A Guide to Adaptive Cloud at Microsoft Ignite 2025
Get ready to supercharge your Ignite experience! This guide is your go‑to playbook for all things Adaptive Cloud. You’ll find clear pointers on where to learn about the latest updates for unifying hybrid, multicloud, and edge environments, with the latest updates from Azure Monitor, Azure Local, Azure Backup, and more. Connect with experts and peers, prioritize sessions, and navigate the event flow with quick links to the session catalog and resources to confirm times and locations throughout the event. We can’t wait to connect!Operate everywhere with AI-enhanced management and security
Farzana Rahman and Dushyant Gill from Microsoft discuss new AI-enhanced features in Azure that make it simpler to acquire, connect, and operate with Azure's management offerings across multiple clouds, on-premises, and at the edge. Key updates include enhanced management for Windows servers and virtual machines with Windows Software Assurance, Windows Server 2025 hotpatching support in Azure Update Manager, simplified hybrid environment connectivity with Azure Arc gateway, a multicloud connector for AWS, and Log Analytics Simple Mode. Additionally, Azure Migrate Business Case helps compare the total cost of ownership, and new Copilot in Azure capabilities that simplify cloud management and provide intelligent recommendations.Harnessing the multicloud advantage: Comparing AWS and Azure network designs
This post is part of a series on replicating apps from AWS to Azure. View all posts in this series. To simplify your app replication, understanding how AWS and Azure approach networking—such as routing, connectivity, private access, and hybrid integration—can help you quickly align infrastructure components across clouds. This ensures consistent performance, security, and connectivity for your customers as you extend your offer to Azure. You can also join ISV Success to get access to over $126K USD in cloud credits, AI services, developer tools, and 1:1 technical consults to help you replicate your app and publish to Azure Marketplace. To replicate your app faster get cloud-ready reference code to replicate AWS apps to Azure. Software development companies looking to migrate or replicate their applications from AWS to Azure need to understand how networking services in both platforms compare. While AWS and Azure offer similar networking capabilities, key differences in architecture and service offerings can impact the overall solution design. This article provides a comparative overview of the networking services in AWS and Azure, focusing on their unique features and distinctions. By understanding these differences, software companies can make more informed decisions when architecting cloud-native solutions on either platform. The article explores networking services at a high level, with a deeper dive into critical areas such as peering, routing, and elastic load balancing, where the platforms diverge most significantly. Networking services overview Virtual networks & subnets AWS uses Virtual Private Cloud (VPC) to create isolated networks, spanning all Availability Zones within a region. VPCs support public and private subnets, with VPC peering routing traffic between VPCs using private IPv4 or IPv6 addresses. Azure uses Virtual Networks (VNets), which provide isolation within a region and can span multiple Availability Zones. Azure's VNet peering connects multiple VNets, making them appear as one for connectivity purposes, routing traffic through Microsoft's private network. In AWS, subnets are confined to a specific AZ, while Azure subnets are not tied to a specific Availability Zone. This allows zonal resources to retain their private IPs even when placed in different zones within a region. Peering In AWS and Azure, transitive peering is not natively supported with standard VPC Peering connections. For example, VPC-A and VPC-C cannot communicate directly if they are only peered through VPC-B. To enable transitive routing, AWS offers Transit Gateway, which connects multiple VPCs, allowing traffic between VPC-A and VPC-C. Azure provides Azure Virtual WAN, a centralized hub-and-spoke architecture that simplifies global network connections with built-in transitive routing. VNet Peering uses static routing without BGP, while Azure Virtual WAN supports BGP for branch and ExpressRoute connectivity. Additionally, Azure Virtual WAN now supports BGP for inter-regional hub-to-hub routing, enabling dynamic route propagation across hubs, similar to AWS Transit Gateway peering across regions. See Azure Virtual WAN Pricing for cost considerations. Below is an example of Azure VNet Peering. Traffic management services AWS features Elastic Load Balancing (ELB) with Classic, Application, and Network Load Balancers. Azure has Azure Load Balancer, Azure Application Gateway, and Traffic Manager for load distribution and traffic management. Below is an application of Multi-region load balancing with Traffic Manager, Azure Firewall, and Application Gateway. AWS provides a suite of load balancers including Application Load Balancer (ALB) for Layer 7 traffic, Network Load Balancer (NLB) for high-performance Layer 4 workloads, and Classic Load Balancer (CLB) as a legacy option. These services integrate with a broad set of AWS offerings such as EC2, ECS, and Lambda, and are complemented by Global Accelerator for improving global traffic performance. Azure’s approach to traffic management is more modular. Azure Load Balancer handles Layer 4 traffic and comes in Basic and Standard SKUs for varying scale and resiliency. For Layer 7 scenarios, Azure offers Application Gateway with features like SSL termination and integrated WAF. Azure Front Door adds global Layer 7 load balancing with content acceleration, while Azure Traffic Manager enables DNS-based routing with geo-failover. These services are often used in combination to build resilient architectures, rather than mirroring AWS's load balancer offerings one-to-one. Content delivery and optimization Both AWS and Azure provide robust content delivery network (CDN) services to accelerate the global delivery of content, applications, and APIs. AWS offers CloudFront, a globally distributed CDN service that integrates seamlessly with AWS services, enabling the