Announcing Azure Command Launcher for Java
Optimizing JVM Configuration for Azure Deployments Tuning the Java Virtual Machine (JVM) for cloud deployments is notoriously challenging. Over 30% of developers tend to deploy Java workloads with no JVM configuration at all, therefore relying on the default settings of the HotSpot JVM. The default settings in OpenJDK are intentionally conservative, designed to work across a wide range of environments and scenarios. However, these defaults often lead to suboptimal resource utilization in cloud-based deployments, where memory and CPU tend to be dedicated for application workloads (use of containers and VMs) but still require intelligent management to maximize efficiency and cost-effectiveness. To address this, we are excited to introduce jaz, a new JVM launcher optimized specifically for Azure. jaz provides better default ergonomics for Java applications running in containers and virtual machines, ensuring a more efficient use of resources right from the start, and leverages advanced JVM features automatically, such as AppCDS and in the future, Project Leyden. Why jaz? Conservative Defaults Lead to Underutilization of Resources When deploying Java applications to the cloud, developers often need to fine-tune JVM parameters such as heap size, garbage collection strategies, and other tuning configurations to achieve better resource utilization and potentially higher performance. The default OpenJDK settings, while safe, do not take full advantage of available resources in cloud environments, leading to unnecessary waste and increased operational costs. While advancements in dynamic heap sizing are underway by Oracle, Google, and Microsoft, they are still in development and will be available primarily in future major releases of OpenJDK. In the meantime, developers running applications on current and older JDK versions (such as OpenJDK 8, 11, 17, and 21) still need to optimize their configurations manually or rely on external tools like Paketo Buildpacks, which automate tuning but may not be suitable for all use cases. With jaz, we are providing a smarter starting point for Java applications on Azure, with default configurations designed for cloud environments. The jaz launcher helps by: Optimizing resource utilization: By setting JVM parameters tailored for cloud deployments, jaz reduces wasted memory and CPU cycles. Improve first-deploy performance: New applications often require trial and error to find the right JVM settings. jaz increases the likelihood of better performance on first deployment. Enhance cost efficiency: By making better use of available resources, applications using jaz can reduce unnecessary cloud costs. This tool is ideal for developers who: Want better JVM defaults without diving deep into tuning guides Develop and deploy cloud native microservices with Spring Boot, Quarkus, or Micronaut Prefer container-based workflows such as Kubernetes and OpenShift Deploy Java workloads on Azure Container Apps, Azure Kubernetes Service, Azure Red Hat OpenShift, or Azure VMs How jaz works? jaz sits between your container startup command and the JVM. It will: Detect the cloud environment (e.g., container limits, available memory) Analyzes the workload type and selects best-fit JVM options Launches the Java process with optimized flags, such as: Heap sizing GC selection and tuning Logging and diagnostics settings as needed Example Usage Instead of this: $ JAVA_OPTS="-XX:... several JVM tuning flags" $ java $JAVA_OPTS -jar myapp.jar" Use: $ jaz -jar myapp.jar You will automatically benefit from: Battle-tested defaults for cloud native and container workloads Reduced memory waste Better startup and warmup performance No manual tuning required How to Access jaz (Private Preview) jaz is currently available through a Private Preview. During this phase, we are working closely with selected customers to refine the experience and gather feedback. To request access: 👉 Submit your interest here Participants in the Private Preview will receive access to jaz via easily installed standalone Linux packages for container images of the Microsoft Build of OpenJDK and Eclipse Temurin (for Java 8). Customers will have direct communication with our engineering and product teams to further enhance the tool to fit their needs. For a sneak peek, you can read the documentation. Our Roadmap Our long-term vision for jaz includes adaptive JVM configuration based on telemetry and usage patterns, helping developers achieve optimal performance across all Azure services. ⚙️ JVM Configuration Profiles 📦 AppCDS Support 📦 Leyden Support 🔄 Continuous Tuning 📊 Share telemetry through Prometheus We’re excited to work with the Java community to shape this tool. Your feedback will be critical in helping us deliver a smarter, cloud-native Java runtime experience on Azure.Building the Agentic Future
As a business built by developers, for developers, Microsoft has spent decades making it faster, easier and more exciting to create great software. And developers everywhere have turned everything from BASIC and the .NET Framework, to Azure, VS Code, GitHub and more into the digital world we all live in today. But nothing compares to what’s on the horizon as agentic AI redefines both how we build and the apps we’re building. In fact, the promise of agentic AI is so strong that market forecasts predict we’re on track to reach 1.3 billion AI Agents by 2028. Our own data, from 1,500 organizations around the world, shows agent capabilities have jumped as a driver for AI applications from near last to a top three priority when comparing deployments earlier this year to applications being defined today. Of those organizations building AI agents, 41% chose Microsoft to build and run their solutions, significantly more than any other vendor. But within software development the opportunity is even greater, with approximately 50% of businesses intending to incorporate agentic AI into software engineering this year alone. Developers face a fascinating yet challenging world of complex agent workflows, a constant pipeline of new models, new security and governance requirements, and the continued pressure to deliver value from AI, fast, all while contending with decades of legacy applications and technical debt. This week at Microsoft Build, you can see how we’re making this future a reality with new AI-native developer practices and experiences, by extending the value of AI across the entire software lifecycle, and by bringing critical AI, data, and toolchain services directly to the hands of developers, in the most popular developer tools in the world. Agentic DevOps AI has already transformed the way we code, with 15 million developers using GitHub Copilot today to