiarity, seamless set up and faster copy. “This new offering brings significant advantages, particularly by simplifying our internal processes. With deployments ranging from hundreds of terabytes to even petabytes, we previously relied on multiple regular Data Box devices—or occasionally Data Box Heavy devices—which required extensive operational effort. The new solution offers sizes better aligned with our needs, allowing us to achieve optimal results with fewer logistical steps. Additionally, the latest generation is faster and provides more connectivity options at data centre premises, enhancing both efficiency and flexibility for large-scale data transfers.” - Lukasz Konarzewski, Senior Data Architect, Commvault “We have been using the devices to move 1PB of archival media data to Azure blob storage using the Data Box transfer devices. The next generation devices provided a very smooth setup and copy experience, and we were able to transfer data in larger chunks and much faster than before. Overall, this has helped shorten our migration lead times and land the data in the cloud quickly and seamlessly.” - Daniel Perry, Kohler “We have had a positive experience overall with the new Data Box devices to move our data to Azure Blob storage. The devices offer easy plug and play installation, detailed documentation especially for the security features and good data copy performance. We would definitely consider using it again for future large data migration projects.” – Bas Boeijink, Cloud Engineer, Eurofiber Cloud Infra Sign up for the Preview The Preview is available in the US, Canada, EU, UK, and US Gov Azure regions, and we will continue to expand to more regions in the coming months. If you are interested in the preview, we want to hear from you. Customers can sign up here ISV partners can sign up here You can learn more about the all-new Data Box devices here. We are committed to continuing to deliver innovative solutions to lower the barrier for bringing data to Azure. Your feedback is important to us. Tell us what you think about the new Azure Data Box preview by writing to us at DataBoxPM@microsoft.com – we can’t wait to hear from you. Stop by and see us! Now that you’ve heard about the latest innovation in the product family, do come by and see the new devices at the Ignite session What’s new in Azure Storage: Supercharge your data centric workloads, on 21st November starting 11:00 AM CST. You can also drop by the Infra Hub to learn more from our product experts and sign up to try the new devices for your next migration!Building a Scalable Web Crawling and Indexing Pipeline with Azure storage and AI Search
In the ever-evolving world of data management, keeping search indexes up-to-date with dynamic data can be challenging. Traditional approaches, such as manual or scheduled indexing, are resource-intensive, delay-prone, and difficult to scale. Azure Blob Trigger combined with an AI Search Indexer offers a cutting-edge solution to overcome these challenges, enabling real-time, scalable, and enriched data indexing. This blog explores how Blob Trigger, integrated with Azure Cognitive Search, transforms the indexing process by automating workflows and enriching data with AI capabilities. It highlights the step-by-step process of configuring Blob Storage, creating Azure Functions for triggers, and seamlessly connecting with an AI-powered search index. The approach leverages Azure's event-driven architecture, ensuring efficient and cost-effective data management.Introducing Virtual Machine restore points – a simpler way to protect Azure workloads
Virtual Machine restore point are now generally available. Customers and Azure partners who are looking to build business continuity and disaster recovery solutions can use VM restore points to capture app consistent and crash consistent backups natively on the Azure platform. This can then be used to restore disks and VMs during scenarios such as data loss, data corruption or disaster recovery.
Secure Linux workloads using Azure Files with Encryption in Transit
Encryption in Transit (EiT) overview As organizations increasingly move to cloud environments, safeguarding data security both at rest and during transit is essential for protecting sensitive information from emerging threats and for maintaining regulatory compliance. Azure Files already offers encryption at rest using Microsoft-managed or customer-managed keys for NFS file shares. Today, we're excited to announce the General Availability of Encryption in Transit (EiT) for NFS file shares. By default, Azure encrypts data moving across regions. In addition, all clients accessing Azure Files NFS shares are required to be within the scope of a trusted virtual network (VNet) to ensure secure access to applications. However, data transferred within resources in a VNet remains unencrypted. Enabling EiT ensures that all read & writes to the NFS file shares within the VNET are encrypted providing an additional layer of security. With EiT, enterprises running production scale applications with Azure Files NFS shares can now meet their end-to-end compliance requirements. Feedback from the NFS community and Azure customers emphasized the need for an encryption approach that is easy to deploy, portable, and scalable. TLS enables a streamlined deployment model for NFS with EiT while minimizing configuration complexity, maintaining protocol transparency, and avoiding operational overhead. The result is a more secure, performant, and standards-compliant solution that integrates seamlessly into existing NFS workflows. With EiT, customers can now encrypt all NFS traffic using the latest and most secure version of TLS, TLS 1.3, achieving enterprise-grade security effortlessly. TLS provides three core security guarantees: Confidentiality: Data is encrypted, preventing eavesdropping. Authentication: Client verifies the server via certificates during handshake to establish trust. Integrity: TLS ensures that information arrives safely and unchanged, thus adding protection against data