fast delivery of web content, videos, and APIs to end users. On the Azure side, Azure Front Door acts as a modern, high-performance CDN that also includes advanced load balancing, security features, and seamless integration with Azure services. While both services focus on enhancing global content delivery, Azure Front Door goes a step further by offering enhanced scalability and secure user experiences for content-heavy applications and APIs. Routing & gateways AWS uses route tables associated with subnets in a VPC to direct traffic within and outside the network—for example, toward Internet Gateways, NAT Gateways, or VPN/Transit Gateways. Azure uses User-Defined Routes (UDRs), which can be applied to subnets in a Virtual Network (VNet) and managed centrally via Azure Network Manager. The diagram shows a spoke network group of two VNets accessing a DNS service through a Firewall, where UDRs created by Network Manager make this routing possible. AWS relies on explicit route configurations and services like Transit Gateway for transitive routing across VPCs. Azure creates system routes by default and allows UDRs to customize traffic flow to resources like VPN Gateways, NAT Gateways, or Network Virtual Appliances (NVAs). For internet egress, Azure currently allows implicit SNAT via Standard Public IPs or Load Balancers without outbound rules, but this behavior will be retired on September 30, 2025. After that, outbound access will require explicit configuration using a NAT Gateway, Load Balancer outbound rule, or Azure Firewall. Both platforms provide VPN solutions for hybrid connectivity. AWS supports Site-to-Site VPN for linking on-premises data centers with VPCs, and Client VPN for individual users. Azure offers Site-to-Site (S2S) and Point-to-Site (P2S) VPNs, as well as VNet-to-VNet connections for secure inter-region communication. These VPN services work with their respective routing infrastructures to support secure hybrid and multi-region deployments. DNS services DNS plays a foundational role in service discovery and network communication across both AWS and Azure environments. AWS offers Route 53, a scalable DNS service that supports both public and private hosted zones. It provides features like health checks, weighted routing, and integration with AWS services for domain resolution. Azure delivers similar functionality through Azure DNS for public DNS hosting and Azure Private DNS for internal name resolution within VNets. Azure Private DNS zones can be linked to one or more VNets, enabling seamless name resolution without custom DNS servers. These services are often used alongside load balancers and private endpoints to ensure consistent, secure access to application components. Private connectivity Both AWS and Azure offer dedicated, high-performance private connections to enhance security and reduce latency for hybrid and multi-cloud architectures. AWS provides Direct Connect, which establishes a dedicated network connection from an on-premises data center to AWS. This ensures a more consistent network experience, particularly for workloads requiring low latency or high throughput. Similarly, Azure offers ExpressRoute, a private, dedicated connection from on-premises infrastructure to Azure, bypassing the public internet. These private links typically use technologies like MPLS or Ethernet, depending on the provider and partner, offering better performance and reliability than traditional VPNs. ExpressRoute connections are often used for mission-critical workloads, offering greater reliability, faster speeds, and enhanced security. Security groups and network ACLs Network-level security AWS offers Security Groups (stateful) and Network ACLs (stateless) for network-level security. Security Groups are applied at the instance level, while NACLs work at the subnet boundary, adding an extra layer of filtering. Azure uses Network Security Groups (NSGs) and Application Security Groups (ASGs), which are fully stateful and simplify rule management. NSGs can be applied at both the subnet and network interface level. While Azure lacks a direct equivalent to stateless NACLs, NSGs typically offer enough granularity for most use cases. Azure also offers more granular traffic control with User-Defined Routes (UDRs) and the option to disable "Allow forwarded traffic" in virtual network peering settings. This ensures tight control or blocking of traffic even between peered VNets. Web Application Firewall (WAF) When it comes to Web Application Firewalls, AWS and Azure differ in design and deployment models. AWS WAF can be deployed as a standalone resource and attached to services like CloudFront, API Gateway, or the Application Load Balancer. This offers a high degree of flexibility but may require more hands-on setup and configuration. In contrast, Azure WAF is designed to work in close integration with services such as Application Gateway and Azure Front Door. While not standalone, central WAF policies allow consistent policy reuse across deployments. From a performance perspective, AWS WAF is recognized for its robust application-layer controls and ability to handle high traffic loads efficiently. Azure WAF is often noted for its ease of setup and the depth of its reporting and diagnostics. Private access to PaaS services and Private Endpoints As cloud-native applications increasingly depend on managed services like storage, databases, and messaging queues, securely connecting to these services without exposing traffic to the public internet becomes a critical design consideration. In AWS, VPC Endpoints—available as Interface or Gateway types—allow private connectivity to supported services from within a VPC. Azure provides a similar capability through Private Link, leveraging Private endpoints enabling private access to Azure services such as Azure Storage, SQL Database, or even custom services behind a Load Balancer. Azure Private Link also supports private access to customer or partner services published via Azure Private Link Service. Both approaches improve security posture by keeping traffic on the cloud provider's internal backbone, reducing exposure to external threats. For software development companies building multi-tiered cloud-native applications, these features offer a straightforward way to lock