Validating Scalable EDA Storage Performance: Azure NetApp Files and SPECstorage Solution 2020
Electronic Design Automation (EDA) workloads drive innovation across the semiconductor industry, demanding robust, scalable, and high-performance cloud solutions to accelerate time-to-market and maximize business outcomes. Azure NetApp Files empowers engineering teams to run complex simulations, manage vast datasets, and optimize workflows by delivering industry-leading performance, flexibility, and simplified deployment—eliminating the need for costly infrastructure overprovisioning or disruptive workflow changes. This leads to faster product development cycles, reduced risk of project delays, and the ability to capitalize on new opportunities in a highly competitive market. In a historic milestone, Microsoft has been independently validated Azure NetApp Files for EDA workloads through the publication of the SPECstorage® Solution 2020 EDA_BLENDED benchmark, providing objective proof of its readiness to meet the most demanding enterprise requirements, now and in the future.
Accelerating Enterprise AI Adoption with Azure AI Landing Zone
Introduction As organizations across industries race to integrate Artificial Intelligence (AI) into their business processes and realize tangible value, one question consistently arises — where should we begin? Customers often wonder: What should the first steps in AI adoption look like? Should we build a unified, enterprise-grade platform for all AI initiatives? Who should guide us through this journey — Microsoft, our partners, or both? This blog aims to demystify these questions by providing a foundational understanding of the Azure AI Landing Zone (AI ALZ) — a unified, scalable, and secure framework for enterprise AI adoption. It explains how AI ALZ builds on two key architectural foundations — the Cloud Adoption Framework (CAF) and the Well-Architected Framework (WAF) — and outlines an approach to setting up an AI Landing Zone in your Azure environment. Foundational Frameworks Behind the AI Landing Zone 1.1 Cloud Adoption Framework (CAF) The Azure Cloud Adoption Framework is Microsoft’s proven methodology for guiding customers through their cloud transformation journey. It encompasses the complete lifecycle of cloud enablement across stages such as Strategy, Plan, Ready, Adopt, Govern, Secure, and Manage. The Landing Zone concept sits within the Ready stage — providing a secure, scalable, and compliant foundation for workload deployment. CAF also defines multiple adoption scenarios, one of which focuses specifically on AI adoption, ensuring that AI workloads align with enterprise cloud governance and best practices. 1.2 Well-Architected Framework (WAF) The Azure Well-Architected Framework complements CAF by providing detailed design guidance across five key pillars: Reliability Security Cost Optimization Operational Excellence Performance Efficiency AI Landing Zones integrate these design principles to ensure that AI workloads are not only functional but also resilient, cost-effective, and secure at enterprise scale. Understanding Azure Landing Zones To understand an AI Landing Zone, it’s important to first understand Azure Landing Zones in general. An Azure Landing Zone acts as a blueprint or foundation for deploying workloads in a cloud environment — much like a strong foundation is essential for constructing a building or bridge. Each workload type (SAP, Oracle, CRM, AI, etc.) may require a different foundation, but all share the same goal: to provide a consistent, secure, and repeatable environment built on best practices. Azure Landing Zones provide: A governed, scalable foundation aligned with enterprise standards Repeatable, automated deployment patterns using Infrastructure as Code (IaC) Integrated security and management controls baked into the architecture The Role of Azure AI Foundry in AI Landing Zones Azure AI Foundry is emerging as Microsoft’s unified environment for enterprise AI development and deployment. It acts as a one-stop platform for building, deploying, and managing AI solutions at scale. Key components include: Foundry Model Catalog: A collection of foundation and fine-tuned models Agent Service: Enables model selection, tool and knowledge integration, and control over data and security Search and Machine Learning Services: Integrated capabilities for knowledge retrieval and ML lifecycle management Content Safety and Observability: Ensures responsible AI use and operational visibility Compute Options: Customers can choose from various Azure compute services based on control and scalability needs: Azure Kubernetes Service (AKS) — full control App Service and Azure Container Apps — simplified management Azure Functions — fully serverless option What Is Azure AI Landing Zone (AI ALZ)? The Azure AI Landing Zone is a workload-specific landing zone designed to help enterprises deploy AI workloads securely and efficiently in production environments. Key Objectives of AI ALZ Accelerate deployment of production-grade AI solutions Embed security, compliance, and resilience from the start Enable cost and operational optimization through standardized architecture Support repeatable patterns for multiple AI use cases using Azure AI Foundry Empower customer-centric enablement with extensibility and modularity By adopting the AI ALZ, organizations can move faster from proof-of-concept (POC) to production, addressing common challenges such as inconsistent architectures, lack of governance, and operational inefficiencies. Core Components of AI Landing Zone The AI ALZ is structured around three major components: Design Framework – Based on the Cloud Adoption Framework (CAF) and Well-Architected Framework (WAF). Reference Architectures – Blueprint architectures