SAP on Azure Product Announcements Summary – SAP Sapphire 2026
Introduction Today at SAP Sapphire, we announced a new wave of innovations deepening the Microsoft–SAP partnership – advancing RISE with SAP on Azure, our SAP S/4HANA integrations, and our shared AI platform. With more than three decades of co-engineering, Microsoft and SAP continue to help customers modernize their ERP estate and build new value on top of it. Below is a look at the latest product updates, alongside customer evidence of what is possible when SAP and Microsoft come together. Customer Evidence AI: From ERP Data to Intelligence in the Flow of Work KONE is running an AI-driven contract workflow on Power Platform that validates documents against SAP records and auto-creates contracts in SAP — processing 54,000+ contracts per year with a 33% reduction in handling time. To support their 3,000+ citizen developers, KONE developed an agent with Microsoft Copilot Studio that guides makers through building solutions, generating prompts and surfacing existing apps to avoid duplication. "Power Platform is enabling us to integrate highly effective AI models into our automation solutions and that is helping us streamline increasingly complex processes — efficiently and at scale." — Lulu Zhang, Director, Head of Technology & Services, KONE Security: Protecting the SAP Core MAIRE, a global engineering group operating across 50 countries, deployed Microsoft Sentinel for SAP to secure its accounts payable environment — the heartbeat of over 10,000 employees. With 50+ active detection rules and cross-environment event correlation now automated, MAIRE has shifted from reactive incident response to continuous, AI-ready threat intelligence. "SAP generates an impressive amount of logs, and with the Microsoft solution, we are able to detect suspicious events before they can become a problem." — Andrea Sgarlata, Identity Manager, Tecnimont Services, MAIRE Group Cenibra replaced SAP Identity Management with Microsoft Entra ID Governance, integrating 80+ systems and achieving a 46% operational gain — with 60–70% of manual IAM effort projected to be eliminated as automation expands. Running SAP at Scale: Migration as a Strategic Foundation Maersk migrated 500 SAP servers and a petabyte of data to Azure in six months — with near 100% uptime and zero incidents — and is now using Azure OpenAI with SAP to let teams query invoice and shipment data in natural language. "This wasn't just a migration. It was a mindset shift. We needed to move from managing infrastructure to driving engineering innovation." — Roman Kulczykowski, Senior Director, SAP Technology Platform, Maersk We're pleased to share the product updates behind these outcomes: From SAP Joule + Microsoft Copilot to agent-to-agent workflows, SAP and Microsoft are turning SAP processes into reusable AI-powered building blocks. Microsoft Fabric’s SAP footprint just grew: SAP BDC Data Connect, Datasphere replication, certified partners. Microsoft Sentinel for SAP:Expanded SAP detections, richer SAP ETD cross-signal correlation, and upcoming LogServ/ASIM integration bring SAP telemetry natively into your XDR workflows. SAP Deployment Automation Framework expands support for highly available SAP architectures with HANA scale-out and HSR capabilities, enabling GitHub-native deployments and centralized configuration management. SAP Testing Automation Framework advances high availability validation with scale-out HANA testing, backup validation, and integrated configuration checks to enable continuous reliability assurance. Extended the Observability Dashboard with additional infrastructure checks and introduced a reusable AIOps pattern to move from observability insights to governed operational action. Let's dive into the summary of product updates and services. Extend and Innovate Copilot Studio & Power Platform Joule & Microsoft Copilot: Adoption and Enablement The Joule and Microsoft 365 Copilot integration reached general availability in late 2025, and we now see hundreds of customers actively exploring and onboarding the solution. To accelerate adoption, SAP and Microsoft are delivering: Updated onboarding guidance such as the SAP Discovery Center Mission – Integrate Joule and Microsoft 365 Copilot Dedicated SAP services to support customers getting started. First Agent-to-Agent (A2A) Scenarios with Nestlé We are continuing to evolve the integration beyond chat-based experiences toward true agent interoperability. At SAPPHIRE, Nestlé is showcasing early Agent-to-Agent (A2A) scenarios, where: SAP services are exposed via the agent gateway Copilot Studio acts as the orchestration layer, consuming Joule services using an open, vendor-neutral A2A protocol. This marks an important step toward a multi-agent ecosystem across SAP and Microsoft. Easier SAP Integration with Copilot Studio Many SAP customers expose standard and custom APIs using the SAP Business Technology Platform connected via SAP Cloud Connector to their SAP systems like SAP S/4HANA or even older SAP ECC systems. Using SAP API Management customers can already today expose these SAP OData Services and soon also MCP Servers which can be consumed in Copilot Studio. More information about SAP with Microsoft can be found on Microsoft Learn. Microsoft Fabric We continue to deepen the integration between Microsoft Fabric and SAP solutions by evolving our strategy to offer options to leverage their SAP data in Fabric: We are expanding aligned integration options with Mirroring for SAP Datasphere, generally available since March 2026. This technology integrates SAP Datasphere replications flows into the mirroring capabilities of Microsoft Fabric. With these technologies you can seamlessly integrate the data integration tools of SAP with the power of Microsoft Fabric. In addition, we are collaborating closely with SAP to make SAP Business