build faster. But coding is only a fraction of the developer’s time. Extending agents across the entire software lifecycle, means developers can move faster from idea to production, boost code quality, and strengthen security, while removing the burden of low value, routine, time consuming tasks. We can even address decades of technical debt and keep apps running smoothly in production. This is the foundation of agentic DevOps—the next evolution of DevOps, reimagined for a world where intelligent agents collaborate with developer teams and with each other. Agents introduced today across GitHub Copilot and Azure operate like a member of your development team, automating and optimizing every stage of the software lifecycle, from performing code reviews, and writing tests to fixing defects and building entire specs. Copilot can even collaborate with other agents to complete complex tasks like resolving production issues. Developers stay at the center of innovation, orchestrating agents for the mundane while focusing their energy on the work that matters most. Customers like EY are already seeing the impact: “The coding agent in GitHub Copilot is opening up doors for each developer to have their own team, all working in parallel to amplify their work. Now we're able to assign tasks that would typically detract from deeper, more complex work, freeing up several hours for focus time." - James Zabinski, DevEx Lead at EY You can learn more about agentic DevOps and the new capabilities announced today from Amanda Silver, Corporate Vice President of Product, Microsoft Developer Division, and Mario Rodriguez, Chief Product Office at GitHub. And be sure to read more from GitHub CEO Thomas Dohmke about the latest with GitHub Copilot. At Microsoft Build, see agentic DevOps in action in the following sessions, available both in-person May 19 - 22 in Seattle and on-demand: BRK100: Reimagining Software Development and DevOps with Agentic AI BRK 113: The Agent Awakens: Collaborative Development with GitHub Copilot BRK118: Accelerate Azure Development with GitHub Copilot, VS Code & AI BRK131: Java App Modernization Simplified with AI BRK102: Agent Mode in Action: AI Coding with Vibe and Spec-Driven Flows BRK101: The Future of .NET App Modernization Streamlined with AI New AI Toolchain Integrations Beyond these new agentic capabilities, we’re also releasing new integrations that bring key services directly to the tools developers are already using. From the 150 million GitHub users to the 50 million monthly users of the VS Code family, we’re making it easier for developers everywhere to build AI apps. If GitHub Copilot changed how we write code, Azure AI Foundry is changing what we can build. And the combination of the two is incredibly powerful. Now we’re bringing leading models from Azure AI Foundry directly into your GitHub experience and workflow, with a new native integration. GitHub models lets you experiment with leading models from OpenAI, Meta, Cohere, Microsoft, Mistral and more. Test and compare performance while building models directly into your codebase all within in GitHub. You can easily select the best model performance and price side by side and swap models with a simple, unified API. And keeping with our enterprise commitment, teams can set guardrails so model selection is secure, responsible, and in line with your team’s policies. Meanwhile, new Azure Native Integrations gives developers seamless access to a curated set of 20 software services from DataDog, New Relic, Pinecone, Pure Storage Cloud and more, directly through Azure portal, SDK, and CLI. With Azure Native Integrations, developers get the flexibility to work with their preferred vendors across the AI toolchain with simplified single sign-on and management, while staying in Azure. Today, we are pleased to announce the addition of even more developer services: Arize AI: Arize’s platform provides essential tooling for AI and agent evaluation, experimentation, and observability at scale. With Arize, developers can easily optimize AI applications through tools for tracing, prompt engineering, dataset curation, and automated evaluations. Learn more. LambdaTest HyperExecute: LambdaTest HyperExecute is an AI-native test execution platform designed to accelerate software testing. It enables developers and testers to run tests up to 70% faster than traditional cloud grids by optimizing test orchestration, observability and streamlining TestOps to expedite release cycles. Learn more. Mistral: Mistral and Microsoft announced a partnership today, which includes integrating Mistral La Plateforme as part of Azure Native Integrations. Mistral La Plateforme provides pay-as-you-go API access to Mistral AI's latest large language models for text generation, embeddings, and function calling. Developers can use this AI platform to build AI-powered applications with retrieval-augmented generation (RAG), fine-tune models for domain-specific tasks, and integrate AI agents into enterprise workflows. MongoDB (Public Preview): MongoDB Atlas is a fully managed cloud database that provides scalability, security, and multi-cloud support for modern applications. Developers can use it to store and search vector embeddings, implement retrieval-augmented generation (RAG), and build AI-powered search and recommendation systems. Learn more. Neon: Neon Serverless Postgres is a fully managed, autoscaling PostgreSQL database designed for instant provisioning, cost efficiency, and AI-native workloads. Developers can use it to rapidly spin up databases for AI agents, store vector embeddings with pgvector, and scale AI applications seamlessly. Learn more. Java and .Net App Modernization Shipping to production isn’t the finish line—and maintaining legacy code shouldn’t slow you down. Today we’re announcing comprehensive resources to help you successfully plan and execute app modernization initiatives, along with new agents in GitHub Copilot to help you modernize at scale, in a fraction of the time. In fact, customers like Ford China are seeing breakthrough results, reducing up to 70% of their Java migration efforts by using GitHub Copilot to automate middleware code migration tasks. Microsoft’s App Modernization Guidance applies decades of enterprise apps experience to help you analyze production apps and prioritize modernization efforts, while applying best practices and technical patterns to ensure success. And now GitHub Copilot transforms the modernization process, handling code assessments, dependency updates, and remediation across your production Java and .NET apps (support for mainframe environments is coming soon!). It generates and executes update plans automatically, while giving you full visibility, control, and a clear