for common AI workloads. Extensible Implementations – Deployable through Terraform, Bicep, or (soon) Azure Portal templates using Azure Verified Modules (AVM). Together, these elements allow customers to quickly deploy a secure, standardized, and production-ready AI environment. Customer Readiness and Discovery A common question during early customer engagements is: “Can our existing enterprise-scale landing zone support AI workloads, or do we need a new setup?” To answer this, organizations should start with a discovery and readiness assessment, reviewing their existing enterprise-scale landing zone across key areas such as: Identity and Access Management Networking and Connectivity Data Security and Compliance Governance and Policy Controls Compute and Deployment Readiness Based on this assessment, customers can either: Extend their existing enterprise-scale foundation, or Deploy a dedicated AI workload spoke designed specifically for Azure AI Foundry and enterprise-wide AI enablement. Attached excel contains the discovery question to enquire about customer current setup and propose a adoption plan to reflect architecture changes if any. The Journey Toward AI Adoption The AI Landing Zone represents the first critical step in an organization’s AI adoption journey. It establishes the foundation for: Consistent governance and policy enforcement Security and networking standardization Rapid experimentation and deployment of AI workloads Scalable, production-grade AI environments By aligning with CAF and WAF, customers can be confident that their AI adoption strategy is architecturally sound, secure, and sustainable. Conclusion The Azure AI Landing Zone provides enterprises with a structured, secure, and scalable foundation for AI adoption at scale. It bridges the gap between innovation and governance, enabling organizations to deploy AI workloads faster while maintaining compliance, performance, and operational excellence. By leveraging Microsoft’s proven frameworks — CAF and WAF — and adopting Azure AI Foundry as the unified development platform, enterprises can confidently build the next generation of responsible, production-grade AI solutions on Azure.
AI Azure Landing Zone: Shared Capabilities and Models to Enable AI as a Platform
This architecture diagram illustrates a Microsoft Azure AI Landing Zone Pattern — a scalable, secure, and well-governed framework for deploying AI workloads across multiple subscriptions in an enterprise environment. Let's walk through it end-to-end, breaking down each section, the flow, and key Azure services involved. 🧭 Overview: The architecture is split into 4 major landing zones: Connectivity Subscription AI Apps Landing Zone Subscription AI Hub Landing Zone Subscription AI Services Landing Zone Subscription 🔁 Step-by-Step Breakdown 🔹 1. Users → Application Gateway (WAF) Users (e.g., enterprise employees or external users) access the system via the Application Gateway with Web Application Firewall (WAF). This is part of the Connectivity Subscription and provides: Centralized ingress control Zone redundancy Protection against common exploits 🔹 2. Route to AI Apps Landing Zone Subscription Traffic is routed to the AI Apps Landing Zone Subscription via the Application Gateway. This subscription hosts applications that use AI services, typically in a containerized or App Service-based architecture. 🔹 3. AI Apps Workload Components This section includes: App Hosting: Azure App Services Container Apps (with Container Registry) Networking: Private Endpoints Subnets Network Security Groups Monitoring: Log Analytics Workspaces Diagnostic Settings App Agents: Represent container/app service instances (Agent 1, 2, 3) 🔹 4. Integration with AI Services & Secrets Management These apps securely connect to: Azure Key Vault (secrets, credentials) Azure AI Search Azure Cosmos DB Azure Storage Azure OpenAI App Insights is used for application performance monitoring. Logic Apps & Functions handle: Knowledge Management Processing LLM Integration Workflows 🔹 5 & 6. Connectivity to Centralized Services Virtual Network Peering connects AI Apps Landing Zone with: Connectivity Subscription Hub Virtual Network in the Platform Landing Zone Subscription These provide access to shared infrastructure: Azure Firewall Azure Bastion VPN Gateway / ExpressRoute Azure DNS / Private Resolver Azure DDoS Protection 🔹 7. AI Hub Landing Zone Subscription This acts as a centralized workload processing zone with components like: Event Hubs Azure Key Vault App Insights Power BI Cosmos DB API Management (OpenAI Endpoints) Used for: Observability Usage processing API integration 🔹 8 & 9. FTU Usage Processing & Reporting Function Apps & Logic Apps: Process usage data (e.g., for chargebacks, monitoring) FTU = "Fair Tenant Usage" Reporting is done using Power BI and stored in Cosmos DB 🔹 10 & 11. Network Peering to Platform Zone AI Hub connects back to Platform Landing Zone via Virtual Network Peering Provides access to shared DNS zones and network services 🔹 12. AI Services Landing Zone Subscription This is where core AI capabilities live, such as: Azure OpenAI Azure AI Services: Speech Vision Language Machine Learning Foundry Project: OpenAI Agents Agent Service Dependencies Models hosted in Azure (e.g., GPT) This zone is accessed securely via: Private Endpoints Azure Key Vault Network rules 📦 Subscription Vending (All Zones) Each subscription includes a Subscription Vending Framework for: Spoke VNet placement Route configurations Policy/role assignments Defender for Cloud & cost management This ensures a consistent and compliant environment across the enterprise. 