Accelerate Cloud Migration with Wave Planning in Azure Migrate
Introduction Migrating to the cloud is more than a technical upgrade - it's a strategic leap toward agility, scalability, and innovation. Yet, for many organizations, the journey can feel overwhelming, with complex dependencies and business risks threatening to slow progress. Today, we’re excited to announce the public preview of wave planning in Azure Migrate - a new capability designed to make large-scale migrations more manageable and predictable. With wave planning, you can now organize your migration journey into logical, iterative waves, enabling your teams to plan, execute, and track progress with greater speed, confidence, and control. Key Benefits: Accelerate migrations: Quickly identify and prioritize “quick win” workloads and applications by surfacing relevant information from discovery and assessments. Reduced risks: Group systems that work together using application grouping, dependency analysis and tags allowing safer iterative planning. Increased predictability: Visualize migration progress and timelines centrally, enabling continuous feedback and proactive adjustments. Application-centric migrations and modernization: Plan, execute, and track every step at the application level for greater control and business alignment. Wave Planning in Azure Migrate Concepts and Stages Planning Stage During the planning stage, you can organize their applications and workloads into waves and determine the order in which these groups will be migrated. By doing so, you can establish a comprehensive plan that outlines the specific steps, timelines, and resources required for each wave, ensuring a structured and efficient approach to migration and modernization. Key aspects of the wave planning in this stage includes: Group and sequence applications and workloads using tags, dependency analysis, and workload data. Set Azure targets and migration tools based on Azure Migrate assessment recommendations. Outline planning steps, timelines, and create a wave plan for application migration and modernization. Execution Stage Using wave planning you can perform the migration and modernization activities of the application withing the wave, as per the plan and track the progress as workloads are moved, tested, and migrated / modernized in Azure. Key aspects of wave planning at this stage includes: Centrally track migration and modernization activities for all applications and workloads within the wave. You can start migrating servers and databases using Server migration and Azure database Migration Service using in-product integrations. Integrated end-to-end workflows to facilitate server migrations from on-premises environments and various public clouds to Azure Virtual Machines. Monitor and visualize wave timelines in relation to planned migration and modernization dates and implement corrective actions as required based on status updates. In a nutshell, wave planning transforms migration from a one-time event into a continuous journey of improvement. By iterating, learning, and adapting, organizations build institutional knowledge, reduce risk, and unlock the full benefits of cloud adoption. Getting Started Ready to accelerate your migration? Get start today: Learn more about using Azure Migrate – Wave planning. Explore wave planning guidance through the Cloud Adoption Framework. Learn more about Azure Migrate. Checkout application-centric migration in Azure Migrate.Migrate or modernize your applications using Azure Migrate
Introduction Moving to cloud is an essential step for enterprises looking to leverage the benefits of security, innovation (AI), scalability, flexibility, and cost-efficiency. To help unlock these benefits migration or modernization to Azure is critical for reasons such as colocation of IT assets. A crucial part of this transformation is understanding the current state of your IT infrastructure, including workloads, applications, and their interdependencies. Cloud migration is most effective when you can decide, plan and execute it holistically focusing on applications rather than focusing on individual servers or workloads in isolation. In our endeavour to both simplify and enrich your cloud adoption journey, we are evolving Application awareness in Azure Migrate that we introduced last year with features summarized below. Overview “The new design of Azure Migrate is much more intuitive, it allows us to group workloads into applications and track them throughout the migration journey. The Business Case Generator is a true game changer, providing insights that are ready for presentation at Leadership meetings. Azure Migrate continues to improve, making the execution of migration programs more seamless, faster, and secure. It has been an invaluable tool for our customers who are in the path of migrating to Azure” - Karthik Balachandran | Architect | EY Azure Migrate delivers a major evolution in cloud migration capabilities with application awareness. Here are key new features and why they matter: Multi-Server Dependency Mapping – Provides a holistic view of application topology, so you understand all server interactions before migrating. This reduces risk by ensuring no server is left behind and dependencies are respected during cloud transition. Software & Security Insights– Offers built-in intelligence on software inventory and vulnerabilities (e.g. highlighting outdated software and missing patches). This helps improve your environment’s security and stability as part of the migration journey, benefiting IT admins and security