down service-to-service communication without relying on public endpoints. Endpoint policy management In AWS, endpoint management is handled via VPC Endpoint Policies, API Gateway, and AWS PrivateLink. These resource-specific policies are applied to services like S3, DynamoDB, or API Gateway, offering granular control, but requiring more configuration. In contrast, Azure’s endpoint management is more centralized. Services like Azure Application Gateway, Front Door, and Private Endpoint are governed through Network Security Groups (NSGs), Azure Firewall, and WAF policies. Azure's centralized policy enforcement, particularly for Private Endpoints, provides simplified access control and reduces the need for per-service configurations. AWS offers granular control at the cost of additional configuration complexity. Service mesh for Microservices For applications composed of many microservices, managing east-west traffic, enforcing security policies, and gaining observability into service communication can become complex. A service mesh addresses these challenges by abstracting service-to-service communication into a dedicated infrastructure layer. AWS offers App Mesh, which integrates with ECS, EKS, and Fargate, providing features like traffic shifting, retries, circuit breaking, and mTLS encryption. Azure supports service meshes primarily through open-source solutions like Istio and Linkerd, facilitated by managed integrations via the AKs service mesh add-on, simplifying operations on AKS. Additionally, Azure provides Dapr, which complements service mesh by offering higher-level application concerns such as state management, pub/sub messaging and simplified service invocation. For cloud-native software development companies adopting Kubernetes or containerized architectures, a service mesh brings consistency, security, and fine-grained control to internal traffic management. Monitoring and observability Azure Network Watcher provides tools for monitoring, diagnosing, and logging network performance across IaaS resources in Azure. Key features include topology visualization, connection monitoring, and various diagnostic tools like IP flow verification, NSG diagnostics, and packet capture. Additionally, Traffic Analytics provides insights into network traffic patterns. These tools support both hybrid and fully cloud-based network infrastructures, enabling efficient troubleshooting and performance optimization. On the AWS side, VPC Flow Logs and Reachability Analyzer provide comparable visibility and connectivity diagnostics. Key Resources: Microsoft Azure Migration Hub | Microsoft Learn Azure networking documentation Compare AWS and Azure Networking Options - Azure Architecture Center | Microsoft Learn SaaS Workloads - Microsoft Azure Well-Architected Framework | Microsoft Learn Microsoft commercial marketplace documentation Metered billing for SaaS offers in Partner Center Create plans for a SaaS offer in Azure Marketplace Metered billing with Azure Managed Applications Set plan pricing and availability for an Azure Container offer in Microsoft commercial marketplace - Marketplace publisher Configure pricing and availability for a virtual machine offer in Partner Center - Marketplace publisher Get cloud-ready reference code to replicate AWS apps to Azure Get over $126K USD in benefits and technical consultations to help you replicate and publish your app with ISV Success Maximize your momentum with step-by-step guidance to publish and grow your app with App Advisor
Preview of Arc enabled SQL Server in US Government Virginia
Introduction We are excited to announce that Azure Arc-enabled SQL Server on Windows is now in public preview for the US Government Virginia region. With Azure Arc-enabled SQL Server, U.S. government agencies and organizations can manage SQL Server instances outside of Azure from the Azure Government portal, in a secure and compliant manner. Arc-enabled SQL Server resources in US Gov Virginia can be onboarded and viewed in the Azure Government portal just like any Azure resource, giving you a single pane of glass to monitor and organize your SQL Server estate in the Gov cloud. Preview features of Azure Arc-Enabled SQL Server Currently, in the US Government Virginia region, SQL Server registration provides the following features: Connect (onboard) a SQL Server instance to Azure Arc. SQL Server inventory which includes the following capabilities in the Azure portal: View the SQL Server instance as an Azure resource. View databases as an Azure resource. View the properties for each server. For example, you can view the version, edition, and database for each instance. All other features, including Extended Security Updates (ESU), are not currently available. How to Onboard Your SQL Server Onboarding a SQL Server to Azure Arc in the Government cloud is a two-step process that you can initiate from the Azure (US Gov) portal. Step 1: Connect hybrid machines with Azure Arc-enabled servers Step 2: Connect your SQL Server to Azure Arc on a server already enabled by Azure Arc Limitations The following SQL Server features are not currently available in any US Government region: Failover cluster instance (FCI) Availability group (AG) SQL Server services like SSIS, SSRS, or Power BI Report Server Future Plans and Roadmap This public preview is a major first step in bringing Azure Arc’s hybrid data management to Azure Government, and more enhancements are on the way. We will be enabling features like Arc-based billing (PAYG) and ESU purchasing along with feature parity with public cloud in future. Conclusion The availability of Azure Arc-enabled SQL Server in the US Gov Virginia region marks an important milestone for hybrid data management in Government. If you’re an Azure Government user managing SQL Server instances, we invite you to try out this public preview. And please, share your feedback with us through the community forum or your Microsoft representatives. Learn More: SQL Server enabled by Azure Arc in US Government Preview SQL Server enabled by Azure Arc Update August 14, 2025 Arc enabled SQL Server in US Government Virginia is now generally available with support for licensing and ESU. Please see SQL Server enabled by Azure Arc in US GovernmentAnnouncing the Public Preview of the Azure Arc gateway!