📌 Key Architectural Benefits Feature Purpose 🔐 Zero Trust Network Controlled access via WAF, private endpoints 📡 Scalable AI Apps Container Apps & App Services 🧠 Central AI Services Managed in isolated subscriptions 🔍 Monitoring Deep insights via App Insights, Log Analytics 🧾 Governance Role-based access, policy enforcement 🔌 Secure Integration VNet Peering, Azure Key Vault, API Management 🔚 End-to-End Data Flow Summary Users access app through Application Gateway (WAF) Apps in AI Apps Landing Zone process input Apps call AI services (OpenAI, Cognitive) via private endpoints Data usage and insights flow to AI Hub for logging and analysis FTU and usage metrics processed and stored Platform services support routing, DNS, security 🎯 Goal of the User Journey The user interacts with an AI-powered application (e.g., chatbot, document summarizer, recommendation engine) deployed on Azure. The app is secure, scalable, and integrated with advanced Azure AI services (like OpenAI). 👣 User Journey: Step-by-Step Breakdown ✅ 1. User Access (Public Entry Point) The user (browser or mobile app) sends a request (e.g., opens an AI web app or sends a prompt to a chatbot). The request hits the Azure Application Gateway with Web Application Firewall (WAF). ✅ Filters and protects against malicious traffic. ✅ Ensures high availability with zone redundancy. 🧠 Think of it as the front door to the AI platform. ✅ 2. Routing to AI Application The Application Gateway securely routes the request to the AI Apps Landing Zone Subscription. The user request reaches the App Service or Container App hosting the AI-based application logic. Example: A user submits a product question via a chatbot UI hosted here. ✅ 3. Processing the Request (App Logic) The app receives the input and begins processing: App uses App Insights for performance telemetry. Secrets or config (API keys, connection strings) are securely pulled from Azure Key Vault. Based on the business logic, the app needs to call an AI model (e.g., OpenAI). ✅ 4. Calling AI Services (via Private Endpoints) The app securely connects (using private endpoints) to the AI Services Landing Zone to: 🔹 Call Azure OpenAI (e.g., ChatGPT, DALL·E, embeddings) 🔹 Use Azure Cognitive Services (e.g., speech, vision, search) These services are isolated in their own subscription for security, scalability, and cost governance. 🧠 Here’s where the “AI magic” happens. ✅ 5. Retrieval-Augmented Generation (Optional) If the AI needs additional knowledge (RAG pattern), the app can: Query Azure AI Search for documents. Pull knowledge from Azure Cosmos DB or Azure Storage. AI results are processed via Logic Apps / Functions (e.g., post-processing, formatting). ✅ 6. Return the Response to the User The application receives the AI-generated output. It formats the result (e.g., chatbot message, visual, PDF, etc.) and returns it to the user via the original secure path. ✅ 7. Observability & Usage Logging App, AI service usage, and telemetry are logged in: Log Analytics / App Insights Event Hub → Streamed to AI Hub Landing Zone This enables centralized monitoring and analytics (Power BI dashboards, anomaly detection, etc.) ✅ 8. Usage Reporting & Governance Function App & Logic App in the AI Hub Landing Zone process usage logs. Usage is stored in Azure Cosmos DB. FTU (Fair Tenant Usage) policies are enforced and reported via Power BI dashboards. ✅ 9. Admin/Platform Layer All resources and subscriptions are governed via the Platform Landing Zone: Shared services like DNS, security policies, firewalls Cost controls, Defender for Cloud, DDoS protection Subscription vending and network segmentation 🗺️ Visual Recap: User Journey Flow User → App Gateway (WAF) → App in AI Apps Landing Zone → Call to Azure OpenAI / AI Services → (Optional: Knowledge retrieval) → AI Response →Returned to User → Usage logged & monitored → Usage reporting in AI Hub User Workflow 🔐 Security Throughout the Journey Step Security Feature App Gateway Web Application Firewall App Hosting Private Endpoints, Managed Identity Secrets Azure Key Vault Network Virtual Network Peering, NSGs Governance Role-based access, Policy Assignments 🧠 Example: Real-World Use Case Scenario: A doctor uses a medical AI assistant to analyze patient notes. Logs in via secure portal (WAF gateway) Submits patient notes (App Service) App calls OpenAI with prompt: "Summarize this diagnosis." App also queries internal document store (RAG) OpenAI returns result → displayed in UI Usage tracked for audit and reporting 🧭 User Journey Flow Users End users initiate a request (e.g., accessing an AI-powered app). Application Gateway + WAF (Connectivity Subscription) Request is routed through the Application Gateway with Web Application Firewall for security and traffic filtering. AI Apps Landing Zone Subscription Request enters the AI Apps subscription. Workloads run on App Services or Container Apps (Agents 1, 2, 3). Secure Access Application services authenticate and securely retrieve data from Azure Key Vault, Cosmos DB, Azure Storage, and Azure AI Search. Knowledge Management Processing Logic Apps / Function Apps process the request, enabling workflows, integrations, and knowledge enrichment. AI Hub Gateway Application Requests requiring AI services are routed to the AI Hub for centralized management. API Management (OpenAI Endpoints) APIs handle communication with downstream AI services. Event Hub + App Insights Telemetry and logs are captured for monitoring and troubleshooting. Power BI + Cosmos DB Usage data is aggregated and analyzed for reporting (FTU usage tracking). AI Services Subscription API calls are directed to the AI Services subscription. Azure AI Models Execution Requests hit Azure OpenAI, Azure AI Foundry, Cognitive Services (Speech, Vision, Search, etc.). Foundry/Agent services provide additional AI processing. Response back to User Processed AI output is routed back through the pipeline → API → Hub → Apps → Application Gateway → returned to the user. High Level Architecture Diagram Security & Governance Overview AI Landing Zone Lifecycle Workflow URL Reference Architectures: Baseline Azure AI Foundry Chat Reference Architecture in an Azure Landing Zone - Azure Architecture Center | Microsoft Learn Repo Link for AI Landing Zone: https://github.com/Azure/AI-Landing-Zones