summary of changes. You can even raise modernization tasks in GitHub Issues from our proven service Azure Migrate to assign to developer teams. Your apps are more secure, maintainable, and cost-efficient, faster than ever. Learn how we’re reimagining app modernization for the era of AI with the new App Modernization Guidance and the modernization agent in GitHub Copilot to help you modernize your complete app estate. Scaling AI Apps and Agents Sophisticated apps and agents need an equally powerful runtime. And today we’re advancing our complete portfolio, from serverless with Azure Functions and Azure Container Apps, to the control and scale of Azure Kubernetes Service. At Build we’re simplifying how you deploy, test, and operate open-source and custom models on Kubernetes through Kubernetes AI Toolchain Operator (KAITO), making it easy to inference AI models with the flexibility, auto-scaling, pay-per-second pricing, and governance of Azure Container Apps serverless GPU, helping you create real-time, event-driven workflows for AI agents by integrating Azure Functions with Azure AI Foundry Agent Service, and much, much more. The platform you choose to scale your apps has never been more important. With new integrations with Azure AI Foundry, advanced automation that reduces developer overhead, and simplified operations, security and governance, Azure’s app platform can help you deliver the sophisticated, secure AI apps your business demands. To see the full slate of innovations across the app platform, check out: Powering the Next Generation of AI Apps and Agents on the Azure Application Platform Tools that keep pace with how you need to build This week we’re also introducing new enhancements to our tooling to help you build as fast as possible and explore what’s next with AI, all directly from your editor. GitHub Copilot for Azure brings Azure-specific tools into agent mode in VS Code, keeping you in the flow as you create, manage, and troubleshoot cloud apps. Meanwhile the Azure Tools for VS Code extension pack brings everything you need to build apps on Azure using GitHub Copilot to VS Code, making it easy to discover and interact with cloud services that power your applications. Microsoft’s gallery of AI App Templates continues to expand, helping you rapidly move from concept to production app, deployed on Azure. Each template includes fully working applications, complete with app code, AI features, infrastructure as code (IaC), configurable CI/CD pipelines with GitHub Actions, along with an application architecture, ready to deploy to Azure. These templates reflect the most common patterns and use cases we see across our AI customers, from getting started with AI agents to building GenAI chat experiences with your enterprise data and helping you learn how to use best practices such as keyless authentication. Learn more by reading the latest on Build Apps and Agents with Visual Studio Code and Azure Building the agentic future The emergence of agentic DevOps, the new wave of development powered by GitHub Copilot and new services launching across Microsoft Build will be transformative. But just as we’ve seen over the first 50 years of Microsoft’s history, the real impact will come from the global community of developers. You all have the power to turn these tools and platforms into advanced AI apps and agents that make every business move faster, operate more intelligently and innovate in ways that were previously impossible. Learn more and get started with GitHub CopilotPowering the Next Generation of AI Apps and Agents on the Azure Application Platform
Generative AI is already transforming how businesses operate, with organizations seeing an average return of 3.7x for every $1 of investment [The Business Opportunity of AI, IDC study commissioned by Microsoft]. Developers sit at the center of this transformation, and their need for speed, flexibility, and familiarity with existing tools is driving the demand for application platforms that integrate AI seamlessly into their current development workflows. To fully realize the potential of generative AI in applications, organizations must provide developers with frictionless access to AI models, frameworks, and environments that enable them to scale AI applications. We see this in action at organizations like Accenture, Assembly Software, Carvana, Coldplay (Pixel Lab), Global Travel Collection, Fujitsu, healow, Heineken, Indiana Pacers, NFL Combine, Office Depot, Terra Mater Studios (Red Bull), and Writesonic. Today, we’re excited to announce new innovations across the Azure Application Platform to meet developers where they are and help enterprises accelerate their AI transformation. The Azure App Platform offers managed Kubernetes (Azure Kubernetes Service), serverless (Azure Container Apps and Azure Functions), PaaS (Azure App Service) and integration (Azure Logic Apps and API Management). Whether you’re modernizing existing applications or creating new AI apps and agents, Azure provides a developer‑centric App Platform—seamlessly integrated with Visual Studio, GitHub, and Azure AI Foundry—and backed by a broad portfolio of fully managed databases, from Azure Cosmos DB to Azure Database for PostgreSQL and Azure SQL Database. Innovate faster with AI apps and agents In today’s fast-evolving AI landscape, the key to staying competitive is being able to move from AI experimentation to production quickly and easily. Whether you’re deploying open-source AI models or integrating with any of the 1900+ models in Azure AI Foundry, the Azure App Platform provides a streamlined path for building and scaling AI apps and agents. Kubernetes AI Toolchain Operator (KAITO) for AKS add-on (GA) and Azure Arc extension (preview) simplifies deploying, testing, and operating open-source and custom models on Kubernetes. Automated GPU provisioning, pre-configured settings, workspace customization, real-time deployment tracking, and built-in testing interfaces significantly reduce infrastructure overhead and accelerate AI development. Visual Studio Code integration enables developers to quickly prototype, deploy, and manage models. Learn more. Serverless GPU integration with AI Foundry Models (preview) offers a new deployment target for easy AI model inferencing. Azure Container Apps serverless GPU offers unparalleled flexibility to run any supported model. It features automatic scaling, pay-per-second pricing, robust data governance, and built-in enterprise networking and security support, making it an ideal solution for scalable and secure AI deployments. Learn more. Azure Functions integration with AI Foundry Agent Service (GA) enables you to create real-time, event-driven workflows for AI agents without managing infrastructure. This