The wait is over, we are thrilled to introduce the Public Preview of the Azure Arc gateway for Arc-enabled Servers, and Arc-enabled Kubernetes! They reduce the number of required endpoints for customers to configure their Enterprise proxy when setting up for using Azure Arc services. How Does it Work? Arc gateway introduces two new components: Arc gateway – An Azure Resource with a single, unique endpoint that will handle the incoming traffic to Azure from on-prem Arc workloads. This endpoint is to be configured in customer’s enterprise proxies. Azure Arc Proxy – A component of the Arc connected machine agent that routes all Agent and extension traffic to its destination in Azure via an Arc gateway Resource. The Arc Proxy is installed on every Arc-enabled Resource within the core Arc agent. Arc gateway on Arc-enabled Servers Architecture Arc gateway on Arc-enabled Kubernetes Architecture How do I Deploy Arc gateway? At a high level, there are three steps: create an Arc gateway Resource. Get the Arc gateway URL, and configure your Enterprise proxy Either onboard your Servers/K8s clusters using the gateway resource info or update the existing Arc Server/K8s resource with the created gateway resource info. For Arc enabled Servers, you can find Arc gateway details & instructions in the Public Preview documentation, and the Arc gateway for Arc-enabled Servers Jumpstart Episode. For Arc-enabled Kubernetes, more details are available in the Public Preview Documentation. Arc gateway Endpoint Coverage, Illustrated by the Azure Monitoring Scenario For the Arc gateway public preview, we have focused on covering primarily Service Endpoints for Azure control plane traffic. Most of the data plane endpoints are not yet covered by Arc gateway. I’d like to use the Azure monitoring on Arc-enabled Servers scenario to illustrate the Endpoints covered by the Public Preview release. Below is a comparison of the list of endpoints customers must open access to in their enterprise proxy with and without Arc gateway for this common scenario. As displayed, Arc gateway cuts the list of required endpoints nearly in half and removes the need for customers to allow wildcard endpoints in their on-prem environment. Endpoints required without Arc gateway (17) Endpoints required with Arc gateway (8) Arc-enabled Servers Endpoints aka.ms download.microsoft.com packages.microsoft.com login.microsoftonline.com *.login.microsoftonline.com pas.windows.net management.azure.com *.his.arc.azure.com *.guestconfiguration.azure.com azgn*.servicebus.windows.net *.blob.core.windows.net dc.services.visualstudio.com Azure Monitor Endpoints global.handler.control.monitor.azure.com <virtual-machine-region-name>.handler.control.monitor.azure.com <log-analytics-workspace-id>.ods.opinsights.azure.com <virtual-machine-region-name>.monitoring.azure.com <data-collection-endpoint>.<virtual-machine-region-name>.ingest.monitor.azure.com Arc-enabled Servers Endpoints <URL Prefix>.gw.arc.azure.com management.azure.com login.microsoftonline.com gbl.his.arc.azure.com <region>.his.arc.azure.com packages.microsoft.com Azure Monitor Endpoints <log-analytics-workspace-id>.ods.opinsights.azure.com <data-collection-endpoint>.<virtual-machine-region-name>.ingest.monitor.azure.com We're continuing to expand the endpoint coverage and further reduce the number of endpoints required to be configured through customers' Enterprise proxies. I’d like to invite you to try out the Arc gateway Public Preview release and share any questions, comments or feedback and requests to the Public Preview Contact Form.Maximizing the multicloud advantage — Publishing and selling through the Microsoft marketplace
This post is part of a series on replicating apps from AWS to Azure. View all posts in this series. For AWS-based software companies aiming to broaden their footprint, the marketplace offers a strategic path forward. By publishing your solution, you gain visibility across Microsoft’s digital storefronts—Azure Marketplace and Microsoft AppSource—as well as in-product experiences like the Azure Portal. This presence enables 24/7 global selling and simplifies procurement for enterprise customers, especially those with Azure Consumption Commitments who are motivated to buy Azure-based solutions through the marketplace. Publishing in Azure reduces friction when selling to Azure-centric enterprises, enables consistent branding and offer management across clouds, and allows you to leverage both ecosystems without duplicating engineering investments. You can also join ISV Success to get access to over $126K USD in cloud credits, AI services, developer tools, and 1:1 technical consults to help you replicate your app and publish to the marketplace. To replicate your app faster get cloud-ready reference code to replicate AWS apps to Azure. 1. Introduction Unlock new growth opportunities by tapping into the marketplace and reach enterprise buyers more effectively. Whether you're migrating from AWS or building natively on Azure, the marketplace enables you to expand into new geographies, co-sell with Microsoft’s extensive salesforce, and simplify procurement for customers with pre-committed Azure spend. In this guide, we’ll walk you through the key steps to publishing and selling successfully—from selecting the right offer type to optimizing billing, pricing, and co-sell incentives. Through the marketplace, your business can: Sell to millions of monthly shoppers: Sell 24/7 across 141+ geographies, 17 currencies, and 50+ value-added tax IDs, Maximize your sales reach: Sell directly on marketplace storefronts and in-product experiences used by 95% of Fortune 500 companies. Access pre-committed cloud budgets: Stand out to the more than 85% of Microsoft customers with pre-committed Azure spend using the marketplace. Co-sell with 35,000 Microsoft sellers: Sell even more with collaborative sales through the marketplace, Expand to new markets with recurring revenue: Scale through 500,000 Microsoft partners, who can sell on your behalf or sell jointly to customers. This article walks you through the essentials of publishing and selling through the marketplace, including offer types, billing and pricing models, tools, incentives, and financial programs that can accelerate your success. 2. Selecting the right marketplace offer type When publishing to the marketplace, choosing the right offer type is key. Each type supports different ways customers use and deploy your solution. Common Offer Types and What They’re Best For Software as a Service (SaaS) Best for apps deployed on your Azure infrastructure that customers access through subscriptions. For customers who want a turnkey ready-to-use, hosted solution with minimal set-up. Azure Virtual Machine (VM) Best for software that runs on a pre-configured virtual machine. Similar to Amazon Machine Image (AMI) offers. For customers who want full control over a virtual machine running your software. Azure Container Ideal for containerized apps that customers deploy and run themselves like Amazon Elastic Container Service (ECS) or Elastic Kubernetes Service (EKS). For customers who want to run your app in their own container environment. Azure Application Used to deploy multiple Azure resources like VMs, storage, or networking. This is ideal for customers who want packaged deployments that automate setup in the customer’s environment. Azure also supports other offer types. See the full list at App Advisor – Offer Types. 