Data Cloud Connect for Microsoft Fabric available for customers in the second half of 2026. This will allow bi-directional, zero-copy sharing between SAP Business Data Cloud and Microsoft Fabric, significantly simplifying many use cases that previously required moving and managing copies of data. Sentinel Solution for SAP Microsoft Sentinel for SAP continues to expand coverage of the SAP core, SAP BTP, SAP LogServ and the broader SAP ecosystem — giving SOC teams broader, deeper, and more contextualized SAP signal inside their existing Microsoft XDR workflows. New SAP detections — catalog of out-of-the-box detection expanded to high profile targets such as Integration Suite, Build WorkZone, and Cloud Identity Services SAP Logserv roadmap — solution will allow re-use of Microsoft’s Advanced Security Information Model (ASIM) and other standard tables so customers and partners can profit from black-box detections apply existing XDR investments directly to their SAP telemetry. SAP ETD correlation with Microsoft XDR — the SAP Enterprise Threat Detection solution now ships email artifacts alongside IP and host, enabling deeper cross-signal correlation across SAP and Microsoft Defender (previously limited to IP and host only) The result: more out-of-the-box coverage, better re-use of existing Microsoft and partner detection investments, and richer correlation between SAP and the rest of the Microsoft Defender estate. Microsoft Entra Microsoft Entra ID and Entra ID Governance extend identity lifecycle and entitlement management into SAP via integration with SAP Cloud Identity Services (SCI), SAP Identity Access Governance (IAG), and SAP Access Control (AC). Microsoft and SAP have significantly deepened their collaboration in identity governance — delivering an end-to-end solution that extends Microsoft Entra into SAP landscapes at enterprise scale. End-to-end integration with SAP Identity Access Governance (IAG) now available in public preview, enabling customers to: o Publish SAP business roles into Entra entitlement catalogs and assign SAP access through Entra access packages o Enforce approval workflows and Separation of Duties (SoD) policies natively o Integration with SAP IAG also supports environments still relying on SAP AC, providing a phased migration path toward cloud-first governance. General availability of the improved SAP Cloud Identity Services Connector in Microsoft Entra featuring SCIM 2.0 support, provisioning of Groups & Group Memberships and OAuth 2.0-based authentication replacing basic authentication Day-zero visibility through account discovery allowing customers to correlate SAP accounts with Entra identities via SAP Cloud Identity Services and get immediate transparency into existing SAP identities. It also accelerates onboarding into governance workflows The result is a modern, cloud-based identity governance platform for SAP, combining Microsoft’s identity lifecycle automation with SAP-native compliance controls, and a clear migration path as SAP IDM approaches end of maintenance. Purview Microsoft Purview allows uniform data governance and compliance across the enterprise including SAP sources. Purview released several notable updates for SAP since the last edition: SAP Calculation View support for metadata scans, relevant for HANA DB and a major customer ask is now generally available. Scoped scanning (configure exactly which metadata to scan) for ECC and S/4HANA is now in Public Preview BW/4HANA connector is also now generally available Modern Authentication for SAP Integrations As the ecosystem evolves away from legacy authentication models, Microsoft and SAP are enabling secure, cloud-native integrations by replacing Basic Authentication with OAuth 2.0-based patterns across key scenarios. These innovations establish best security practices by replacing Basic Authentication with the secure OAuth 2.0 protocol and avoid the use of shared credentials that have an expiration. The outcome: A modern, secure integration layer for SAP, aligned with Zero Trust principles and ready for AI-driven and API-based enterprise architectures. Secure Email Integration: SAP ↔ Exchange Online With the deprecation of Basic Authentication, SAP systems now integrate with Exchange Online using OAuth 2.0 and Microsoft Entra ID for outbound email scenarios. The SAP ABAP systems authenticate using client credentials or certificate-based (JWT) flows. Also communication is secured via SMTP OAuth 2.0, eliminating password-based authentication. This modern approach ensures authentication without the need for password for SAP outbound communication and alignment with SAP and Microsoft. Extending Modern Authentication to SAP SuccessFactors APIs Beyond infrastructure scenarios, modern authentication is also being adopted across SAP SaaS integrations with new integration patterns using OAuth-secured access to SAP SuccessFactors OData APIs the Microsoft Entra ID acts as the central identity provider and token issuer enabling secure, governed API access without credential-based authentication. SAP on Azure Software Products and Services SAP Deployment and Testing Automation Framework The first half of 2026 marks the most significant release cycle for both the SAP Deployment Automation Framework (SDAF) and the SAP Testing Automation Framework (STAF) since their inception. The latest releases deliver broad platform expansion, deeper high-availability coverage, and a matured testing capability that extends well beyond initial scope. Highlights at a glance: SDAF now supports GitHub Actions as a first-class deployment path alongside Azure DevOps and CLI Azure App Configuration integration provides centralized, single-source-of-truth configuration management Deep investment in HANA scale-out with Pacemaker and HSR, including SAPHanaSR-angi support for SLES Platform coverage expanded to RHEL 10, OracleLinux9, and