Empower your migration decisions with negotiated agreements (EA/MCA) in Azure Migrate
Cost plays the most important part in cloud migration accelerating the decisions. Organizations often hesitate because retail pricing doesn’t reflect their reality. That’s where Microsoft Customer Agreement (MCA) comes in, offering discounts of up to 60% off retail prices, based on your negotiated contract. Now, with Azure Migrate’s support for MCA pricing, you can bring those negotiated rates directly into your assessments. The result? Accurate cost projections, faster decision-making, and a clear path to the cloud. What is MCA? The Microsoft Customer Agreement (MCA) is a modern, flexible purchasing agreement designed to simplify how organizations buy and manage Microsoft services. It replaces older, complex agreements like the Enterprise Agreement (EA) for many customers, offering: Simplified Terms: A single, digital agreement that covers all Microsoft services. Flexible Purchasing: Pay-as-you-go or commit to specific services based on your needs. Negotiated Discounts: Depending on your contract, MCA can offer up to 60% off retail pricing, making Azure more cost-effective. Centralized Billing: Consolidated invoices and transparent cost tracking across subscriptions. With MCA, customers gain predictability, transparency, and control over their cloud spend—critical for planning large-scale migrations. Why MCA Integration in Azure Migrate Matters Previously, Azure Migrate assessments used standard retail pricing, which often didn’t reflect your negotiated terms. This created uncertainty and slowed decision-making. Now, by integrating MCA pricing: No More Guesswork: Assessments reflect your actual negotiated rates. True Cost Visibility: Understand the real financial impact of your migration strategy. Better Planning: Prioritize workloads and optimize budgets with confidence. How It Works? It is very simple to create assessments with negotiated agreement. Just start from the overview click on Create Assessment, add all the required workloads to the assessment scope. Once you move ahead in general settings select Microsoft Customer Agreement (MCA) as Offer/License program and in the Subscription Id field select the appropriate subscription id. After the assessments are created visualize and compare the costs with retail pricing and MCA cost to compare. Key benefits Accuracy: Realistic cost projections based on your MCA. Flexibility: Model multiple migration scenarios with confidence. Speed: Eliminate manual adjustments and accelerate planning. Ready to Get Started? Don’t let cost ambiguity slow down your cloud journey. Start leveraging MCA-powered assessments in Azure Migrate today and move forward with confidence. 👉 Learn more and get started: Assessment Properties - Azure Migrate | Microsoft Learn
Building a Secure and Compliant Azure AI Landing Zone: Policy Framework & Best Practices
As organizations accelerate their AI adoption on Microsoft Azure, governance, compliance, and security become critical pillars for success. Deploying AI workloads without a structured compliance framework can expose enterprises to data privacy issues, misconfigurations, and regulatory risks. To address this challenge, the Azure AI Landing Zone provides a scalable and secure foundation — bringing together Azure Policy, Blueprints, and Infrastructure-as-Code (IaC) to ensure every resource aligns with organizational and regulatory standards. The Azure Policy & Compliance Framework acts as the governance backbone of this landing zone. It enforces consistency across environments by applying policy definitions, initiatives, and assignments that monitor and remediate non-compliant resources automatically. This blog will guide you through: 🧭 The architecture and layers of an AI Landing Zone 🧩 How Azure Policy as Code enables automated governance ⚙️ Steps to implement and deploy policies using IaC pipelines 📈 Visualizing compliance flows for AI-specific resources What is Azure AI Landing Zone (AI ALZ)? AI ALZ is a foundational architecture that integrates core Azure services (ML, OpenAI, Cognitive Services) with best practices in identity, networking, governance, and operations. To ensure consistency, security, and responsibility, a robust policy framework is essential. Policy & Compliance in AI ALZ Azure Policy helps enforce standards across subscriptions and resource groups. You define policies (single rules), group them into initiatives (policy sets), and assign them with certain scopes & exemptions. Compliance reporting helps surface noncompliant resources for mitigation. In AI workloads, some unique considerations: Sensitive data (PII, models) Model accountability, logging, audit trails Cost & performance from heavy compute usage Preview features and frequent updates Scope This framework covers: Azure Machine Learning (AML) Azure API Management Azure AI Foundry Azure App Service Azure Cognitive Services Azure OpenAI Azure Storage Accounts Azure Databases (SQL, Cosmos DB, MySQL, PostgreSQL) Azure Key Vault Azure Kubernetes Service Core Policy Categories 1. Networking & Access Control Restrict resource deployment to approved regions (e.g., Europe only). Enforce private link and private endpoint usage for all critical resources. Disable public network access for workspaces, storage, search, and key vaults. 