integration enables agents to securely invoke Azure Functions to execute business logic, access systems, or process data on demand. It unlocks scalable, cost-efficient automation for intelligent applications that respond dynamically to user input or events. Learn more. Azure Functions enriches Azure OpenAI extension (preview) to automate embeddings for real-time RAG, semantic search, and function calling with built-in support for AI Search, Azure Cosmos DB for MongoDB and Azure Data Explorer vector stores. Learn more. Azure Functions MCP extension adds support for instructions and monitoring (preview) making it easier to build and operate remote MCP servers at cloud scale. With this update, developers can deliver richer AI interactions by providing capabilities and context to large language models directly from Azure Functions. This enables AI agents to both call functions and respond intelligently with no separate orchestration layer required. Learn more. Harnessing AI to drive intelligent business processes As AI continues to grow in adoption, its ability to automate complex business process workflows becomes increasingly valuable. Azure Logic Apps empowers organizations to build, orchestrate, and monitor intelligent, agent-driven workflows. Logic Apps agent loop orchestrates agentic business processes (preview) with goal-based automation using AI-powered reasoning engines such as OpenAI’s GPT-4o or GPT-4.1. Instead of building fixed flows, users can define the desired outcomes, and Agent loop action in Logic Apps figures out the steps dynamically. With 1400+ out-of-the-box connectors to various enterprise systems and SaaS applications, and full observability, Logic Apps enables you to rapidly deliver on all business process needs with agentic automation. Learn more. Enable intelligent data pipelines for RAG using Logic Apps (preview) with new native integrations with Azure Cosmos DB and Azure AI Search. Teams can ingest content into vector stores and databases through low-code templates. No custom code required. This enables AI agents to ground responses in proprietary data, improving relevance and accuracy for real business outcomes. Learn more. Empower AI agents to act with Logic Apps in AI Foundry (preview) across enterprise systems using low-code automation. Prebuilt connectors and templates simplify integration with Microsoft and third-party services from databases to SaaS apps. This gives developers and business users a faster way to orchestrate intelligent actions, automate complex workflows, and operationalize AI across the organization. Learn more. Scale AI innovation across your enterprise As AI adoption grows, so does the need for visibility and control over how models are accessed and utilized. Azure API Management helps you achieve this with advanced tools that ensure governance, security, and efficient management of your AI APIs. Expanded AI Gateway capabilities in Azure API Management (GA) give organizations deeper control, observability, and governance for generative AI workloads. Key additions include LLM Logging for prompts, completions, and token usage insights; session-aware load balancing to maintain context in multi-turn chats; robust guardrails through integration with Azure AI Content Safety service, and direct onboarding of models from Azure AI Foundry. Customers can also now apply GenAI-specific policies to AWS Bedrock model endpoints, enabling unified governance across multi-cloud environments. Learn more. Azure API Management support for Model Context Protocol (preview) makes it easy to expose existing APIs as secure, agent-compatible endpoints. You can apply gateway policies such as authentication, rate limiting, caching, and authorization to protect MCP servers. This ensures consistent, centralized policy enforcement across all your MCP-enabled APIs. With minimal effort, you can transform APIs into AI-ready services that integrate seamlessly with autonomous agents. Learn more. Azure API Center introduces private MCP registry and streamlined discovery (preview) giving organizations full control over which services are discoverable. Role-Based Access Control (RBAC) allows teams to manage who can find, use, and update MCP servers based on organizational roles. Developers can now discover and consume MCP-enabled APIs directly through the API Center portal. These updates improve governance and simplify developer experience for AI agent development. Learn more. Simplify operations for AI apps and agents in production Moving AI applications from proof-of-concept to production requires an environment that scales securely, cost-effectively, and reliably. The Azure App Platform continues to evolve with enhancements that remove operational friction, so you can deploy your AI apps, agents and scale with confidence. App Service Premium v4 Plan (preview) delivers up to 25% better performance and up to 24% cost savings over the previous generation—ideal for scalable, secure web apps. App Service Premium v4 helps modernize both Windows and Linux applications with better performance, security, and DevOps integration. It now offers a more cost-effective solution for customers seeking a fully managed PaaS, reducing infrastructure overhead while supporting today’s demanding AI applications. Learn more. AKS security dashboard (GA) provides unified visibility and automated remediation powered by Microsoft Defender for Containers—helping operations stay ahead of threats and compliance needs without leaving the Azure portal. Learn more. AKS Long-Term Support (GA) introduces 2-year support for all versions of Kubernetes after 1.27, in addition to the standard community-supported versions. This extended support model enables teams to reduce upgrade frequency and complexity, ensure platform stability, and provide greater operational flexibility. Learn more. Dynamic service recommendations for AKS (preview) streamlines the process of selecting and connecting services to your Azure Kubernetes Service cluster by offering tailored Azure service recommendations directly in the Azure portal. It uses in-portal intelligence to suggest the right services based on your usage patterns, making it easier to choose what’s best for your workloads. Learn more. Azure Functions Flex Consumption adds support for availability zones and smaller instance sizes (preview) to improve reliability and resiliency for critical workloads. The new 512 MB memory option helps customers fine-tune resource usage and reduce costs for lightweight functions. These updates are available in Australia East, East Asia, Sweden Central, and UK South, and can be enabled on both new and existing Flex Consumption apps. Learn more. Join us at Microsoft Build, May 19-22 The future of AI applications is here, and it’s powered by Azure. From APIs to automation, from web apps to Kubernetes, and from cloud to edge, we’re building the foundation for the next era of intelligent software. Whether you're modernizing existing systems or pioneering the next big thing in AI, Azure gives you the tools, performance, and governance to build boldly. Our platform innovations are designed to simplify your path, remove operational friction, and help you scale with confidence. Explore the various breakout, demo and lab sessions at Microsoft Build, May 19-22, to dive deeper into these Azure App Platform innovations. We can’t wait to see what you will build next!Reimagining App Modernization for the Era of AI