corruption or bitflips in transit. TLS encryption for Azure Files is delivered via stunnel, a trusted, open-source proxy designed to add TLS encryption to existing client-server communications without modifying the applications themselves. It has been widely used for its robust security and transparent, in-transit encryption for many use cases across industries for many years. AZNFS Mount Helper for Seamless Setup EiT client setup and mount for NFS volumes may seem like a daunting task, but we have made it easier using the AZNFS mount helper tool. Simplicity and Resiliency: AZNFS is a simple, open-source tool, maintained and supported by Microsoft, that automates stunnel setup and NFS volume mounting over a secure TLS tunnel. AZNFS’s in-built watchdog's auto-reconnect logic protects the TLS mounts, ensuring high availability during unexpected connectivity interruptions. Sample AZNFS mount commands, customized to your NFS volume, are available in the Azure portal (screenshot below). Fig 1. Azure portal view to configure AZNFS for Azure clients using EiT Standardized and flexible: Mounting with AZNFS incorporates the Microsoft recommended performance, security and reliability mount options by default while providing flexibility to adjust these settings to fit your workload. For example, while TLS is the default selection, you can override it to non-TLS connections for scenarios like testing or debugging. Broad Linux compatibility: AZNFS is available through Microsoft’s package repository for major Linux distributions, including Ubuntu, RedHat, SUSE, Alma Linux, Oracle Linux and more. Seamless upgrades: AZNFS package updates automatically in the background without affecting the active mount connections. You will not need any maintenance windows or downtime to perform upgrades. The illustration below shows how EiT helps transmit data securely between clients and NFS volumes over trusted networks. Fig 2. EiT set up flow and secure data transfer for NFS shares Enterprise Workloads and Platform Support EiT is compatible with applications running on a wide range of platforms, including Linux VMs in Azure, on-premises Linux servers, VM scale sets, and Azure Batch, ensuring compatibility with major Linux distributions for cloud, hybrid, and on-premises deployments. Azure Kubernetes Service (AKS): The preview of NFS EiT in AKS will be available shortly. In the meantime, the upstream Azure Files CSI Driver includes AZNFS integration, which can be manually configured to enable EiT for NFS volumes with stateful container workloads. SAP: SAP systems are central to many business operations and handle sensitive data like financial information, customer details, and proprietary data. Securing this confidential data within the SAP environment, including its central services, is a critical concern. NFS volumes, used in central services are single points of failure, making their security and availability crucial. This blog post on SAP deployments on Azure provides guidance on using EiT enabled NFS volumes for SAP deployment scenarios to make them even more secure. SAP tested EiT for their SAP RISE deployments and shared positive feedback: “The NFS Encryption in Transit preview has been a key enabler for running RISE customers mission critical workloads on Azure Files, helping us meet high data in transit encryption requirements without compromising performance or reliability. It has been critical in supporting alignment with strict security architectures and control frameworks—especially for regulated industries like financial services and healthcare. We’re excited to see this capability go GA and look forward to leveraging it at scale.” Ventsislav Ivanov, IT Architecture Chief Expert, SAP Compliance-centric verticals: As part of our preview, customers in industry verticals including financial services, insurance, retail leveraged EiT to address their data confidentiality and compliance needs. One such customer, Standard Chartered, a major global financial institution, highlighted its benefits. “The NFS Encryption in Transit preview has been a key enabler for migrating one of our on-premises applications to Azure. It allowed us to easily run tests in our development and staging environments while maintaining strict compliance and security for our web application assets. Installation of the required aznfs package was seamless, and integration into our bootstrap script for virtual machine scale set automation went smoothly. Additionally, once we no longer needed to disable the HTTPS requirement on our storage account, no further changes were necessary to our internal Terraform modules—making the experience nearly plug-and-play. We’re excited to see this capability reach general availability” Mohd Najib, Azure Cloud Engineer, Standard Chartered Regional availability and pricing Encryption in Transit GA with TLS 1.3 is rolling out globally and is now available in most regions. EiT can be enabled on both new and existing storage accounts and Azure Files NFS shares. There is no additional cost for enabling EiT. Next Steps to Secure Your Workloads Explore More: How to encrypt data in transit for NFS shares| Microsoft Learn Mandate Security: Enable “Secure Transfer Required” on all your Storage Accounts with NFS volumes to mandate EiT for additional layer of protection. Enforce at Scale: Enable Azure Policy for enforcing EiT across your subscription. Please reach out to the team at AzureFiles@microsoft.com for any questions and feedback.Azure File Sync: faster, more secure and Windows Server 2025 support