teams. Application definition & import– Allows you to treat applications as first-class citizens in Azure Migrate (not just tag groupings). You can create and manage app groupings easily, enabling a shift from managing individual workloads to managing whole applications in your migration project. Application migration or modernization RoI – Allows you to identify investments required in respective migration strategies as well as savings that would accrue as application are moved to Azure. Application Assessments– Delivers holistic migration plans per app, including recommended strategies (Rehost, Replatform, Refactor), target Azure services, sizing, cost estimates, and readiness checks. This empowers cloud architects to make informed decisions with an application-level focus. Code insight integration – GitHub Copilot assessment – Enables a developer-driven assessment loop by incorporating GitHub App Modernization Assessment reports. This tightens collaboration with dev teams and can dynamically adjust migration recommendations (e.g., flagging apps that need refactoring). CAST Highlight– Brings code-level analytics at scale into the migration plan. By importing CAST’s code scan results, you can identify technical debt and required code changes upfront, ensuring the recommended cloud approach truly fits the app’s codebase. Wave Planning with 1P Tool Integration– Provides a planning and execution framework to migrate in phases and launch the appropriate migration tools for each component seamlessly. This ensures end-to-end coverage – from migration scheduling to real-time execution – all within Azure Migrate. Capability deep dive Identify your applications using multi-server dependency mapping and subsequently define them One of the first steps in cloud migration planning is identifying application boundaries and dependencies. Azure Migrate’s new multi-server dependency mapping provides a rich visualization of how servers communicate with each other in your environment. This goes beyond the single-server dependency view of the past – now you can visualize an entire datacenter’s topology in one view. When you discover your on-premises environment, Azure Migrate’s agentless dependency analysis automatically begins mapping connections. It even measures connection strength, helping distinguish steady, critical communication from ephemeral connections. You can subsequently define applications, and assign metadata such as Name, type – Custom or Packaged (Commercial off the shelf), Criticality, Complexity (based on the number of dependencies), etc. Additionally, you can export your discovered inventory, assign application names in a spreadsheet, and import it back to quickly create many application grouping. You are free to refine or correct groupings, too. If during analysis you realize a server or workload was grouped incorrectly, simply update the application to add or remove that member (with no need to re-run discovery). Deleting an application grouping will not delete the underlying servers; it just removes the logical app wrapper, so you can reorganize safely as needed. Now, you can plan migrations by application units rather than individual workloads. This leads to more predictable outcomes (since all interdependent pieces move together), and it eliminates guesswork that used to come from manually correlating server relationships. Proactive Software and Security Insights Migration is not just about moving workloads – it’s an opportunity to remediate and improve what you have. The new Software and Security Insights surface critical information about your IT estate early on, so you can address potential issues before migration. Once your inventory is discovered, Azure Migrate now highlights: Software Insights:The portal flags certain software or OS components that might need attention or have cloud-friendly alternatives. For example, it might detect that some VMs run outdated middleware or unsupported OS versions. The tool provides recommendations for replacement or upgrade – e.g. suggesting you Repurchase a legacy product through Azure Marketplace or move to a SaaS solution for that functionality. This helps you plan modernization (repurchasing or upgrading software) as part of the migration project, rather than carrying technical debt to the cloud. Security Insights:Azure Migrate also integrates with security monitoring to detect vulnerabilities and missing updates in your servers. More importantly, it advises how to fix them: e.g. enabling Microsoft Defender for Cloud to address vulnerabilities, and using Azure Update Manager to apply pending updates. In essence, you get a mini security assessment alongside your inventory. These insights empower IT admins and security teams to tackle risks as part of migration planning. Rather than “lift-and-shift and then fix later,” you can remediate issues in parallel with migration, leading to a more secure and optimized environment on Azure. RoI for modernizing applications We are bringing in updates to Azure Migrate Business case to help ascertain the value you stand to gain by modernizing your applications – Custom or Packaged, as well as providing spend analysis across recommended migration strategies – Rehost, Replatform and Refactor. Holistic application assessments covering Infra-Data-Web tiers Application assessment builds on Azure Migrate’s existing server, database and webapp assessments, to give a migration game-plan for an entire application. It analyzes each component and then recommends An overall migration strategyamong Rehost, Replatform and Refactor, for