This blog highlights the key announcements and innovations from Microsoft Build 2025. It focuses on how AI is transforming the software development lifecycle, particularly in app modernization. Key topics include the use of GitHub Copilot for accelerating development and modernization, the introduction of Azure SRE agent for managing production systems, and the launch of the App Modernization Guidance to help organizations modernize their applications with AI-first design. The blog emphasizes the strategic approach to modernization, aiming to reduce complexity, improve agility, and deliver measurable business outcomes
New Networking Capabilities in Azure Container Apps
New Networking Capabilities in Azure Container Apps Azure Container Apps is your go-to fully managed serverless container service that enables you to deploy and run containerized applications with per-second billing and autoscaling without having to manage infrastructure. Today, Azure Container Apps is thrilled to announce several new enterprise capabilities that will take the flexibility, security, and manageability of your containerized applications to the next level. These capabilities include premium ingress, rule-based routing, private endpoints, Azure Arc integration, and planned maintenance. Let’s dive into the advanced networking features that Azure Container Apps has introduced. Public Preview: Premium Ingress in Azure Container Apps Azure Container Apps now supports premium ingress in public preview. This feature brings environment-level ingress configuration options, with the highlight being customizable ingress scaling. This capability supports the scaling of the ingress proxy, allowing you to better handle higher demand workloads, such as large performance tests. By configuring your ingress proxy to run on workload profiles, you can scale out more ingress instances to manage the load. Keep in mind, running the ingress proxy on a workload profile will incur associated costs. But wait, there’s more! This release also includes other ingress-related settings to boost your application’s flexibility, such as termination grace period, idle request timeout, and header count. To learn more, please visit https://aka.ms/aca/ingress-config. Public Preview: Rule-Based Routing in Azure Container Apps Next up, we have rule-based routing, now in public preview. This feature is all about giving you greater flexibility and composability for your Azure Container Apps. It simplifies your architecture for microservice applications, A/B testing, blue-green deployments, and more. With rule-based routing, you can direct incoming HTTP traffic to different apps within your Container Apps environment based on the requested host name or path. This includes support for custom domains! No need to set up a separate reverse proxy like NGINX anymore. Just provide routing rules for your environment and incoming traffic will automatically be routed to the specified target apps. To learn more, please visit https://aka.ms/aca/rule-based-routing. Generally Available: Private Endpoints in Azure Container Apps We’re also excited to announce that private endpoints are now generally available for workload profile environments in Azure Container Apps. This means you can connect to your Container Apps environment using a private IP address in your Azure Virtual Network, eliminating exposure to the public internet and securing access to your applications. Plus, you can connect directly from Azure Front Door to your workload profile environments over a private link instead of the public internet. Today, you can enable Private Link to the container apps origin for Azure Front Door through the Azure CLI and Azure portal. TCP support is now available too! This feature is supported for both Consumption and Dedicated plans in workload profile environments. Whether you have new or existing environments, you can leverage this capability without needing to re-provision your environment. Additionally, this capability introduces the public network access setting, allowing you to configure Azure networking policies. GA pricing will go into effect on July 1, 2025. To learn more, please visit https://aka.ms/aca/private-endpoints. What else is going on with Azure Container Apps at Build 2025? There’s a lot happening at Build 2025! Azure Container Apps has numerous sessions and other features being launched. For a complete overview, check out our https://aka.ms/aca/whats-new-blog-build-2025. For feedback, feature requests, or questions about Azure Container Apps, visit our GitHub page. We look forward to hearing from you!Build secure, flexible, AI-enabled applications with Azure Kubernetes Service
Building AI applications has never been more accessible. With advancements in tools and platforms, developers can now create sophisticated AI solutions that drive innovation and efficiency across various industries. For many, Kubernetes stands out as natural choice for running AI applications and agents due to its robust orchestration capabilities, scalability, and flexibility. In this blog, we will explore the latest advancements in Azure Kubernetes Service (AKS) we are announcing at Microsoft Build 2025, designed to enhance flexibility, bolster security, and seamlessly integrate AI capabilities into your Kubernetes environments. These updates will empower developers to create sophisticated AI solutions, improve operational efficiency, and drive innovation across various industries. Let's dive into the key highlights: Simplify building AI apps Enhancing the intelligence and automation of your Kubernetes environments can greatly improve your operations and development workflows. New AKS features make it easier to integrate AI, simplify processes, streamline deployments, and get smart recommendations for optimizing workloads. This means you can deploy AI-powered apps more efficiently, save time with automated deployments, and receive tailored service recommendations to get you started faster. Deploy open-source and custom models from cloud to edge