2. Identity & Authentication Require user-assigned managed identities for resource access. Disable local authentication; enforce Microsoft Entra ID (Azure AD) authentication. 3. Data Protection Enforce encryption at rest with customer-managed keys (CMK). Restrict public access to storage accounts and databases. 4. Monitoring & Logging Deploy diagnostic settings to Log Analytics for all key resources. Ensure activity/resource logs are enabled and retained for at least one year. 5. Resource-Specific Guardrails Apply built-in and custom policy initiatives for OpenAI, Kubernetes, App Services, Databases, etc. A detailed list of all policies is bundled and attached at the end of this blog. Be sure to check it out for a ready-to-use Excel file—perfect for customer workshops—which includes policy type (Standalone/Initiative), origin (Built-in/Custom), and more. Implementation: Policy-as-Code using EPAC To turn policies from Excel/JSON into operational governance, Enterprise Policy as Code (EPAC) is a powerful tool. EPAC transforms policy artifacts into a desired state repository and handles deployment, lifecycle, versioning, and CI/CD automation. What is EPAC & Why Use It? EPAC is a set of PowerShell scripts / modules to deploy policy definitions, initiatives, assignments, role assignments, exemptions. Enterprise Policy As Code (EPAC) It supports CI/CD integration (GitHub Actions, Azure DevOps) so policy changes can be treated like code. It handles ordering, dependency resolution, and enforcement of a “desired state” — any policy resources not in your repo may be pruned (depending on configuration). It integrates with Azure Landing Zones (including governance baseline) out of the box. References & Further Reading EPAC GitHub Repository Advanced Azure Policy management - Microsoft Learn [Advanced A...Framework] How to deploy Azure policies the DevOps way [How to dep...- Rabobank]Azure Migrate: Connected Experiences
Shiva Shastri Sr Product Marketing Manager, Azure Migrate—Product & Ecosystem. Modernization in motion: Evolving at the speed of change. Modernization is the process of transforming legacy IT systems into technologies and architectures that improve agility, scalability, performance and cost-efficiency. It enables businesses to stay competitive by aligning their capabilities with evolving customer and market demands. Modernization is not a one-time event with a finish-line but a continuous journey of evolution. As technology, customer expectations, and competitive landscapes shift, so must the systems and processes that support them. Cloud-native architectures are inherently aligned with modernization while providing access to innovations such as AI. By treating modernization as an ongoing discipline, organizations can stay ahead of disruption, adapt faster to change, and unlock new opportunities. This ability to move faster and smarter is fully realized in Azure — where modernization becomes both a technical upgrade and a strategic advantage. It enables organizations to refocus on core priorities, respond to market shifts in real time, and reduce operational costs. At the heart of this transformation is Azure Migrate — Microsoft’s free, unified platform for cloud migration and modernization. It offers comprehensive capabilities including IT resource discovery, assessment, business case analysis, planning, and execution — all in a workload-agnostic manner. From a single, secure portal, users can manage and monitor the entire journey and cut over to production in Azure with confidence. Today, we’re excited to introduce several impactful Azure Migrate features designed to help you move your on-premises workloads to Azure more efficiently: Accelerated migration and modernization to the cloud. Azure Migrate Agentic method offers an intuitive and insightful approach to cloud transformation. AI assistance assesses on-prem environments, identifies dependencies, and orchestrates workload transitions with minimal manual intervention. By continuously adapting and delegating activities to the appropriate persona, the agents streamline complex migration paths, reduce risk, and accelerate time-to-value. For organizations moving to Azure, the agentic method provides a fast, frictionless route, turning what was once a daunting task into a guided, efficient journey toward modernization. Infrastructure as Code (IaC) plays a pivotal role in cloud migration and modernization by enabling organizations to automate the provisioning and management of infrastructure through code. This approach ensures consistency, scalability, and repeatability across environments, reducing manual errors and accelerating deployment timelines. Azure Migrate now supports IaC, thus simplifying the transition from legacy systems to cloud-native architectures by codifying infrastructure configurations, making it easier to replicate and validate setups. Comprehensive coverage and consistent user experience for your IT estate. No single migration or modernization tool can address the full spectrum of enterprise scenarios and technologies. That’s why Azure Migrate takes a platform-centric approach — delivering a unified, intelligent experience that spans the entire IT estate. By seamlessly interoperating with specialized tools like Database Migration Service (DMS) and GitHub Copilot (GHCP), Azure Migrate empowers organizations to modernize with confidence, flexibility, and speed. Advanced capabilities like 6R analysis — Rehost, Refactor, Rearchitect, Rebuild, Replace, and Retire — empower organizations to tailor modernization strategies to each application, driving smarter, scenario-specific decisions. Support for migration of Arc-enabled resources extends Azure Migrate’s management and governance capabilities to hybrid and multi-cloud environments, ensuring consistency and