the application under consideration. Migration readiness, and blockers that need to be addressed for respective strategy Target Azure Services and SKUs for workloads comprising the application Monthly cost estimates to run the application on Azure Migration tooling recommendations per workload comprising the application. Instead of piecemeal workload assessments, Cloud architects get a unified view per application – making it much easier to prioritize and plan. For example, you might discover that one application is an easy rehost (quick win), while another would clearly benefit from refactoring to eliminate costly components. Application assessments surface such insights with data, so stakeholders (including application owners and developers) can agree on a path forward with confidence. Ultimately, this leads to high-confidence migration plans and minimizes surprises during execution. Improve analysis with Code-Level Insights from Github Copilot assessment and CAST Most times, whether an application can be easily Replatformed or needs Refactoring depends on the application’s source code. Hence, we are bridging the gap between infrastructure and application development realities and are offering Integration with code analysis tools – GitHub Copilot assessment and CAST Highlight – to incorporate code-level insights into Azure Migrate’s recommendations. Talking about GitHub copilot – it is an indispensable tool for the application development. Developers can identify changes required in the code bases of their applications to make them ready for modernization to PaaS services such as AKS, App Service, etc. The cloud architect running Azure Migrate application assessment can request the application developers to ingest the code change insights from GitHub copilot assessment into Azure Migrate assessment. Once this report is ingested, you’ll see the Azure Migrate assessment refine its recommendations conclusively – such readiness, effort to make the code changes, migration strategy – depending upon whether the code changes are minimal or significant. Similarly, at-scale/ portfolio level code analysis performed using CAST Highlight, a prominent software intelligence platform, can be imported into Azure Migrate to improve the assessment recommendations. In practice, this means Azure Migrate will know if the code has, say, outdated libraries or many hard-coded dependencies that make cloud migration harder. Overall, the integration of code insights leads to more realistic migration plans and smoother hand-offs between cloud infrastructure teams and dev teams. Wave Planning and Integrated Migration Execution After discovering applications, assessing them, and incorporating any code insights, you’re ready to migrate or modernize – but large migrations often happen in phases. That’s where the new Wave Planning feature comes in. Wave planning in Azure Migrate helps you organize and sequence the actual migration execution in waves or batches, plan the migration activities and execute using integrated first party migration tools and track the end-to-end migrations; thereby providing a single place where different users – Cloud architects, developers, application owners, etc. can collaborate and coordinate through the migration journey. If your strategy for an application (or a particular server in the application) is Rehost (lift-and-shift to Azure VMs), Azure Migrate will use its built-in Server Migration capability. You can start the replication of that server to Azure right from the wave plan. If your strategy is Replatform or Refactor and involves migrating data, the wave plan can redirect you to Azure Database Migration Service (DMS). All these integrations mean you can coordinate multi-step migrations from one place. Wave planning is aware of various target strategies and helps orchestrate them, so cloud administrators don’t have to juggle separate tool interfaces for VMs vs. databases vs. web apps. As each part of a wave completes, Azure Migrate updates the wave status for Rehost scenarios and users can manually update the status’ for Refactor or Replatform scenarios where some steps may take out of band. Interested in trying the new feature set and experience? All the above features are available in Azure Migrate now (in preview as of 7 th November, 2025). Just create a new Azure Migrate project and you’ll be greeted with the new interface. From there, you can start defining applications and exploring these capabilities with your own data. About Azure Migrate Azure Migrate is Microsoft’s free platform for migrating and modernizing to Azure. It provides IT resource discovery, assessment, business case analysis, wave planning, migration, and modernization capabilities in a workload agnostic manner. You can run and monitor your migration/ modernization journey from a single, secure portal. Currently, Azure Migrate's application aware experience supports the discovery of following workloads: Windows Server, Linux Server, SQL Server, PostgreSQL, .NET webapp on IIS, and Java on Tomcat running on various platforms including, VMware, Microsoft, Bare-metal, AWS EC2, GCP CE, and Xen. Further, it supports assessments and wave planning for Azure VM, Azure VMware Solution (AVS), Azure SQL Managed Instance, Azure SQL Database, Azure Database for PostgreSQL Flexible Server, App Service Code, App Service Containers, and Azure Kubernetes Service. Last, it supports in-line Lift and Shift migration to Azure VM and Azure Local. Note: MySQL discovery and assessment is available in the classic experience only