3. How marketplace billing and pricing work A key advantage of publishing through the marketplace is the seamless integration with Azure’s billing system, which simplifies procurement for customers and streamlines revenue collection for software development companies. Integrated Azure billing When customers purchase through the marketplace, charges are seamlessly applied to their existing Azure account, eliminating separate invoicing and procurement workflows. Purchases can count toward Azure Consumption Commitment, enhancing appeal for enterprise buyers, while customers benefit from consolidated billing and simplified expense tracking. Publisher earnings Microsoft manages billing and collection. After deducting a standard transaction fee, earnings are disbursed on a regular schedule—reducing overhead and ensuring predictable cash flow. Pricing models The marketplace supports a variety of pricing models to align with your business model and customer expectations: Flat-rate: A fixed monthly or annual fee for access to your solution. Per user pricing: Charges based on the number of users accessing the solution. Usage-based (metered): Charges based on actual usage metrics (e.g., API calls, compute hours). After choosing your pricing model, you can configure multiple tiered plans (SKUs) for different service levels or feature sets at varying price. Renewing a private offer with an existing paid customer—whether the original deal was through the marketplace or not— reduces your transaction fee by 50% for the entire renewal term. How to grow sales with negotiated deals For many enterprise customers, closing deals means negotiating pricing and terms. Most co-sell deals also happen through negotiated terms. If co-selling with Microsoft sellers is a path you want to pursue, make sure you learn about these options. Private offers: Depending on the plan you have selected, you can create personalized pricing and terms for specific customers that are only visible to them. Offers can include custom billing schedules, discounts, and contract durations. Multiparty private offers: If you sell through channel partners or need to for a specific deal, then you can use multiparty private offers (MPO) to offer negotiated terms and pricing. MPO is currently available in the United States, United Kingdom and Canada, with support for more geographies coming soon. The Private Offers API allows you to programmatically create and manage custom deals with enterprise customers. These capabilities allow you to maintain pricing flexibility while benefiting from the streamlined procurement and billing experience of the marketplace. Learn more on your options for negotiated deals through marketplace. Transactable professional services In addition to software, you can also list professional services (e.g., onboarding, training, consulting) as transactable items. This allows customers to purchase both your product and value-added services through a single, unified channel—further increasing your Azure Consumption Commitment alignment and revenue potential. These offers are currently not discoverable via storefront search and must be shared via direct link with customers. Transactable services are supported in select markets and must follow specific publishing guidelines. Learn more about selling transactable professional services. 4.Tools to help publish your marketplace offer Microsoft provides a rich set of tools and resources to help ISVs confidently publish, manage, and grow their offers in the marketplace. These assets can streamline your journey and maximize your impact. Joining as a partner to create and publish your marketplace offer To publish and manage your marketplace apps, sign up for the Microsoft AI Cloud Partner Program and set up your Partner Center account. Partner Center is where you configure offers, manage referrals and claim incentives. The best way for software companies to sign up is to join ISV Success, which offers over $126K USD in benefits, including Microsoft products, Azure cloud credits, and technical consultations. See the benefits. You can also enroll as a partner through Partner Center without joining ISV Success. Once your account is set up, assign roles to your team for tasks like publishing, marketing, and managing referrals. This helps streamline the marketplace process. Learn about marketplace-specific roles needed to publish and manage apps, payout and tax settings, and access marketplace insights Step-by-step guidance through App Advisor App Advisor provides curated step-by-step guidance—through replicating your app, publishing it to marketplace, and growing your sales—helping you make informed decisions at every stage. Reference code on transactable webhooks For SaaS publishers, implementing transactable webhooks is essential for provisioning, metering, and managing customer subscriptions. Microsoft offers reference implementations like the SaaS Accelerator, which simplifies webhook integration and accelerates time to market. The Mastering the Marketplace GitHub repo also provides hands-on code samples and walkthroughs to help you build production-ready integrations. You can review Mastering the SaaS Accelerator - Mastering the Marketplace. Marketplace documentation and offer creation guides Microsoft maintains detailed documentation to guide you through the publishing process ensuring your offer is compliant, discoverable and optimized. The marketplace documentation hub organizes all the marketplace documentation for app publishers. The Publishing Guide by Offer Type provides technical and business requirements for each offer type (SaaS, VM, Container, etc.). The marketplace offer listings best practices helps you craft compelling branding and go-to-market strategies. Engaging with Microsoft to go-to-market Microsoft offers multiple programs, incentives, and offerings to help you amplify your reach, earn by selling through marketplace, and differentiate in marketplace: Marketplace Rewards unlock benefits like listing optimization, up to $400K USD in Azure cloud credits, go-to-market support, and co-sell readiness. Transact & Grow financial incentive can pay you up to $20K USD to sell through marketplace. Solutions Partner with certified software designations help you stand out in the marketplace, differentiate with Microsoft sellers, and grants you marketing and sales benefits. Accelerating visibility, credibility, and access Publishing through the Azure gives you access to Microsoft’s extensive sales ecosystem, including: Tip: Enable a free trial period for your paid marketplace plans to get the most customer engagement in marketplace. Microsoft field sellers: who can co-sell your solution to their accounts. Partner Center insights: that help you track performance and optimize your listing. Marketplace rewards tiers: that unlock additional benefits as your offer gains traction. Visit this link to learn more about additional benefits: Transacting on the marketplace - Marketplace publisher | Microsoft Learn 5. Qualifying for Azure IP Co-sell to incentivize Microsoft sellers and help customers with commitments Software companies can leverage Azure IP Co-sell (AZIPCS) to enhance enterprise reach, seller engagement, and deal