with the Kubernetes AI toolchain operator (KAITO) add-on for AKS and Arc extension. KAITO streamlines AI model deployment, fine-tuning, inferencing, and development on Kubernetes by providing dynamic scaling, version control, and resource optimization. Easily select the right Azure services for your applications with customized Azure service recommendations in Azure Portal. Once you have deployed your recommended services, you can use the service connector to easily connect the service to your AKS cluster. Streamline the path to cloud-native development with Automated Deployments in AKS. New support for Azure DevOps, AKS-ready templates, and service connectors make it easier than ever to generate Dockerfiles and Kubernetes manifests and connect your applications to popular Azure services. Simplify multi-cluster management and streamline GitOps workflows. Automated Deployments in Azure Kubernetes Fleet Manager (public preview) let you connect GitHub repositories to a hub cluster, enabling continuous deployment by building, containerizing, and staging applications with GitHub Actions triggered on code updates. Operate with flexibility In the ever-evolving landscape of app development, flexibility is often key to maintaining operational efficiency and adaptability while meeting the dynamic demands of your business. The latest updates in AKS aim to provide greater flexibility by simplifying management, improving resource utilization, and providing more control over your deployments. Whether you're looking to streamline namespace management, ensure concurrency control, or optimize VM selection, these new capabilities will help you achieve greater operational efficiency and adaptability in your AKS clusters. Gain more flexibility and control over your Kubernetes upgrade timelines with long term support (LTS), now for all Kubernetes versions after 1.27. LTS extends support by an extra year beyond the community end-of-life, giving you more time to plan and execute upgrades on your schedule. All AKS supported Kubernetes version release updates are available in AKS release tracker. Improve reliability and safeguard your AKS configurations during concurrent operations with eTags concurrency control, now generally available. This built-in mechanism detects and prevents conflicting changes, ensuring only the most recent and valid updates are applied to your cluster. Enhance performance and reliability while optimizing resource utilization. Smart VM Defaults (generally available) automatically select the optimal default VM SKU for you based on available capacity and quota. Boost MySQL and PostgreSQL throughput by up to 5x with performance enhancements on ephemeral disks with Azure Container Storage v1.3.0 (generally available). Use cost-effective alerting strategies for AKS to reduce alerting costs while maintaining proactive visibility into container health and performance with Azure Monitor. Detect and resolve placement drift with new conflict-handling strategies in Azure Kubernetes Fleet Manager, giving you more control over multi-cluster workload consistency. Strengthen your security posture As organizations scale their cloud-native applications, securing every layer of the Kubernetes stack becomes mission-critical. AKS continues to meet this challenge with a wave of new security capabilities designed to protect your workloads, streamline compliance, and reduce operational risk. From runtime threat detection and image signature enforcement to a unified security dashboard, AKS now offers a more comprehensive, integrated approach to cluster protection—backed by Microsoft Defender for Cloud and Azure Policy. Whether you're managing a single cluster or operating at fleet scale, these innovations help you stay ahead of threats while maintaining agility. Secure your Kubernetes environment more effectively with the AKS Security Dashboard. Available through the Azure portal, it offers comprehensive visibility and automated remediation for security issues—helping you detect, prioritize, and resolve risks with greater confidence. Proactively block risky workloads by gating vulnerable deployments in AKS (public preview), which uses Microsoft Defender for Cloud to evaluate container images against your org’s security policies and vulnerability assessments—ensuring only compliant deployments reach your clusters. Gain deeper visibility into runtime risks with Agentless runtime vulnerability assessment for AKS-owned images (public preview), helping you identify CVEs and recommended fixes tied to specific AKS versions. Additionally, registry-agnostic agentless runtime container vulnerability assessment (public preview) provides comprehensive vulnerability assessment and remediation for container images, regardless of their registry source. Detect threats in real time with DNS Lookup Threat Detection and malware detection for AKS nodes, both in public preview via Microsoft Defender for Cloud. These features monitor suspicious DNS activity and scan nodes for vulnerabilities and malware—boosting your runtime protection. Onboard clusters with flexibility using resource-level onboarding for individual AKS clusters in Defender for Cloud, now in public preview. This enables agentless, sensor-based alerts directly in the AKS dashboard. Establish trusted connections with custom certificate authority support in AKS (generally available), allowing secure communication between your cluster and private registries, proxies, and firewalls. Keep your Kubernetes traffic private and protected with API Server VNet Integration in AKS (generally available). By routing communication between the API server and your cluster nodes entirely through a private network, you avoid public exposure and complex tunneling—making your setup both simpler and more secure. AKS at Microsoft Build 2025 These new features and updates for AKS are set to provide greater flexibility, enhanced security, and advanced AI capabilities, empowering users to scale, secure, and optimize their Kubernetes environments like never before. To see these innovations in action and learn more about how they can benefit your organization, be sure to join us virtually or in person at Microsoft Build this week. Our experts will be showcasing these features in detail, providing live demonstrations, and answering any questions you may have. We hope to see you in Seattle or online! Session Code Session Title Date and time Streamed and recorded BRK188 Build and scale your AI apps with Kubernetes and Azure Arc Mon, May 19 | 3:00 PM - 4:00 PM PST Yes COMM416 Conversations: Let's talk container security and network monitoring Mon, May 19 | 4:00 PM - 4:45 PM PST No LAB346 Ethical Hacking with AKS: Hands-On Attack and Defense Strategies Tues, May 20 | 