Unlock cost savings with utilization-based storage recommendations in Azure Migrate
We’re thrilled to announce a game-changing enhancement in Azure Migrate. The storage utilization-based recommendations, a feature designed to help you right-size your storage workloads and maximize savings. By focusing on actual storage usage instead of allocated capacity, you can significantly reduce costs and accelerate their cloud journey. This feature brings a new level of precision to your migration planning and business case. Why This Matters In our analysis across thousands of on-premises environments, we observed a striking trend: nearly 40% of allocated storage is overprovisioned. This means customers are paying for capacity they don’t actually use. Traditional assessments often rely on allocated storage, leading to inflated cost estimates and suboptimal resource planning. What’s New Azure Migrate now honors actual storage utilization rather than allocated capacity when generating: Assessment recommendations for right-sizing your storage workloads. Business case calculations for accurate cost projections. This shift ensures: Lower migration cost projections: Pay for what you use, not what you’ve overprovisioned. Optimized cloud footprint: Reduce unnecessary storage allocation in Azure. Faster ROI: Build a business case that reflects true utilization, accelerating decision-making. Customer Impact By leveraging utilization-based insights, organizations can unlock significant savings and operate with greater efficiency. For example, if 40% of your storage is overprovisioned, this feature could cut your projected Azure storage costs dramatically, freeing up budget for innovation. How to Get Started Deploy an appliance in your on-premises environment. Build the business case or create an Azure Migrate Assessment for your on-premises workloads. Review the utilization-based recommendations in your assessment report or business case. Learn More Visit Azure Migrate documentation for detailed guidance and start optimizing your migration journey today.Empower your migration decisions with negotiated agreements (EA/MCA) in Azure Migrate
Cost plays the most important part in cloud migration accelerating the decisions. Organizations often hesitate because retail pricing doesn’t reflect their reality. That’s where Microsoft Customer Agreement (MCA) comes in, offering discounts of up to 60% off retail prices, based on your negotiated contract. Now, with Azure Migrate’s support for MCA pricing, you can bring those negotiated rates directly into your assessments. The result? Accurate cost projections, faster decision-making, and a clear path to the cloud. What is MCA? The Microsoft Customer Agreement (MCA) is a modern, flexible purchasing agreement designed to simplify how organizations buy and manage Microsoft services. It replaces older, complex agreements like the Enterprise Agreement (EA) for many customers, offering: Simplified Terms: A single, digital agreement that covers all Microsoft services. Flexible Purchasing: Pay-as-you-go or commit to specific services based on your needs. Negotiated Discounts: Depending on your contract, MCA can offer up to 60% off retail pricing, making Azure more cost-effective. Centralized Billing: Consolidated invoices and transparent cost tracking across subscriptions. With MCA, customers gain predictability, transparency, and control over their cloud spend—critical for planning large-scale migrations. Why MCA Integration in Azure Migrate Matters Previously, Azure Migrate assessments used standard retail pricing, which often didn’t reflect your negotiated terms. This created uncertainty and slowed decision-making. Now, by integrating MCA pricing: No More Guesswork: Assessments reflect your actual negotiated rates. True Cost Visibility: Understand the real financial impact of your migration strategy. Better Planning: Prioritize workloads and optimize budgets with confidence. How It Works? It is very simple to create assessments with negotiated agreement. Just start from the overview click on Create Assessment, add all the required workloads to the assessment scope. Once you move ahead in general settings select Microsoft Customer Agreement (MCA) as Offer/License program and in the Subscription Id field select the appropriate subscription id. After the assessments are created visualize and compare the costs with retail pricing and MCA cost to compare. Key benefits Accuracy: Realistic cost projections based on your MCA. Flexibility: Model multiple migration scenarios with confidence. Speed: Eliminate manual adjustments and accelerate planning. Ready to Get Started? Don’t let cost ambiguity slow down your cloud journey. Start leveraging MCA-powered assessments in Azure Migrate today and move forward with confidence. 👉 Learn more and get started: Assessment Properties - Azure Migrate | Microsoft LearnAzure Migrate: Connected Experiences