newer SLES release. STAF adds scale-out HSR testing, and Azure Backup Testing integration for SAP HANA Configuration Checks capability, a rewrite of the open-source Quality Checks tool, now ships natively within STAF. Introduced scheduling support for both HA functional tests and configuration checks SAP Deployment Automation Framework (SDAF) SDAF now supports GitHub Actions end-to-end, including automated workflow setup, container-based execution, and built-in secret management; providing deployment experience on GitHub equivalent to Azure DevOps. Azure App Configuration integration centralizes deployment parameters across control planes and workload zones, eliminating parameter configuration drift across environments. High-availability infrastructure coverage has seen its deepest investment to date. HANA scale-out with Pacemaker and HSR now supports SAPHanaSR-angi on SLES, adds conditional resource movement based on instance name and Pacemaker version, and enhances replication stability with improved retry and error-clearing logic. Additional updates include Azure Files NFS encryption in transit, hardened Oracle Data Guard automation with idempotent post-processing and dynamic SID handling, and improved networking logic for both greenfield and brownfield scenarios. SAP Testing Automation Framework (STAF) STAF continues to expand its SAP workload validation coverage and automation capabilities - making it easier to validate high availability designs, schedule tests at scale, and verify backup and restore readiness in Azure. STAF has introduced three major capabilities in the past few months: Expanded high availability validation for SAP HANA with scale-out HANA System Replication (HSR) support (including the SAPHanaSR-ScaleOut provider and updated HA test coverage for scale-out topologies) Test scheduling and run management via REST API and CLI (with containerized deployment improvements to simplify operating the service). Azure Backup validation and functional testing for HANA through a dedicated Ansible module that enables end-to-end backup discovery and restore workflows (including restore monitoring and cross-VM restore scenarios). The Configuration Checks capability, integrated natively into STAF from the open-source Quality Checks tool previewed in November 2025, now includes enhanced telemetry with duration tracking, updated disk performance thresholds, and improved HTML reporting. Azure Center for SAP solutions Tools and Frameworks We continue to enhance our scripts and supporting tools and frameworks outside the core product experience. These updates are designed to help customers and partners bridge the gap between evolving operational needs and available product capabilities. The Observability Dashboard has evolved into a more actionable operational view for Azure workload reviews, bringing security, network, and infrastructure signals into one place to improve visibility, reduce manual follow-ups, and support faster decision-making. o The Security Dashboard now highlights key exposure and hygiene risks such as public inbound access, orphaned public IPs, storage accounts without Private Endpoint, and Basic tier load balancers. o The Network Dashboard now includes VNet peering status, helping teams quickly validate connectivity posture alongside ExpressRoute, gateway, public IP SKU, UDR, subnet, and remote access checks. The Infrastructure Summary Dashboard helps identify configuration gaps such as VMs that support NVMe but are still using SCSI, failed VM extensions, and disabled Accelerated Networking. o The extended dashboard also adds visibility into AFS subnet configuration, giving teams a clearer view of platform readiness and operational consistency across customer environments. Operation Excellence AIOps Custom Agent: As part of our AIOps work, we are exploring how AI can move beyond generic operational insights and help customers think differently about managing complex Azure workloads. The focus is on enabling customer-specific AI agents to use cases that reflect real operational challenges, business priorities, and environment-specific patterns, rather than applying a one-size-fits-all model. By combining observability, automation, Azure resource insights, operational telemetry, and approval-driven actions, customers can identify risks earlier, reduce manual investigation effort, and accelerate decision-making across their estate. This approach creates a practical path for customers to experiment safely, address targeted operational scenarios, and shape AI-enabled operations around the needs of their own workloads, teams, and governance models. For more, see From Observability to Action: Building an AI-Powered AIOps Agent for Customer-Specific Operations To learn more, visit the Microsoft sessions at SAP Sapphire 2026 and check out our SAP on Azure learning page.Announcing Public Preview for Microsoft Azure Center for SAP Solutions
Customers deploying and managing SAP solutions in the cloud can move faster and more confidently with Microsoft Azure Center for SAP solutions, now available in public preview. It is an end-to-end solution enabling customers and partners to create and run SAP systems as a unified workload on Azure and provides a more seamless foundation for innovation on the Microsoft Cloud.SAP on Azure Product Announcements Summary – SAP Sapphire 2023
We are very excited to be part of this year’s Sapphire. As with all previous events, Microsoft continues to strengthen its partnership with SAP as a “Diamond” sponsor to engage customers on how to be more future proof. Whether it is moving SAP workloads into Azure or managing diverse SAP applications on Azure, Microsoft remains committed to providing solutions for making customers’ journey to cloud frictionless and, providing a platform to increase productivity and enabling innovation for better business outcomes.