11:45 AM - 1:00 PM PST No LAB348 Integrate Azure Kubernetes Service apps with Active Directory Tues, May 20 | 1:45 PM - 3:00 PM PST No BRK181 Streamlining AKS Debugging: Techniques to solve common & complex problems Tues, May 20 | 3:00 PM - 4:00 PM PST Yes LAB342 Streamlining Kubernetes for developers with AKS Automatic Tues, May 20 | 3:30 PM - 4:45 AM PST No BRK185 Maximizing efficiency in cloud-native app design Wed, May 21 | 10:30 AM - 11:30 AM PST Yes COMM456 Table Talks: Stateful Containers on AKS Wed, May 21 | 11:00 AM - 12:00 PM PST No COMM451 Table Talks: AKS Ops, Well-Architected Cloud & AI Copilot Wed, May 21 | 1:00 PM – 2:00 PM PST No LAB348-R1 Integrate Azure Kubernetes Service apps with Active Directory Wed, May 21 | 1:00 PM - 2:15 PM PST No BRK191 Running Stateful Workloads on AKS Wed, May 21 | 2:00 PM - 3:00 PM PST Yes LAB345-R1 Deploying and Inferencing AI Applications on Kubernetes Wed, May 21 | 2:45 PM - 4:00 PM PST No COMM452 Table Talks: Troubleshooting AKS, Cost Optimization & AI in K8s Wed, May 21 | 3:00 PM - 4:00 PM PST No BRK193 Skip the YAML! Easily deploy apps to AKS with Automated Deployments Wed, May 21 | 3:30 PM - 4:30 PM PST Yes BRK194 Adventures in AI: Deploying and inferencing open source and custom models on K8s Wed, May 21 | 5:00 PM – 6:00 PM PST Yes LAB342-R1 Streamlining Kubernetes for developers with AKS Automatic Thurs, May 22 | 8:30 AM – 9:45 AM PST No LAB346-R1 Ethical Hacking with AKS: Hands-On Attack and Defense Strategies Thurs, May 22 | 10:15 AM – 11:30 AM PST No LAB345 Deploying and Inferencing AI Applications on Kubernetes Thurs, May 22 | 10:15 AM – 11:30 AM PST No ODLAB346 On-Demand: Ethical Hacking with AKS: Hands-On Attack and Defense Strategies On Demand No ODLAB348 On-Demand: Integrate Azure Kubernetes Service apps with Active Directory On Demand No
FSI Knowledge Mining and Intelligent Document Process Reference Architecture
FSI customers such as insurance companies and banks rely on their vast amounts of data to provide sometimes hundreds of individual products to their customers. From assessing product suitability, underwriting, fraud investigations, and claims handling, many employees and applications depend on accessing this data to do their jobs efficiently. Since the capabilities of GenAI have been realised, we have been helping our customers in this market transform their business with unified systems that simplify access to this data and speed up the processing times of these core tasks, while remaining compliant with the numerous regulations that govern the FSI space. Combining the use of Knowledge Mining with Intelligent Document processing provides a powerful solution to reduce the manual effort and inefficacies of ensuring data integrity and retrieval across the many use cases that most of our customers face daily. What is Knowledge Mining and Intelligent Document Processing? Knowledge Mining is a process that transforms large, unstructured data sets into searchable knowledge stores. Traditional search methods often rely on keyword matching, which can miss the context of the information. In contrast, knowledge mining uses advanced techniques like natural language processing (NLP) to understand the context and meaning behind the data, providing a robust searching mechanism that can look across all these data sources, understand the relationships between the data therefore providing more accurate and relevant results. Intelligent Document Processing (IDP) is a workflow automation technology designed to scan, read, extract, categorise, and organise meaningful information from large streams of data. Its primary function is to extract valuable information from extensive data sets without human input, thereby increasing processing speed and accuracy while reducing costs. By leveraging a combination of Artificial Intelligence (AI), Machine Learning (ML), Optical Character Recognition (OCR), and Natural Language Processing (NLP), IDP handles both structured and unstructured documents. By ensuring that the processed data meets the "gold standard" - structured, complete, and compliant - IDP helps organizations maintain high-quality, reliable, and actionable data. The Power of Knowledge Mining and Intelligent Document Processing as a Unified Solution Knowledge Mining excels at quickly responding to natural language queries, providing valuable insights and making previously unsearchable data accessible. At the same time, IDP ensures that the processed data meets the "gold standard"—structured, complete, and compliant—making it both reliable and actionable. Together, these technologies empower organisations to harness the full potential of their data, driving better decision-making and improved efficiency. __________________________________________________________________ Meet Alex: A Day in the Life of a Fraud Case Worker Responsibilities: Investigate potential fraud cases by manually searching across multiple systems. Read and analyse large volumes of information to filter out relevant data. Ensure compliance with regulatory requirements and maintain data accuracy. Prepare detailed reports on findings and recommendations. Lost in Data: The Struggles of Manual Fraud Investigation Alex receives a new fraud case and starts by manually searching through multiple systems to gather information. This process takes several hours, and Alex has to read through numerous documents and emails to filter out relevant data. The inconsistent data formats and locations make it challenging to ensure accuracy. By the end of the day, Alex is exhausted and has only made limited progress on the case. Effortless Efficiency: Fraud Investigation Transformed with Knowledge Mining and IDP Alex receives a new fraud case and needs to gather all relevant information quickly. Instead of manually searching through multiple systems, Alex inputs the following natural language query into the unified system: "Show me all documents, emails, and notes related to the recent transactions of client X that might indicate fraudulent activity." The system quickly retrieves and presents a comprehensive summary of all relevant documents, emails, and notes, ensuring that the data is structured, complete, and compliant. This allows Alex to focus on analysing the data and making informed decisions, significantly improving the efficiency and accuracy of the investigation. How has Knowledge Mining and IDP transformed Alex's role? Before implementing Knowledge Mining and Intelligent Document Processing, Alex faced a manual process of searching across multiple systems to gather information. This was time-consuming and labour-intensive, often leading to delays in investigations. The overwhelming volume of data from various sources made it difficult to filter