Shiva Shastri Sr Product Marketing Manager, Azure Migrate—Product & Ecosystem. Modernization in motion: Evolving at the speed of change. Modernization is the process of transforming legacy IT systems into technologies and architectures that improve agility, scalability, performance and cost-efficiency. It enables businesses to stay competitive by aligning their capabilities with evolving customer and market demands. Modernization is not a one-time event with a finish-line but a continuous journey of evolution. As technology, customer expectations, and competitive landscapes shift, so must the systems and processes that support them. Cloud-native architectures are inherently aligned with modernization while providing access to innovations such as AI. By treating modernization as an ongoing discipline, organizations can stay ahead of disruption, adapt faster to change, and unlock new opportunities. This ability to move faster and smarter is fully realized in Azure — where modernization becomes both a technical upgrade and a strategic advantage. It enables organizations to refocus on core priorities, respond to market shifts in real time, and reduce operational costs. At the heart of this transformation is Azure Migrate — Microsoft’s free, unified platform for cloud migration and modernization. It offers comprehensive capabilities including IT resource discovery, assessment, business case analysis, planning, and execution — all in a workload-agnostic manner. From a single, secure portal, users can manage and monitor the entire journey and cut over to production in Azure with confidence. Today, we’re excited to introduce several impactful Azure Migrate features designed to help you move your on-premises workloads to Azure more efficiently: Accelerated migration and modernization to the cloud. Azure Migrate Agentic method offers an intuitive and insightful approach to cloud transformation. AI assistance assesses on-prem environments, identifies dependencies, and orchestrates workload transitions with minimal manual intervention. By continuously adapting and delegating activities to the appropriate persona, the agents streamline complex migration paths, reduce risk, and accelerate time-to-value. For organizations moving to Azure, the agentic method provides a fast, frictionless route, turning what was once a daunting task into a guided, efficient journey toward modernization. Infrastructure as Code (IaC) plays a pivotal role in cloud migration and modernization by enabling organizations to automate the provisioning and management of infrastructure through code. This approach ensures consistency, scalability, and repeatability across environments, reducing manual errors and accelerating deployment timelines. Azure Migrate now supports IaC, thus simplifying the transition from legacy systems to cloud-native architectures by codifying infrastructure configurations, making it easier to replicate and validate setups. Comprehensive coverage and consistent user experience for your IT estate. No single migration or modernization tool can address the full spectrum of enterprise scenarios and technologies. That’s why Azure Migrate takes a platform-centric approach — delivering a unified, intelligent experience that spans the entire IT estate. By seamlessly interoperating with specialized tools like Database Migration Service (DMS) and GitHub Copilot (GHCP), Azure Migrate empowers organizations to modernize with confidence, flexibility, and speed. Advanced capabilities like 6R analysis — Rehost, Refactor, Rearchitect, Rebuild, Replace, and Retire — empower organizations to tailor modernization strategies to each application, driving smarter, scenario-specific decisions. Support for migration of Arc-enabled resources extends Azure Migrate’s management and governance capabilities to hybrid and multi-cloud environments, ensuring consistency and control regardless of where workloads reside. Additionally, support for Rocky Linux, PostgreSQL, and application awareness empowers teams to assess entire open-source application stacks with dependencies for readiness to migrate to Azure. Secure by design with human in-the-loop. Azure Migrate has recently introduced several security enhancements that reinforce Microsoft's commitment to a "secure by design" and "secure by default" approach. Among the key updates is the friction-free collector, which simplifies secure data collection for migration assessments while minimizing exposure risks. The friction-free discovery in Azure Migrate eliminates the need for deploying discovery appliances for initial assessments. As a result, it accelerates time-to-value, reduces setup complexity, and aligns well with security-conscious environments, making it an efficient and low-risk way to begin cloud migration planning. Azure Migrate supports Private Link and disabling public network access, ensuring that migration traffic remains within secure, private channels. Additionally, the platform enforces data encryption both in transit and at rest, with options for customer-managed keys, and integrates tightly with Azure Key Vault for secure credential and secret management. A security vulnerability report during migration and modernization identifies misconfigurations, outdated components, or exposed services, and the report provides actionable insights that align with Microsoft Defender for Cloud (MDC) threat protection and posture management capabilities. This allows teams to proactively remediate risks and apply MDC’s security controls ensuring the environment is secure from day-1 in Azure. As organizations navigate shifting markets, supply chains, and climate challenges, sustainability has become a strategic imperative. Azure’s carbon optimization capabilities provide clear visibility into potential emission reductions and cost savings, helping IT teams prioritize impactful actions. By unifying planning, execution, and continuity across infrastructure and applications, Azure delivers a consistent modernization experience. Ultimately, cloud-powered innovation enables businesses to drive efficiency, reduce environmental impact, and stay competitive in a rapidly evolving landscape. Learn more Start with a free Azure account if you are new. Sign up for previews of new capabilities and learn more about the workload agnostic method of Azure Migrate. For expert migration help, please try Azure Accelerate. You can also contact your preferred partner or Microsoft field for next steps. Get started in Azure today!Migrating Application Load Balancer from AWS to Azure Application Gateway