velocity via the marketplace. Offers that achieve Azure IP co-sell eligibility gain these marketplace benefits: Marked as Azure benefit eligible for eligible customers in the marketplace and Azure Portal. Sales of your offer through the marketplace contribute toward customers' pre-committed cloud budget otherwise known as Azure consumption commitment (MACC). This helps software companies align with enterprise procurement strategies and unlock larger opportunities. Microsoft sellers are highly interested in marketplace offers that can help customers meet their Azure consumption commitment. Co-sell deals are roughly 30% higher than non-co-sell deals Co-sell deals tend to close 2x faster, compared average across all Microsoft-managed customers Requirements for Azure IP co-sell eligible offers To qualify: Your marketplace offer must be configured to transact through the marketplace and have at least one non-$0 pricing plan. You need to create a co-sell solution for your offer You must reach a company-level revenue threshold over the trailing twelve-month (TTM) period of either $100K USD of marketplace billed sales (MBS) OR Azure Consumed Revenue (ACR). Learn how to make the most of co-sell. Key resources: Microsoft Azure Migration Hub | Microsoft Learn Publishing to commercial marketplace documentation Get over $126K USD in benefits and technical consultations to help you replicate and publish your app with ISV Success Maximize your momentum with step-by-step guidance to publish and grow your app with App Advisor Accelerate your development with cloud ready deployable code through the Quick-start Development Toolkit Earn exclusive benefits for your software company business with Marketplace Rewards. Private offers overview - Marketplace customer documentation | Microsoft Learn Marketplace FAQs – Microsoft Tech CommunityWelcoming the Next Wave at Build: New Partners Join the Azure Arc ISV Program
We are thrilled to announce the second round of partners joining the Azure Arc ISV Partner Program for Microsoft Build. Following its successful launch at Ignite last fall, this innovative program continues to grow, enabling partners to publish their offers on the Azure Marketplace for deployment to Arc-enabled Kubernetes clusters. With this new wave, we’re also expanding the solution landscape by introducing four new categories—Security, Networking & Service Mesh, API Infrastructure & Management, and Monitoring & Observability. These additions reflect the evolving needs of hybrid and multi-cloud environments and highlight the breadth of innovation our partners bring to the Azure Arc ecosystem. This new wave of collaborations marks a significant milestone in our journey to foster a vibrant ecosystem of innovation and excellence. This expansion marks a significant step forward in building a dynamic and innovative ecosystem that drives success for both customers and partners alike. What is Azure Arc? Azure Arc is the bridge that extends Azure to on-premises, edge, or even multi-cloud environments. It simplifies governance and management by delivering the consistency of the Azure platform. The ability to create offerings for Azure Arc in the marketplace is a significant benefit to our partners, allowing them to integrate with Azure services and tools and access a large and diverse customer base. Azure Arc enables partners to validate their applications and offer them to customers so they can manage their Kubernetes cluster on Azure. Edge developers can leverage these building blocks to develop their enterprise applications, and we aim to provide them with a one-stop shop in Azure Marketplace. Meet our partners The Azure Arc ISV Partner Program is focusing on expanding categories such as security, networking & service mesh, API infrastructure & management, monitoring & observability. We are excited to introduce our esteemed partners, HashiCorp, Traefik Labs, Solo.io, and Dynatrace, who have Arc-enabled their applications and will now be available on the Azure Marketplace. Here’s a closer look at their offerings: HashiCorp HashiCorp is a leading provider of infrastructure automation and security solutions for modern, dynamic IT environments. HashiCorp Vault Enterprise for Azure Arc enables organizations to manage access to secrets and protect sensitive data using identity-based security principles. As enterprises shift to hybrid and multi-cloud architectures, traditional perimeter-based security models fall short. Vault helps to address this challenge by authenticating every user and application, authorizing access based on identity and policy, encrypting secrets, and injecting just-in-time credentials. It also helps to automate the rotation of secrets, certificates, and encryption keys—reducing operational risk and improving compliance. By integrating with Azure Arc, Vault Enterprise can be deployed and managed alongside other Azure Arc-enabled services. This allows organizations to consistently enforce zero trust security practices—whether workloads run on-premises, in Azure, or in other cloud environments—while benefiting from centralized governance and compliance visibility through the Azure control plane. To deploy HashiCorp Vault Enterprise for Azure Arc, visit aka.ms/HashiCorpForAzureArc. To learn more about HashiCorp Vault Enterprise on Azure Arc, visit HashiCorp Vault Traefik Labs Traefik for Azure Arc empowers organizations to modernize and scale their AI and API runtime infrastructure across any Kubernetes in hybrid and multi-cloud environments. With over 3.3 billion downloads and 250,000+ production nodes globally, Traefik can be deployed in three modular and progressive phases—Application Proxy, API & AI Gateway, and API Management—meeting users where they are on their journey and enabling seamless transitions without vendor lock-in or disruptive migrations. Traefik helps deliver zero-config service discovery across Kubernetes and other orchestrators, efficiently replacing legacy tools with simplified traffic routing and management. As needs grow, they more easily transition to comprehensive AI and API Gateway capabilities with centralized authentication and authorization, semantic caching for AI workloads, and data governance for responsible AI deployments. The final evolution helps introduce complete API governance, observability, self-service developer portals, and instant mock APIs—enabling unified management across both traditional and AI-enabled services without disruptive architectural changes. By combining Azure Arc with Traefik, organizations gain more unified control over API and AI workloads, enhanced by features like semantic caching and content guard. This integration helps bridge fragmented environments, accelerates deployment, and enable clearer versioning boundaries—fundamental for scaling AI and API services across distributed systems. To deploy Traefik for Azure Arc, visit aka.ms/TraefikForAzureArc. To learn more about Traefik for Azure Arc and get started, visit aka.ms/TraefikForArcJumpstart. Solo.io Solo.io is a leading provider of service mesh and API infrastructure solutions for cloud-native applications. Istio for Azure Arc, powered by Solo.io, helps deliver an enterprise-grade service mesh experience through Istio in Ambient Mode—specifically optimized for Azure Arc-enabled Kubernetes clusters. This modern, sidecar-less