control regardless of where workloads reside. Additionally, support for Rocky Linux, PostgreSQL, and application awareness empowers teams to assess entire open-source application stacks with dependencies for readiness to migrate to Azure. Secure by design with human in-the-loop. Azure Migrate has recently introduced several security enhancements that reinforce Microsoft's commitment to a "secure by design" and "secure by default" approach. Among the key updates is the friction-free collector, which simplifies secure data collection for migration assessments while minimizing exposure risks. The friction-free discovery in Azure Migrate eliminates the need for deploying discovery appliances for initial assessments. As a result, it accelerates time-to-value, reduces setup complexity, and aligns well with security-conscious environments, making it an efficient and low-risk way to begin cloud migration planning. Azure Migrate supports Private Link and disabling public network access, ensuring that migration traffic remains within secure, private channels. Additionally, the platform enforces data encryption both in transit and at rest, with options for customer-managed keys, and integrates tightly with Azure Key Vault for secure credential and secret management. A security vulnerability report during migration and modernization identifies misconfigurations, outdated components, or exposed services, and the report provides actionable insights that align with Microsoft Defender for Cloud (MDC) threat protection and posture management capabilities. This allows teams to proactively remediate risks and apply MDC’s security controls ensuring the environment is secure from day-1 in Azure. As organizations navigate shifting markets, supply chains, and climate challenges, sustainability has become a strategic imperative. Azure’s carbon optimization capabilities provide clear visibility into potential emission reductions and cost savings, helping IT teams prioritize impactful actions. By unifying planning, execution, and continuity across infrastructure and applications, Azure delivers a consistent modernization experience. Ultimately, cloud-powered innovation enables businesses to drive efficiency, reduce environmental impact, and stay competitive in a rapidly evolving landscape. Learn more Start with a free Azure account if you are new. Sign up for previews of new capabilities and learn more about the workload agnostic method of Azure Migrate. For expert migration help, please try Azure Accelerate. You can also contact your preferred partner or Microsoft field for next steps. Get started in Azure today!Selecting the Right Agentic Solution on Azure
Recently, we have seen a surge in requests from customers and Microsoft partners seeking guidance on building and deploying agentic solutions at various scales. With the rise of Generative AI, replacing traditional APIs with agents has become increasingly popular. There are several approaches to building, deploying, running, and orchestrating agents on Azure. In this discussion, I will focus exclusively on Azure-specific tools, services, and methodologies, setting aside Copilot and Copilot Studio for now. This article describes the options available as of today. 1. Azure OpenAI Assistants API: This feature within Azure OpenAI Service enables developers to create conversational agents (“assistants”) based on OpenAI models (such as GPT-3.5 and GPT-4). It supports capabilities like memory, tool/function calls, and retrieval (e.g., document search). However, Microsoft has already deprecated version 1 of the Azure OpenAI Assistants API, and version 2 remains in preview. Microsoft strongly recommends migrating all existing Assistants API-based agents to the Agent Service. Additionally, OpenAI is retiring the Assistants API and advises developers to use the modern “Response” API instead (see migration detail). Given these developments, it is not advisable to use the Assistants API for building agents. Instead, you should use the Azure AI Agent Service, which is part of Azure AI Foundry. 2. Workflows with AI agents and models in Azure Logic Apps (Preview) – As the name suggests, this feature is currently in public preview and is only available with Logic Apps Standard, not with the consumption plan. You can enhance your workflow by integrating agentic capabilities. For example, in a visa processing workflow, decisions can be made based on priority, application type, nationality, and background checks using a knowledge base. The workflow can then route cases to the appropriate queue and prepare messages accordingly. Workflows can be implemented either as chat assistant or APIs. If your project is workflow-dependent and you are ready to implement agents in a declarative way, this is a great option. However, there are currently limited choices for models and regional availability. For CI/CD, there is an Azure Logic Apps Standard template available for VS Code you can use. 3. Azure AI Agent Service – Part of Azure AI Foundry, the Azure AI Agent Service allows you to provision agents declaratively from the UI. You can consume various OpenAI models (with support for non-OpenAI models coming soon) and leverage important tools or knowledge bases such as files, Azure AI Search, SharePoint, and Fabric. You can connect agents together and create hierarchical agent dependencies. SDKs are available for building agents within agent services using Python, C#, or Java. Microsoft manages the infrastructure to host and run these agents in isolated containers. The service offers role-based access control, MS Entra ID integration, and options to bring your own storage for agent states and Azure Key Vault keys. You can also incorporate different actions including invoking a Logic App instance