Accelerate Innovation and Business Growth with Azure In today’s digital-first world, organizations are reimagining their cloud architectures to drive agility, resilience, and growth. Migrating your application load balancing from AWS Application Load Balancer (ALB) to Azure Application Gateway is more than a technical upgrade—it’s a strategic move to future-proof your business. Azure Application Gateway delivers enterprise-grade performance, security, and flexibility, empowering you to unlock new opportunities and maximize your cloud investment. Key Insights for a Successful Migration 1. Strategic Assessment: Map Capabilities and Opportunities Begin your journey by evaluating your current AWS ALB environment. Identify critical features—path-based routing, health checks, SSL/TLS termination, autoscaling, and security integrations. Map these capabilities to Azure Application Gateway’s advanced features, including zone redundancy, integrated Web Application Firewall (WAF), and seamless certificate management with Azure Key Vault. This assessment is your blueprint for a migration that preserves business continuity and unlocks new value. 2. Preparation: Build a Foundation for Success Preparation is the cornerstone of a smooth migration. Document your existing configurations, export and convert SSL/TLS certificates, and update backend services to leverage Azure’s intelligent routing and monitoring. Reduce DNS TTL values to enable rapid cutover and minimize downtime. Leverage Infrastructure as Code to deploy Azure resources with speed and consistency, ensuring your environment is ready for transformation. 3. Migration Execution: Seamless Transition, Minimal Disruption Deploy Azure Application Gateway and backend resources in parallel with your AWS environment. Validate routing, security, and health probe configurations to ensure flawless operation. During DNS cutover, monitor propagation and service health to deliver a seamless experience for your users. Azure’s integrated diagnostics and monitoring tools provide real-time visibility, empowering you to resolve issues proactively and maintain peak performance. 4. Validation and Optimization: Drive Continuous Improvement Success is measured by outcomes—performance, reliability, and user satisfaction. Compare Azure metrics against your AWS baselines, validate routing accuracy, and test failover scenarios. Use Azure Monitor and Log Analytics to gain actionable insights and optimize your configuration. Embrace an iterative approach to refine your environment, ensuring it evolves with your business needs. Best Practices for Enterprise Migration Leverage Azure’s integrated ecosystem: Use Key Vault for secure certificate management, Monitor for deep observability, and WAF for robust protection. Automate and standardize: Adopt Infrastructure as Code for repeatable, error-free deployments. Test and validate: Employ automated and manual testing to ensure every capability meets your requirements. Minimize downtime: Plan cutover during low-traffic periods and prepare rollback strategies for business assurance. Monitor and optimize: Continuously improve with Azure’s analytics and alerting tools. The Azure Advantage: Empower Your Business Migrating to Azure Application Gateway is a catalyst for digital transformation. With Microsoft’s commitment to security, reliability, and innovation, your organization is equipped to thrive in a dynamic marketplace. Ready to unlock the full potential of your cloud strategy? Discover Azure Application Gateway best practices and join the leaders who are shaping the future of cloud networking.
Pre-Migration Vulnerability Scans:
Migrating applications to the cloud or modernizing infrastructure requires thorough preparation. Whether it’s a cloud platform, a new data center, or a hybrid infrastructure — is a complex process. While organizations focus on optimizing performance, costs, and scalability, security often takes a backseat, leading to potential risks post-migration. One crucial step before migration is conducting a pre-migration scan to identify security vulnerabilities, licensing risks, and code quality issues. Several tools help in pre-migration scanning, including Blackduck, Coverity, Gitleaks, and Semgrep. In this article, we will explore the role of these tools in migration readiness. Why Perform a Pre-Migration Scan? When an application moves from an on-premises environment to the cloud, it interacts with new infrastructures, security models, and compliance regulations. Security scanning tools analyze various aspects of an application, including: Source Code: Detects insecure coding practices, injection vulnerabilities, and logic flaws. Third-Party Dependencies: Identifies vulnerabilities in open-source libraries and software components. Secrets & Credentials: Scans for hardcoded passwords, API keys, and authentication tokens. Infrastructure as Code (IaC): Checks for misconfigurations in Terraform, Kubernetes, Docker, and cloud resources. Compliance Risks: Ensures adherence to security standards like SOC 2, GDPR, HIPAA, and NIST. A pre-migration scan helps in: Identifying Security Vulnerabilities — Detecting potential security threats before moving to the cloud. Ensuring License Compliance — Avoiding open-source license violations. Code Quality