Preventing and recovering from accidental deletion of an Azure Database for MySQL flexible server
Accidental deletion of critical Azure resources, such as Azure Database for MySQL flexible servers, can disrupt operations. To help avoid such accidental deletions, you can use a couple of options, including Azure Resource Locks and Azure Policy. This post explains how to implement these mechanisms, and how to revive a dropped MySQL flexible server by using the Azure CLI.Custom Port Support in Azure Database for MySQL – Flexible Server is Now Generally Available
We are excited to announce that custom port support for Azure Database for MySQL – Flexible Server is now generally available (GA). This long-requested feature gives you greater flexibility to align MySQL server deployments with your network and security requirements. By default, MySQL uses TCP port 3306; with this GA release, you can configure a custom port (between 25001 and 26000) when creating a new Azure Database for MySQL flexible server. This enables easier integration with legacy applications, helps comply with strict network security policies, and avoids port conflicts in complex environments. What’s new in GA (vs. Public Preview): In the Public Preview (July 2025), custom ports were only supported for VNet-injected (private access) servers, with no support for public access or Private Link connectivity. Now, with GA, you can create custom-port servers in any network configuration – including both publicly accessible servers and those using Private Link (private endpoint) connectivity. In short, all new MySQL flexible servers can be created with a custom port, whether they are configured for public network access or deployed into a private virtual network. Feature Highlights Custom Port Range: Choose a port between 25001 and 26000 during server provisioning. (Only one custom port is supported per server.) This is in addition to the default MySQL port 3306, which remains available for use if needed. Supported Scenarios: Custom ports are fully supported for new server creation, point-in-time restore (including cross-port restores), read replica setup, and High Availability (HA) deployments. You can perform a restore or set up a replica even if the source and target servers use different ports, and you can enable HA on a server configured with a non-default port. Networking Flexibility: Supported on both public access and private access configurations. You can create servers with a custom port in public access mode (accessible via the internet with firewall rules) or in private access mode (injected into a VNet). Azure Private Link is also supported – meaning you can connect via a private endpoint to a MySQL server running on a custom port. This enhancement broadens the feature’s applicability beyond the preview’s limited scope, allowing usage in all network scenarios. Managed Experience: The custom port feature is built into the managed service experience. Aside from specifying a different port number for client connections, there is no change in how you manage or operate the MySQL flexible server – all administrative capabilities and integrations (backup, monitoring, etc.) work as they do with the default port. Current Limitations Be aware of a couple of limitations at GA: Port Immutable After Creation: You cannot change the server’s port after the server is created. If you need to use a different port, you will have to create a new server with that port. As a workaround, you can use Point-in-Time Restore (PITR) to quickly clone your database into a new server with the desired port (since cross-port restores are supported), rather than performing a full manual migration. Geo-Replication/Geo-Restore: Cross-region operations like geo-restore and geo-replication are not yet supported for servers using a custom port. In other words, you cannot perform a geo-restore of a backup from a custom-port server, and you cannot create cross-region read replicas on custom port servers at this time. These capabilities are on the roadmap but remain unsupported in the current release. Why Custom Ports? Many enterprise developers and DBAs have asked for custom port support to accommodate specialized network scenarios. For example, some organizations enforce strict firewall rules or use non-standard ports for databases to meet internal security compliance requirements. Others may have legacy applications or multi-database setups that require MySQL to run on a port other than 3306 to avoid conflicts. The custom port feature addresses these needs by allowing you to select a non-default port during server creation, while Azure continues to handle all the usual PaaS management tasks. In short, you get the flexibility of a custom network configuration without losing the benefits of a fully managed database service. Getting Started Using a custom port is straightforward. At GA, the Azure portal’s create experience is the way to set a custom port (support in CLI/PowerShell/ARM will come later). In the portal, when you create a new Azure Database for MySQL – Flexible Server, you’ll find an option to specify the “Database port.” Provide any value between 25001 and 26000 as the port number for your server. Once the server is deployed, client applications should connect using the <servername>.mysql.database.azure.com hostname and the port you chose, instead of