from your agent. There is also option to trigger an agent using Logic Apps (preview). Microsoft recommends using Agent Service/Azure Foundry as the destination for agents, as further enhancements and investments are focused here. 4. Agent Orchestrators – There are several excellent orchestrators available, such as LlamaIndex, LangGraph, LangChain, and two from Microsoft—Semantic Kernel and AutoGen. These options are ideal if you need full control over agent creation, hosting, and orchestration. They are developer-only solutions and do not offer a UI (barring AutoGen Studio having some UI assistance). You can create complex, multi-layered agent connections. You can then host and run these agents in you choice of Azure services like AKS or Apps Service. Additionally, you have the option to create agents using Agent Service and then orchestrate them with one of these orchestrators. Choosing the Right Solution The choice of agentic solution depends on several factors, including whether you prefer code or no-code approaches, control over the hosting platform, customer needs, scalability, maintenance, orchestration complexity, security, and cost. Customer Need: If agents need to be part of a workflow, use AI Agents in Logic Apps; otherwise, consider other options. No-Code: For workflow-based agents, Logic Apps is suitable; for other scenarios, Azure AI Agent Service is recommended. Hosting and Maintenance: If Logic Apps is not an option and you prefer not to maintain your own environment, use Azure AI Agent Service. Otherwise, consider custom agent orchestrators like Semantic Kernel or AutoGen to build the agent and services like AKS or Apps Service to host those. Orchestration Complexity: For simple hierarchical agent connections, Azure AI Agent Service is good choice. For complex orchestration, use an agent orchestrator. Versioning - If you are concerned about versioning to ensure solid CI/CD regime then you may have to chose Agent Orchestrators. Agent Service still miss this feature clarity. We have some work-around but it is not robust implementation. Hopefully we will catch up soon with a better versioning solution. Summary: When selecting the right agentic solution on Azure, consider the latest recommendations and platform developments. For most scenarios, Microsoft advises using the Azure AI Agent Service within Azure Foundry, as it is the focus of ongoing enhancements and support. For workflow-driven projects, Azure Logic Apps with agentic capabilities may be suitable, while advanced users can leverage orchestrators for custom agent architecturesAzure OpenAI Landing Zone reference architecture
In this article, delve into the synergy of Azure Landing Zones and Azure OpenAI Service, building a secure and scalable AI environment. Unpack the Azure OpenAI Landing Zone architecture, which integrates numerous Azure services for optimal AI workloads. Explore robust security measures and the significance of monitoring for operational success. This journey of deploying Azure OpenAI evolves alongside Azure's continual innovation.Azure Course Blueprints
Overview The Course Blueprint is a comprehensive visual guide to the Azure ecosystem, integrating all the resources, tools, structures, and connections covered in the course into one inclusive diagram. It enables students to map out and understand the elements they've studied, providing a clear picture of their place within the larger Azure ecosystem. It serves as a 1:1 representation of all the topics officially covered in the instructor-led training. Formats available include PDF, Visio, Excel, and Video. Links: Each icon in the blueprint has a hyperlink to the pertinent document in the learning path on Learn. Layers: You have the capability to filter layers to concentrate on segments of the course Integration: The Visio Template+ for expert courses like SC-100 and AZ-305 includes an additional layer that enables you to compare SC-100, AZ-500, and SC-300 within the same diagram. Similarly, you can compare any combination of AZ-305, AZ-700, AZ-204, and AZ-104 to identify differences and study gaps. Since SC-300 and AZ-500 are potential prerequisites for the expert certification associated with SC-100, and AZ-204 or AZ-104 for the expert certification associated with AZ-305, this comparison is particularly useful for understanding the extra knowledge or skills required to advance to the next level. Advantages for Students Defined Goals: The blueprint presents learners with a clear vision of what they are expected to master and achieve by the course’s end. Focused Learning: By spotlighting the course content and learning targets, it steers learners’ efforts towards essential areas, leading to more productive learning. Progress Tracking: The blueprint allows learners to track their advancement and assess their command of the course material. Topic List: A comprehensive list of topics for each slide deck is now available in a downloadable .xlsx file. Each entry includes a link to Learn and its dependencies. Download links Associate Level PDF Visio Contents Video Overview AZ-104 Azure Administrator Associate R: 12/14/2023 U: 04/16/2025 Blueprint Visio Excel Mod 01 AZ-204 Azure Developer Associate R: 11/05/2024 U: 11/11/2024 Blueprint Visio Excel AZ-500 Azure Security Engineer Associate R: 01/09/2024 U: 10/10/2024 Blueprint Visio+ Excel AZ-700 Azure Network Engineer Associate R: 01/25/2024 U: 11/04/2024 Blueprint Visio Excel SC-200 Security Operations Analyst Associate R: 04/03/2025 U:04/09/2025 Blueprint Visio Excel SC-300 Identity and Access Administrator Associate R: 10/10/2024 Blueprint Excel Specialty PDF Visio AZ-140 Azure Virtual Desktop Specialty R: 01/03/2024 U: 02/27/2025 Blueprint Visio Excel Expert level PDF Visio AZ-305 Designing Microsoft