out relevant information, and the inconsistent data formats and locations increased the risk of errors. This high workload not only reduced Alex's efficiency but also led to burnout and decreased job satisfaction. However, with the introduction of a unified system powered by Knowledge Mining and IDP, these challenges were significantly mitigated. Automated searches using natural language queries allowed Alex to quickly find relevant information, while IDP ensured that the data processed was structured, complete, and compliant. This unified system provided a comprehensive view of the data, enabling Alex to make more informed decisions and focus on higher-value tasks, ultimately improving productivity and job satisfaction. ____________________________________________________________________ Example Architecture Knowledge Mining Users can interact with the system through a portal on the customer’s front-end of choice. This will serve as the entry point for submitting queries and accessing the knowledge mining service. Front-end options could include web apps, container services or serverless integrations. Azure AI Search provides powerful RAG capabilities. Meanwhile, Azure Open AI provides access to large language models to summarise responses. These services combined will take the user’s query to search the knowledge base and return relevant information which can be augmented as required. Prompt engineering can provide customisation to how the data is returned. You define what the data sources your Azure AI Search will consume. This can be Azure storage services or other data repositories. Data that meets a pre-defined gold standard is queried by Azure AI Search and relevant data is returned to the user. Gold standard data could be based on compliance or business needs. Power BI can be used to create analytical reports based on the data retrieved and processed. This step involves visualising the data in an interactive and user-friendly manner, allowing users to gain insights and make data-driven decisions. Intelligent Document Processing (Optional) Azure Data Factory is a data integration service that allows you to create workflows for data movement and transforming data at scale. This business data can be easily ingested to your Azure data storage solutions using pre-built connectors. This event driven approach ensures that as new data is generated, it can automatically be processed and ready for use in your knowledge mining solution. Data can be transformed using Functions apps and Azure OpenAI. Through prompt engineering, the large language model (LLM) can highlight specific issues in the documents, such as grammatical errors, irrelevant content, or incomplete information. The LLM can then be used to rewrite text to improve clarity and accuracy, add missing information, or reformat content to adhere to guidelines. Transformed data is stored as gold standard data. ____________________________________________________________________ Additional Cloud Considerations Networking VNETs (Virtual Networks) are a fundamental component of cloud infrastructure that enable secure and isolated networking configurations within a cloud environment. They allow different resources, such as virtual machines, databases, and services, to communicate with each other securely. Virtual networks ensure that services such as Azure AI Search, Azure OpenAI, and Power BI, can securely communicate with each other. This is crucial for maintaining the integrity and confidentiality of sensitive financial data. Express Route or VPN are expected to be used when connecting on-premises infrastructure to Azure for several reasons. Your company Azure ExpressRoute provides a private, reliable, and high-speed connection between your data center and Microsoft Azure. It allows you to extend your infrastructure to Azure by providing private access to resources deployed in Azure Virtual Networks and public services like App service, private end points to various other services. This private peering ensures that your traffic never enters the public Internet, enhancing security and performance. ExpressRoute uses Border Gateway Protocol (BGP) for dynamic routing between your on-premises networks and Azure, ensuring efficient and secure data exchange. It also offers built-in redundancy and high availability, making it a robust solution for critical workloads. Azure Front Door is a cloud-based Content Delivery Network (CDN) and application delivery service provided by Microsoft. It offers several key features, including global load balancing, dynamic site acceleration, SSL offloading, and a web application firewall, making it an ideal solution for optimizing and protecting web applications. We are expecting to use Front door in scenarios when the architecture will be expected to be used by users outside the organisation. Azure API Management in this scenario is expected to be used when we look to rollout the solution to larger groups. We look to then integrate much more security, rate limiting, load balancing, etc. Monitoring and Governance Azure Monitor: This service collects and analyses telemetry data from various resources, providing insights into the performance and health of the system. It enables proactive identification and resolution of issues, ensuring the system runs smoothly. Azure Cost Management and Billing: Provides tools for monitoring and controlling costs associated with the solution. It offers insights into spending patterns and resource usage, enabling efficient financial governance. Application Insights: Provides application performance monitoring (APM) designed to help you understand how your applications are performing and to identify issues that may affect their performance and reliability These components together ensure that the Knowledge Mining and Intelligent Document Processing solution is monitored for performance, secured against threats, compliant with regulations, and managed efficiently from a cost perspective. ____________________________________________________________________ Next steps: Identify the data and its sources that will feed into your own Knowledge Mine. Consider if you also need to implement Intelligent Document Processing to ensure data quality. Define your 'gold standards'. These guidelines will determine how your data might be transformed. Consider how to provide access to the data through an application portal, choose the right front-end technology for your use case. Once you have configured Azure AI search to point to the chosen data, consider how you might augment responses using Azure AI LLM models. Useful resources AI Landing Zone reference architecture Azure and Open AI with API Manager Secure connectivity from on premesis to Azure hosted solutions