Azure File Sync enables seamless tiering of data from on-premises Windows Servers to Azure Files for hybrid use cases and simplified migration. It also enables you to leverage the performance, flexibility and compatibility of your on-premises File Server while leveraging the scale and cost effectiveness of Azure Files. The latest updates for Azure File Sync bring a host of exciting features and improvements: Faster server onboarding and disaster recovery (7x improvement), significantly reducing the time to access data on new server endpoints. Sync performance has been significantly improved (10x improvement), reducing the amount of time to migrate shares and sync a large number of changes (for example, permission changes). Windows Server 2025 support ensures that organizations can stay on the cutting edge of technology. Windows Server 2025 introduces enhanced capabilities, offering better scalability, security, and cloud integration. Copilot in Azure can help you quickly troubleshoot and resolve common Azure File Sync issues. Managed identities support is now in preview, enabling a more secure method to authenticate to your Azure File shares. In this blog post, we’ll explore these key updates and what they mean for businesses looking to maximize their Azure File Sync experience. Whether it's reducing your on-premises footprint or ensuring seamless and secure cloud integration, now is the ideal time to embrace Azure File Sync and take full advantage of what it has to offer. Faster server provisioning and improved disaster recovery for Azure File Sync server endpoints One of the most significant updates in Azure File Sync is the dramatic reduction in time required for provisioning new server endpoints. Previously, setting up a new server endpoint could take hours or even days, but with the v19 release and later, we’ve drastically cut down the time it takes to access data on the new server endpoint. This enhancement is critical for disaster recovery and is especially impactful when the Azure file share contains millions of files and folders. Furthermore, to enhance the management experience, we’ve introduced a Provisioning Steps tab in the portal, which allows you to easily determine when server endpoints are ready for use. You can now access data before syncing is complete. As users or applications navigate through their data, the system prioritizes relevant items for quicker access, eliminating the need to wait for a full download. These improvements help businesses quickly get their server endpoints up and running without long delays, improving overall operational efficiency. For more information, see Create an Azure File Sync server endpoint documentation. Improved sync performance for migrations & bulk updates Another exciting update for Azure File Sync is the substantial improvement in sync performance, now reaching up to 200 items per second. This marks a tenfold improvement over the past two years. This enhancement strengthens Azure File Sync's role as a seamless migration tool, enabling faster data transfers, especially those that require a large number of file changes (for example, when file permissions are changed). It's particularly beneficial for customers aiming to replace on-premises file servers and manage larger data sizes with Azure File Sync. Support for Windows Server 2025 Azure File Sync now supports Windows Server 2025 which has improved security, performance and manageability . The Azure File Sync extension for Windows Admin Center now supports Windows Servers from Windows Server 2025 down to Windows Server 2012 R2. This makes Azure File Sync suitable for a wide range of organizations regardless of their current server version. Azure File Sync facilitates the modernization of file servers, allowing organizations to seamlessly transition to newer servers running Windows Server 2025. The integration with Windows Admin Center (WAC) provides centralized management, offering a unified interface for managing configurations across multiple File Sync servers. This integration simplifies the management process, reducing complexity and saving time. With this configuration, businesses can utilize Windows Server as a fast cache for their Azure file share and optionally implement cloud tiering for more efficient data management. Enhancing File Sync with Copilot in Azure With Copilot in Azure, you can now supercharge your Azure deployments by taking advantage of cutting-edge AI technology that simplifies troubleshooting and resolution like never before. Whether it’s network misconfigurations, incorrect RBAC permissions, or accidental file share deletions, Copilot makes fixing these issues faster and easier than ever. Copilot automatically detects errors and misconfigurations, guides you through the necessary steps to resolve them, and can even take action on your behalf to fix common problems instantly. If you encounter challenges with Azure File Sync due to incorrect network settings, simply enter a prompt like, “Help me troubleshoot Azure File Sync issues.” Copilot in Azure will walk you through the steps to identify and correct the network misconfigurations, ensuring that your files sync smoothly again. By leveraging Copilot’s intelligent capabilities, you not only save time on manual troubleshooting but also gain the confidence to resolve issues independently, allowing you to focus more on growing your business instead of dealing with roadblocks. With Copilot, you stay ahead of the curve, maximizing productivity and minimizing downtime in your Azure environment. For more information, see Troubleshoot and resolve Azure File Sync issues using Microsoft Copilot. Preview: Managed identities support for enhanced security Azure File Sync now includes support for managed identities (MI). This feature allows organizations to authenticate with Azure File shares using an Entra ID identity, replacing the need for a shared key. The new managed identities support enables more secure authentication across several areas of Azure File Sync, including: Storage Sync Service authentication to Azure File shares Registered server authentication to Azure File shares Registered server authentication to Storage Sync Service For more information, see How to use managed identities with Azure File Sync (preview). Get Started with File Sync Don’t have Azure File Sync yet? To get started, see How to deploy Azure File Sync. Share Your Feedback Your feedback is invaluable to us as it shapes and refines Azure File Sync and Azure Files. Please take a moment to share your feedback with us.