architecture helps to simplify deployment, reduces operational overhead, and improves resource efficiency while maintaining Istio’s advanced capabilities. The solution provides robust Layer 7 traffic management, zero-trust security with mutual TLS and fine-grained authorization, and deep observability through distributed tracing and logging. It’s ideal for IT operations, DevOps, and security teams managing workloads in regulated industries like finance, healthcare, retail, and technology—where resilience, security, and visibility are important. By using Istio for Azure Arc, organizations can deploy and manage service mesh consistently across hybrid and multi-cloud environments, accelerating application delivery while maintaining control and compliance. To deploy Istio for Azure Arc, visit aka.ms/IstioForAzureArc. To learn more about Istio for Azure Arc, visit Istio by Solo.io. Dynatrace Dynatrace is a leading provider of AI-driven monitoring and performance analytics solutions. Dynatrace Operator helps streamlines your processes, gains insights, and accelerates innovation with its powerful AI-driven platform. Now available through the Microsoft Azure Marketplace, this solution more easily integrates with your Microsoft ecosystem—from Azure to Arc-enabled Kubernetes Service and beyond. With Dynatrace Operator, you can build custom apps and automations tailored to your unique business needs, empowering you to work smarter, not harder. Visualize and fully understand your entire Hybrid cloud ecosystem in real time, plus benefit from automated identification and illustration of application dependencies and their underlying infrastructure, delivering enriched, contextualized data for more informed decisions. Designed to help enterprises automate, analyze, and innovate faster, Dynatrace Operator is your key to unlocking efficiency and growth. By combining Azure Arc with Dynatrace Operator, organizations can deploy and manage monitoring and performance analytics consistently across hybrid and multi-cloud environments, accelerating application delivery while maintaining control and compliance. To deploy Dynatrace Operator for Azure Arc, visit aka.ms/DynatraceOperatorForArc. To learn more about Dynatrace Operator for Azure Arc, visit Dynatrace | Kubernetes monitoring. Become an Arc-enabled Partner These partners have collaborated with Microsoft to join our ISV ecosystem, helping provide resilient and scalable applications more readily accessible for our Azure Arc customers via the Azure Marketplace. Joining forces with Microsoft enables partners to stay ahead of the technological curve, strengthen customer relationships, and contribute to transformative digital changes across industries. We look forward to expanding this program to include more ISVs, enhancing the experience for customers using Arc enabled Kubernetes clusters. As we continue to expand our Azure Arc ISV Partner Program, stay tuned for more blogs on the new partners being published to the Azure Marketplace. To reach out and learn more about the Azure Arc ISV Partner Program visit: What is the Azure Arc ISV Partner program? or reach out to us at https://aka.ms/AzureArcISV.Expanding the multicloud advantage: Picking the right Azure regions for AWS developers
This post is part of a series on replicating apps from AWS to Azure. View all posts in this series. As a software development company, expanding or replicating your Marketplace offer from AWS to Microsoft Azure, one of the most foundational steps is selecting the right Azure region. While AWS and Azure both offer extensive global infrastructure, the architecture, service availability, and underlying design philosophies differ. For software companies aiming to deliver consistent performance, scale globally, and meet operational expectations, understanding how Azure regions work—and how they compare to AWS—is essential. Choosing the right Azure region is a critical step in successfully replicating your AWS-based app. Understanding how Azure regions differ from AWS—across availability, service coverage, and compliance—can help you make smarter decisions that improve performance, reduce latency, and meet customer expectations. This article will guide you through key regional considerations to help you plan your multicloud expansion with confidence. You can also join ISV Success to get access to over $126K USD in cloud credits, AI services, developer tools, and 1:1 technical consults to help you replicate your app and publish to Azure Marketplace. To replicate your app faster get cloud-ready reference code to replicate AWS apps to Azure. This guide breaks down everything software development companies need to know to make informed region decisions based on your business and operational requirements like availability, reliability, resiliency, performance, security, compliance, and cost. Key factors for region selection 1. Understanding the Region and Availability Zone Models Before you map your AWS architecture to Azure, it's important to understand how the two platforms structure their global infrastructure. Both AWS and Azure use regions and Availability Zones (AZs) to deliver high availability and resilience. AWS regions typically include 3–6 AZs—physically separated data centers that support fault-tolerant architectures. Azure also offers multiple AZs in supported regions (usually three or more) and introduces a unique concept: region pairs—predefined, geographically aligned region combinations designed for disaster recovery and sequential update rollout. While not all Azure regions currently include AZs, Azure’s expansive global footprint—more regions than any other cloud provider—gives software companies exceptional flexibility to deploy close to customers, meet data residency requirements, and scale with confidence. As you plan your region strategy, it’s also essential to consider Azure's broad geographic coverage. Azure offers an extensive and diverse network of regions, including emerging markets, such as South Africa, the Middle East, and parts of Eastern Europe. This expanded reach can help software companies unlock new opportunities in underserved markets. Expanded Market Access: Azure's unique regional presence enables software companies to serve new customer segments and comply with local data regulations. Geographic Flexibility: With over 60 regions worldwide, you can design a global presence tailored to your users' needs. Just be sure to check the Azure Products by Region to confirm that your required services are available in each region you’re considering. 2. Availability Zones and high availability Software companies coming from AWS are accustomed to architecting for resiliency using multi-AZ deployments, which distribute workloads across isolated data centers within a region to avoid a single point of failure. Azure supports a similar model—but with important considerations. Check AZ Support: about half of Azure regions support availability zones. You can verify this on Microsoft’s Azure region availability page. Region Pairs: If your target region doesn’t support AZs, leverage region pairs to implement cross-region redundancy. Example: If you’re used to deploying across us-west-1 and us-west-2 in AWS for failover, you might consider Azure’s West US and West Central US, which are region pairs designed for this purpose. 