Assurance — Identifying issues that could lead to performance degradation post-migration. Reducing Migration Risks — Understanding potential blockers early in the process. Optimizes Performance: Detecting inefficiencies early reduces technical debt. What to use? One of the biggest challenges organizations face during migration is understanding where vulnerabilities exist within their application. This is where scanning tools come into play, each addressing a specific aspect of security and compliance. Take BlackDuck, for instance. Many applications rely on open-source components, but these dependencies come with risks. BlackDuck helps teams analyze these libraries, identifying outdated dependencies and ensuring compliance with licensing policies. If an application heavily relies on open-source libraries, it should be prioritized to check for outdated or vulnerable dependencies. Key Features: Detects Open-Source Vulnerabilities: Identifies known CVEs (Common Vulnerabilities and Exposures) in third-party libraries. License Compliance Management: Ensures adherence to open-source licenses like GPL, MIT, Apache, etc. Integration with DevOps: Works seamlessly with CI/CD pipelines to automate security checks. Then there’s Coverity, which tackles security flaws hidden in the source code. A migration process should not only move applications but also ensure they are stable and secure in the new environment. Coverity, a Static Application Security Testing (SAST) tool, scans code for potential weaknesses — whether it’s SQL injection, cross-site scripting (XSS), or memory leaks. By fixing these defects before migration, teams can prevent costly failures post-deployment. Key Features: Deep Code Analysis: Identifies issues such as buffer overflows, SQL injection, cross-site scripting (XSS), and memory leaks. Supports Multiple Languages: Works with C, C++, Java, JavaScript, Python, Go, and more. Seamless CI/CD Integration: Can be integrated into GitHub, GitLab, and Azure DevOps workflows. Another key concern is secrets management. Hardcoded API keys, passwords, and tokens often find their way into repositories, creating a massive security risk. Gitleaks scans Git repositories to detect and eliminate these vulnerabilities before they can be exploited. Imagine pushing an application to the cloud, only to realize that an exposed API key is granting unauthorized access to critical services. By integrating Gitleaks into the pre-migration process, organizations can avoid such missteps. Key Features: Scans for Hardcoded Secrets: Detects sensitive information in commits, branches, and history. Pre-Commit Hooks: Prevents secrets from being pushed to Git repositories. Customizable Rulesets: Allows teams to define their own secret detection policies. Compatible with GitHub & GitLab: Easily integrates with popular version control platforms. Finally, Semgrep provides a flexible approach to enforcing security best practices. Unlike traditional scanning tools, it allows teams to define custom security rules to catch coding patterns that may lead to vulnerabilities. Whether it’s identifying misconfigurations or enforcing secure coding standards, Semgrep adds an extra layer of protection, ensuring applications follow best practices before going live in the cloud. Comparing the Tools: Tool Primary Use Case Best for CI/CD Integration BlackDuck Open-source security & license compliance Dependency scanning Yes Coverity Static code analysis Code vulnerabilities Yes Gitleaks Secret & credential scanning Preventing secret leaks Yes Semgrep Customizable code analysis Secure coding & policy enforcement Yes Intergration with the code: Automation is key to ensuring that security scans are not overlooked or treated as one-time activities. To streamline the process, organizations integrate these scanning tools directly into their Continuous Integration/Continuous Deployment (CI/CD) pipeline, ensuring security checks are part of every development cycle. A typical setup involves defining a pipeline configuration that automates the execution of each tool at various stages: Once the scans are complete, the results are typically stored as JSON reports in pipeline artifacts or logging systems, making it easy to track, analyze, and prioritize issues before proceeding with the migration. By integrating these tools into the CI/CD pipeline, security becomes an automated and continuous process, rather than a last-minute checkpoint. Challenges in Pre-Migration Security Scanning False Positives: Some tools generate excessive alerts, requiring manual verification. Lack of Security Awareness: Developers may not be trained to interpret scan results effectively. Integration with DevOps: Security scans must fit into existing CI/CD pipelines without slowing down deployments. Handling Legacy Code: Older applications may contain security issues that modern tools struggle to assess. Conclusion By proactively addressing these challenges and incorporating security scanning into the migration strategy, organizations can minimize risks and ensure a smooth, secure transition to their new environment. However, scanning alone is not enough. Following best practices — such as defining a security baseline, automating security checks in CI/CD pipelines, prioritizing remediation, and securing the migration process — ensures a smooth, risk-free transition. A secure migration is not just about moving workloads; it’s about ensuring that security remains a top priority at every stage. By taking a proactive security approach, organizations can prevent security incidents before they happen, making the migration process safer, smoother, and more resilient.Azure VMware Solution now available in Korea Central