Azure Infrastructure Solutions R: 05/07/2024 U: 02/05/2025 Blueprint Visio+ AZ-104 AZ-204 AZ-700 AZ-140 Excel SC-100 Microsoft Cybersecurity Architect R: 10/10/2024 U: 04/09/2025 Blueprint Visio+ AZ-500 SC-300 SC-200 Excel Skill based Credentialing PDF AZ-1002 Configure secure access to your workloads using Azure virtual networking R: 05/27/2024 Blueprint Visio Excel AZ-1003 Secure storage for Azure Files and Azure Blob Storage R: 02/07/2024 U: 02/05/2024 Blueprint Excel Subscribe if you want to get notified of any update like new releases or updates. Author: Ilan Nyska, Microsoft Technical Trainer My email ilan.nyska@microsoft.com LinkedIn https://www.linkedin.com/in/ilan-nyska/ I’ve received so many kind messages, thank-you notes, and reshares — and I’m truly grateful. But here’s the reality: 💬 The only thing I can use internally to justify continuing this project is your engagement — through this survey https://lnkd.in/gnZ8v4i8 ⏳ Unless I receive enough support via this short survey, the project will be sunset. Thank you for your support! ___ Benefits for Trainers: Trainers can follow this plan to design a tailored diagram for their course, filled with notes. They can construct this comprehensive diagram during class on a whiteboard and continuously add to it in each session. This evolving visual aid can be shared with students to enhance their grasp of the subject matter. Explore Azure Course Blueprints! | Microsoft Community Hub Visio stencils Azure icons - Azure Architecture Center | Microsoft Learn ___ Are you curious how grounding Copilot in Azure Course Blueprints transforms your study journey into smarter, more visual experience: 🧭 Clickable guides that transform modules into intuitive roadmaps 🌐 Dynamic visual maps revealing how Azure services connect ⚖️ Side-by-side comparisons that clarify roles, services, and security models Whether you're a trainer, a student, or just certification-curious, Copilot becomes your shortcut to clarity, confidence, and mastery. Navigating Azure Certifications with Copilot and Azure Course Blueprints | Microsoft Community HubMigrating Application Load Balancer from AWS to Azure Application Gateway
Accelerate Innovation and Business Growth with Azure In today’s digital-first world, organizations are reimagining their cloud architectures to drive agility, resilience, and growth. Migrating your application load balancing from AWS Application Load Balancer (ALB) to Azure Application Gateway is more than a technical upgrade—it’s a strategic move to future-proof your business. Azure Application Gateway delivers enterprise-grade performance, security, and flexibility, empowering you to unlock new opportunities and maximize your cloud investment. Key Insights for a Successful Migration 1. Strategic Assessment: Map Capabilities and Opportunities Begin your journey by evaluating your current AWS ALB environment. Identify critical features—path-based routing, health checks, SSL/TLS termination, autoscaling, and security integrations. Map these capabilities to Azure Application Gateway’s advanced features, including zone redundancy, integrated Web Application Firewall (WAF), and seamless certificate management with Azure Key Vault. This assessment is your blueprint for a migration that preserves business continuity and unlocks new value. 2. Preparation: Build a Foundation for Success Preparation is the cornerstone of a smooth migration. Document your existing configurations, export and convert SSL/TLS certificates, and update backend services to leverage Azure’s intelligent routing and monitoring. Reduce DNS TTL values to enable rapid cutover and minimize downtime. Leverage Infrastructure as Code to deploy Azure resources with speed and consistency, ensuring your environment is ready for transformation. 3. Migration Execution: Seamless Transition, Minimal Disruption Deploy Azure Application Gateway and backend resources in parallel with your AWS environment. Validate routing, security, and health probe configurations to ensure flawless operation. During DNS cutover, monitor propagation and service health to deliver a seamless experience for your users. Azure’s integrated diagnostics and monitoring tools provide real-time visibility, empowering you to resolve issues proactively and maintain peak performance. 4. Validation and Optimization: Drive Continuous Improvement Success is measured by outcomes—performance, reliability, and user satisfaction. Compare Azure metrics against your AWS baselines, validate routing accuracy, and test failover scenarios. Use Azure Monitor and Log Analytics to gain actionable insights and optimize your configuration. Embrace an iterative approach to refine your environment, ensuring it evolves with your business needs. Best Practices for Enterprise Migration Leverage Azure’s integrated ecosystem: Use Key Vault for secure certificate management, Monitor for deep observability, and WAF for robust protection. Automate and standardize: Adopt Infrastructure as Code for repeatable, error-free deployments. Test and validate: Employ automated and manual testing to ensure every capability meets your requirements. Minimize downtime: Plan cutover during low-traffic periods and prepare rollback strategies for business assurance. Monitor and optimize: Continuously improve with Azure’s analytics and alerting tools. The Azure Advantage: Empower Your Business Migrating to Azure Application Gateway is a catalyst for digital transformation. With Microsoft’s commitment to security, reliability, and innovation, your organization is equipped to thrive in a dynamic marketplace. Ready to unlock the full potential of your cloud strategy? Discover Azure Application Gateway best practices and join the leaders who are shaping the future of cloud networking.