3. Service availability by region Azure continuously expands its global reach, with advanced and preview services becoming available in select regions first-providing early access and ensuring a phased, reliable rollout across location. Verify service coverage: Use the Azure Products by Region tool to ensure your required services—like Azure Container Apps, Cosmos DB, or Azure OpenAI—are supported in your target region. Verify SKU coverage: When deploying services such as AKS (Azure Kubernetes Service), it’s vital to confirm not only the availability of the service in your chosen region but also the support for the specific VM SKU required for the AKS node pool. When planning your Azure deployment, it’s crucial not only to verify the availability of core services in your chosen region but also to ensure that all required features, SKUs, and dependent services—such as networking, identity, storage, and monitoring—are supported. This comprehensive approach prevents unexpected issues during provisioning and guarantees the full operational functionality of your solution. 4. Disaster recovery and resilience Azure offers parallel capabilities to cross-region replication available in AWS but implements differently. Region Pairs: Azure automatically geo-replicates platform services like Azure Storage and Azure SQL between paired regions. Manual Replication: Use Azure Site Recovery for infrastructure-level disaster recovery between any two regions. Zonal and Regional Redundancy: Zonal and regional redundancy are available to meet your fault tolerance requirements—Zonal redundancy enables automatic failover across zones for services with multi AZ enabled in a single region, protecting against localized datacenter failures while maintaining low-latency access. Regional resiliency provides resiliency against full region outage by replicating services across geographically separate region—ideal for disaster recovery scenarios. Multi-AZ failover protects against localized datacenter issues within a region, offering high availability with low latency. Multi-region failover safeguards against full region outages by replicating services across geographically separate Azure regions. 5. Network latency and performance optimization Latency isn't just about user experience—it's also critical for communication between services and data centers. Optimizing network design ensures your applications perform reliably under real-world conditions. Virtual Network Peering: Azure's VNet peering (similar to AWS VPC Peering) enables private, low-latency communication between virtual networks, both within a region and across regions, without traffic traversing the public internet. Azure ExpressRoute: For scenarios requiring consistent, ultra-low latency between on-premises infrastructure and Azure, ExpressRoute provides a dedicated private connection. This is Azure’s counterpart to AWS Direct Connect. Private Endpoint: Allow access to Azure services via Private Link, over a private IP within your VNet—bypassing the public internet. This reduces exposure to internet congestion and can improve network latency, while also enhancing security. Content Delivery: To speed up access to static assets and media globally, Azure CDN offers a solution comparable to AWS CloudFront, using distributed edge locations to reduce load times. For latency testing, use Azure Speed Test or Network Performance Monitor to evaluate performance across Azure regions. This is similar to how AWS professionals might use CloudWatch or the AWS Network Performance Dashboard to test latency and identify the best-performing regions for their user base. Additional tools are available like Network Watcher and Flow Logs. Latency is critical for real-time applications (e.g., video conferencing, online gaming), financial services and IoT and edge computing solutions. It’s less critical with batch processing, archival and backup storage and internal business applications and admin system. 6. Compliance and data residency Now let’s talk about compliance—something every software company must consider, even if it’s not their primary driver. Azure provides robust options for regulated industries: Examples of Sovereign Clouds: Azure Government: for U.S. federal and state agencies Azure China: operated independently by 21Vianet Azure Germany: for data residency and sovereignty in the EU Azure Australia: supports public sector and regulated industries with regional compliance and data residency Compliance Certifications: Azure supports over 100 compliance offerings, including GDPR, HIPAA, FedRAMP, ISO 27001, and more. Best Practices: Match your AWS GovCloud or other regulated deployment to a comparable Azure region (e.g., Azure Government). Confirm that your selected region supports required certifications by referencing Microsoft’s Compliance Documentation. 7. Cost differences by region Azure pricing varies by region, just like with AWS. Factors include local energy costs, demand, and capacity. Here is a high-level overview of how cost may vary by region Pricing - Bandwidth | Microsoft Azure Azure Pricing Calculator: Use it to compare compute, storage, and bandwidth pricing between regions. TCO Analysis: A slightly more expensive region may be worth the cost if it offers better performance, compliance, or redundancy options. 8. Planning for future growth Your choice of region affects more than just your launch—it sets the stage for growth. Scalability: Choose regions with broad service availability and sufficient capacity. Azure region capacity isn't infinite—some regions may experience temporary resource constraints for specific VM sizes or services due to high demand. Selecting a region with strong infrastructure investment and consistent capacity growth helps ensure your workloads can scale reliably over time. Expansion Strategy: Plan for multi-region deployments as your user base grows. Example of Mapping AWS Regions to Azure: Common Alignments AWS Region Closest Azure Region US East (N. Virginia) East US US West (N. California) West US Europe (Ireland) West Europe Asia Pacific (Singapore) Southeast Asia Asia Pacific (Tokyo) Japan East Here is the list of comprehensive Azure Regions. 9. Key Resources Azure Regions Azure Products by Region Microsoft Azure Migration Hub | Microsoft Learn Publishing to commercial marketplace documentation Pricing Calculator | Microsoft Azure Get over $126K USD in benefits and technical consultations to help you replicate and publish your app with ISV Success Maximize your momentum with step-by-step guidance to publish and grow your app with App Advisor Accelerate your development with cloud ready deployable code through the Quick-start Development ToolkitTroubleshoot the Azure Arc Agent in Azure using Azure Monitor & Log Analytics Workspace
This article explores how to centralize logging from on-premises servers—both physical and virtual—into a single Log Analytics Workspace. The goal is to enhance monitoring capabilities for the Azure Arc Connected Machine Agent running on these servers. Rather than relying on scattered and unstructured .log files on individual machines, this approach enables customers to collect, analyze, and gain insights from multiple agents in one centralized location. This not only simplifies troubleshooting but also unlocks richer observability across the hybrid environment.