the default 3306. All other connection settings (such as SSL enforcement and credentials) remain the same. Make sure to configure network access rules to allow traffic on your chosen port. For public access servers, this means updating the firewall rules or network security groups to permit the custom port. For private access or Private Link setups, ensure that your networking (NSGs, on-premises firewall rules, etc.) permits traffic on the custom port to reach the database. Learn More Custom port support is now GA and ready for production use, so we encourage you to try it out if your environment can benefit from it. For more details on Azure Database for MySQL – Flexible Server connectivity and custom ports, refer to the official documentation: Networking Overview - Azure Database for MySQL | Microsoft Learn We look forward to seeing how you use this new capability to tailor your MySQL deployments. With custom port support now generally available, Azure Database for MySQL – Flexible Server offers even more flexibility to meet your organizational policies and integration needs, all while delivering a fully managed experience. Happy deploying!September 2025 Recap: What’s New with Azure Database for PostgreSQL
September 2025 Recap for Azure Database for PostgreSQL September was a big month for Azure Postgres! From the public preview of PostgreSQL 18 (launched same day as the community!) to the GA of Azure Confidential Computing and Near Zero Downtime scaling for HA, this update is packed with new capabilities that make PostgreSQL on Azure more secure, performant, and developer-friendly. 💡 Here’s a quick peek at what’s inside: PostgreSQL 18 (Preview) – early access to the latest community release on Azure Near Zero Downtime Scaling (GA) – compute scaling in under 30 seconds for HA servers Azure Confidential Computing (GA) – hardware-backed data-in-use protection PostgreSQL Discovery & Assessment in Azure Migrate (Preview) – plan your migration smarter LlamaIndex Integration – build AI apps and vector search using Azure Postgres VS Code Extension Enhancements – new Server Dashboard + Copilot Chat integration Catch all the highlights and hands-on guides in the full recap 👉 #PostgreSQL #AzureDatabase #AzurePostgres #CloudDatabases #AI #OpenSource #MicrosoftSeptember 2025 Recap: Azure Database for MySQL
Join us live on our YouTube channel on October 15, 2025 for an exclusive webinar where we’ll dive deeper into the latest Azure Database for MySQL updates and answer your questions! Watch it live here. Support for In-Place Major Version Upgrade from 8.0 to 8.4 We previously announced that Azure Database for MySQL version 8.4 is now generally available. We’re now happy to share that in-place major version upgrade is supported for MySQL servers from 8.0 to 8.4. If you’re currently on MySQL 5.7, you’ll first need to perform an in-place upgrade from 5.7 to 8.0, and then upgrade from 8.0 to 8.4. Learn more. Near-Zero-Downtime Maintenance - General Availability You can now take advantage of near-zero-downtime maintenance for Azure Database for MySQL with high availability (HA) enabled. This capability is now generally available and is supported by our new HA architecture based on a dedicated Azure Standard Load Balancer design. Thanks to the dedicated Standard Load Balancer design, maintenance is now faster and no longer impacted by client-side DNS caching, which previously caused brief connection drops in some scenarios. This enhancement ensures that your mission-critical workloads remain continuously available, even during infrastructure updates, helping you meet strict uptime requirements and maintain operational continuity. Learn more. We would love your feedback We look forward to your feedback as you explore these enhancements and continue building with Azure Database for MySQL. If you have any suggestions or queries about our service, please let us know by emailing us at AskAzureDBforMySQL@service.microsoft.com. To learn more about what's new with Flexible Server, see What's new in Azure Database for MySQL - Flexible Server. Stay tuned for more updates and announcements by following us on social media: YouTube | LinkedIn | X. Thanks for being part of our community!PostgreSQL and the Power of Community
PGConf NYC 2025 is the premier event for the global PostgreSQL community, and Microsoft is proud to be a Platinum sponsor this year. The conference will also feature a keynote from Claire Giordano, Principal PM for PostgreSQL at Microsoft, who will share our vision for Postgres along with lessons from ten PostgreSQL hacker journeys.PostgreSQL 18 Preview on Azure Database for PostgreSQL
PostgreSQL 18 Preview on Azure Postgres Flexible Server We’re excited to bring the latest Postgres innovations directly into Azure. With PG18 Preview, you can already test: 🔹 Asynchronous I/O (AIO) → faster queries & lower latency 🔹 Vacuuming enhancements → less bloat, fewer replication conflicts 🔹 UUIDv7 support → better indexing & sort locality 🔹 B-Tree skip scan → more efficient use of multi-column indexes 🔹 Improved logical replication & DDL → easier schema evolution across replicas And that’s just the start — PG18 includes hundreds of community contributions, with 496 from Microsoft engineers alone 💪 👉 Try it out today on Azure Postgres Flexible Server (initially in East Asia), share your feedback, and help shape GA.