We are pleased to announce that Azure VMware Solution is now available in Korea Central. Now in 34 Azure regions, Azure VMware Solution empowers you to seamlessly extend or migrate existing VMware workloads to Azure without the cost, effort or risk of re-architecting applications or retooling operations. Azure VMware Solution supports: Rapid cloud migration of VMware-based workloads to Azure without refactoring. Datacenter exit while maintaining operational consistency for the VMware environment. Business continuity and disaster recovery for on-premises VMware environments. Attach Azure services and innovate applications at your own pace. Includes the VMware technology stack and lets you leverage existing Microsoft licenses for Windows Server and SQL Server. For updates on current and upcoming region availability, visit the product by region page here. Streamline migration with new offers and licensing benefits, including a 20% discount. We recently announced the VMware Rapid Migration Plan, where Microsoft provides a comprehensive set of licensing benefits and programs to give you price protection and savings as you migrate to Azure VMware Solution. Azure VMware Solution is a great first step to the cloud for VMware customers, and this plan can help you get there. Learn MoreMigration planning of MySQL workloads using Azure Migrate
In our endeavor to increase coverage of OSS workloads in Azure Migrate, we are announcing discovery and modernization assessment of MySQL databases running on Windows and Linux servers. Customers previously had limited visibility into their MySQL workloads and often received generalized VM lift-and-shift recommendations. With this new capability, customers can now accurately identify their MySQL workloads and assess them for right-sizing into Azure Database for MySQL. MySQL workloads are a cornerstone of the LAMP stack, powering countless web applications with their reliability, performance, and ease of use. As businesses grow, the need for scalable and efficient database solutions becomes paramount. This is where Azure Database for MySQL comes into play. Migrating from on-premises to Azure Database for MySQL offers numerous benefits, including effortless scalability, cost efficiency, enhanced performance, robust security, high availability, and seamless integration with other Azure services. As a fully managed Database-as-a-Service (DBaaS), it simplifies database management, allowing businesses to focus on innovation and growth. What is Azure Migrate? Azure Migrate serves as a comprehensive hub designed to simplify the migration journey of on-premises infrastructure, including servers, databases, and web applications, to Azure Platform-as-a-Service (PaaS) and Infrastructure-as-a-Service (IaaS) targets at scale. It provides a unified platform with a suite of tools and features to help you identify the best migration path, assess Azure readiness, estimate the cost of hosting workloads on Azure, and execute the migration with minimal downtime and risk. Key features of the MySQL Discovery and Assessment in Azure Migrate The new MySQL Discovery and Assessment feature in Azure Migrate (Preview) introduces several powerful capabilities: Discover MySQL database instances: The tool allows you to discover MySQL instances within your environment efficiently. By identifying critical attributes of these instances, it lays the foundation for a thorough assessment and a strategic migration plan. Assessment for Azure readiness: The feature evaluates the readiness of your MySQL database instances to migrate to Azure Database for MySQL – Flexible Server. This assessment considers several factors, including compatibility and performance metrics, to ensure a smooth transition. SKU recommendations: Based on the discovered data, the tool recommends the optimal compute and storage configuration for hosting MySQL workloads on Azure Database for MySQL. Furthermore, it provides insights into the associated costs, enabling better financial planning. How to get started? To begin using the MySQL Discovery and Assessment feature in Azure Migrate, follow this five-step onboarding process: Create an Azure Migrate Project: Initiate your migration journey by setting up a project in the Azure portal. Configure the Azure Migrate Appliance: Use a Windows-based appliance to discover the inventory of servers and provide guest credentials for discovering the workloads and MySQL credentials to fetch database instances and their attributes. Review Discovered Inventory: Examine the detailed attributes of the discovered MySQL instances. Create an Assessment: Evaluate the readiness and get detailed recommendations for migration to Azure Database for MySQL. For a detailed step-by-step guidance check out the documentation for discovery and assessment tutorials. Documentation: Discover MySQL databases running in your datacenter Assess MySQL database instances for migration to Azure Database for MySQL Share your feedback! In summary, the MySQL Discovery and Assessment feature in Azure Migrate enables you to effortlessly discover, assess, and plan your MySQL database migrations to Azure. Try the feature out in public preview and fast-track your migration journey! If you have any queries, feedback or suggestions, please let us know by leaving a comment below or by directly contacting us at AskAzureDBforMySQL@service.microsoft.com. We are eager to hear your feedback and support you on your journey to Azure.