Architecting Secure PostgreSQL on Azure: Insights from Mercedes-Benz
Authors: Johannes Schuetzner, Software Engineer at Mercedes-Benz & Nacho Alonso Portillo, Principal Program Manager at Microsoft When you think of Mercedes-Benz, you think of innovation, precision, and trust. But behind every iconic vehicle and digital experience is a relentless drive for security and operational excellence. At Mercedes-Benz R&D in Sindelfingen, Germany, Johannes Schuetzner and the team faced a challenge familiar to many PostgreSQL users: how to build a secure, scalable, and flexible database architecture in the cloud—without sacrificing agility or developer productivity. This article shares insights from Mercedes-Benz about how Azure Database for PostgreSQL can be leveraged to enhance your security posture, streamline access management, and empower teams to innovate with confidence. The Challenge: Security Without Compromise “OK, let’s stop intrusions in their tracks,” Schuetzner began his POSETTE talk, setting the tone for a deep dive into network security and access management. Many organizations need to protect sensitive data, ensure compliance, and enable secure collaboration across distributed teams. The typical priorities are clear: Encrypt data in transit and at rest Implement row-level security for granular access Integrate with Microsoft Defender for Cloud for threat protection Focus on network security and access management—where configuration can make the biggest impact Building a Secure Network: Private vs. Public Access Mercedes-Benz explored two fundamental ways to set up their network for Azure Database for PostgreSQL: private access and public access. “With private access, your PostgreSQL server is integrated in a virtual network. With public access, it is accessible by everybody on the public internet,” explained Schuetzner. Public Access: Public endpoint, resolvable via DNS Firewall rules control allowed IP ranges Vulnerable to external attacks; traffic travels over public internet Private Access: Server injected into an Azure VNET Traffic travels securely over the Azure backbone Requires delegated subnet and private DNS VNET peering enables cross-region connectivity “One big benefit of private access is that the network traffic travels over the Azure backbone, so not the public internet,” said Schuetzner. This ensures that sensitive data remain protected, even as applications scaled across regions. An Azure VNET is restricted to an Azure region though and peering them may be complex. Embracing Flexibility: The Power of Private Endpoints Last year, Azure introduced private endpoints for PostgreSQL, a significant milestone in Mercedes-Benz’s database connectivity strategy. It adds a network interface to the resource that can also be reached from other Azure regions. This provides the resources in the VNET associated with the private endpoint to connect to the Postgres server. The network traffic travels securely over the Azure backbone. Private endpoints allow Mercedes-Benz to: Dynamically enable and disable public access during migrations Flexibly provision multiple endpoints for different VNETs and regions Have explicit control over the allowed network accesses Have in-built protection from data exfiltration Automate setup with Terraform and infrastructure-as-code This flexibility can be crucial for supporting large architectures and migration scenarios, all while maintaining robust security. Passwordless Authentication: Simplicity Meets Security Managing database passwords is a pain point for every developer. Mercedes-Benz embraced Azure Entra Authentication (formerly Azure Active Directory) to enable passwordless connections. Passwordless connections do not rely on traditional passwords but are based on more secure authentication methods of Azure Entra. They require less administrational efforts and prevent security breaches. Benefits include: Uniform user management across Azure resources Group-based access control Passwordless authentication for applications and CI/CD pipelines For developers, this means less manual overhead and fewer risks of password leaks. “Once you have set it up, then Azure takes good care of all the details, you don’t have to manage your passwords anymore, also they cannot be leaked anymore accidentally because you don’t have a password,” Schuetzner emphasized. Principle of Least Privilege: Granular Authorization Mercedes-Benz appreciates the principle of least privilege, ensuring applications have only the permissions they need—nothing more. By correlating managed identities with specific roles in PostgreSQL, teams can grant only necessary Data Manipulation Language (DML) permissions (select, insert, update), while restricting Data Definition Language (DDL) operations. This approach minimizes risk and simplifies compliance. Operational Excellence: Automation and Troubleshooting Automation is key to Mercedes-Benz’s success. Using Terraform and integrated in CI/CD pipelines, the team can provision identities, configure endpoints, and manage permissions—all as code. For troubleshooting, tools like Azure Bastion enable secure, temporary access to the database for diagnostics, without exposing sensitive endpoints. The Impact: Security, Agility, and Developer Empowerment By leveraging Azure Database for PostgreSQL, Mercedes-Benz can achieve: Stronger security through private networking and passwordless authentication Flexible, scalable architecture for global operations Streamlined access management and compliance Empowered developers to focus on innovation, not infrastructure Schuetzner concluded, “Private endpoints provide a new network opportunity for Postgres on Azure. There are additional costs, but it’s more flexible and more dynamic. Azure takes good care of all the details, so you don’t have to manage your passwords anymore. It’s basically the ultimate solution for password management.” Mercedes-Benz’s story shows that with the right tools and mindset, you can build secure and scalable solutions on Azure Database for PostgreSQL. For more details, refer to the full POSETTE session.Introducing support for Graph data in Azure Database for PostgreSQL (Preview)
We are excited to announce the addition of Apache AGE extension in Azure Database for PostgreSQL, a significant advancement that provides graph processing capabilities within the PostgreSQL ecosystem. This new extension brings a powerful toolset for developers looking to leverage a graph database with the robust enterprise features of Azure Database for PostgreSQL.August 2025 Recap: Azure Database for PostgreSQL
Here’s what’s new this month to help you build smarter and scale securely: Advisor performance tuning (GA): New insights on index scans, logging, stats, and connections Entra ID group login (Preview): Let users sign in with their own credentials (no need for login using group-ID). New region – Austria East: Lower latency + data residency options for Central Europe LangChain & LangGraph support: Use Azure PostgreSQL as a vector store for AI agents Active-active replication guide: Step-by-step walkthrough using pglogical Full details in monthly recap: https://techcommunity.microsoft.com/blog/adforpostgresql/august-2025-recap-azure-database-for-postgresql/4450527
