Azure Local 22H2 Clusters: End of Service and Feature Degradation
Azure Local (formerly Azure Stack HCI) version 22H2 reached End of Service (EOS) on May 31, 2025. As communicated earlier, this means: No further security updates or bug fixes will be provided. CSS support is limited to upgrade assistance of the existing environment only. What’s Changing? Around February 23, 2026, Microsoft will begin degrading features on 22H2 clusters. These changes align with Microsoft’s Modern Lifecycle Policy, which requires customers to stay current with servicing and system requirements to maintain support. Under this policy, failure to upgrade can lead to significant degradation of product functionality, starting with: Disabling ESU: Extended Security Updates will no longer be available. Disabling WSS: Windows Server Subscription benefits will be removed. Once these changes take effect: Customers will not be able to purchase or renew ESU or WSS for 22H2 clusters, meaning: ESU updates will no longer be offered, leaving guest operating systems exposed to security vulnerabilities. Guest operating systems will no longer be licensed, which can lead to compliance violations and potential service disruptions. Any degraded feature will not be restored under best-effort support. Customer Responsibility If the customer chooses to remain on 22H2: They assume full responsibility for any security vulnerabilities, compliance issues, or government regulatory requirements associated with running an unsupported version. Microsoft does not provide guarantees or remediation for risks arising from continued use of 22H2. Next Steps To maintain a secure and supported environment: Upgrade to 24H2 as soon as possible. Learn how to upgrade → We strongly recommend planning your upgrade now to avoid service disruptions and compliance risks.AKS enabled by Azure Arc: Powering AI Applications from Cloud to Edge [Ignite 2025]
A New Era for Hybrid Kubernetes and AI Microsoft Ignite 2025 continues to accelerate Azure’s hybrid vision, extending cloud-native innovation into datacenters, factories, retail sites, and remote, fully disconnected environments. This year’s announcements expand the capabilities of AKS enabled by Azure Arc, making it the most versatile and secure platform for deploying modern applications and AI workloads across any environment. AKS Arc now underpins Azure’s hybrid and edge strategy — and increasingly its hybrid AI strategy by delivering consistent operations, strong security, and flexible deployment models for distributed applications. TL;DR: New AKS Arc offering and features in 2025 AKS on Azure Local Disconnected Operations Public Preview AKS on Azure Local Small Form Factor Bare-Metal Private Preview Improvements to AKS on Azure Local Medium, including lifecycle, portability, additional GPU support and hardware support expansion. Improvements to AKS on Windows Server, improved platform reliability, security, and consistency through fixes to image packaging, dependency handling, node/agent synchronization, certificate and key management, error detection, telemetry and cleanup of stale resources 2-Node High Availability for AKS Arc at the edge Private Preview AI Foundry Local integration for offline/hybrid AI development KAITO on AKS Arc Public Preview for hybrid/edge model deployment Edge RAG on Azure Local Medium Arc Gateway for AKS Arc Public Preview KMS v2 for secrets encryption on AKS on Azure Local Medium Expanded GPU support for AKS Arc on Azure Local (RTX 6000 Ada GA, NVIDIA L-series Preview) AKS Container Apps on Azure Local Medium Public Preview AKS Edge Essentials release for improved stability and offline operations Arc-enabled Azure Monitor Pipeline, Workload Identity Federation, and Azure Container Storage enhancements Azure Linux 3.0 support, Key Vault Secret Store extension AKS on Azure Local: Evolving the Hybrid Managed Kubernetes Platform This year, AKS on Azure Local introduces several major enhancements that broaden where and how customers can deploy AKS as their managed Kubernetes platform at the edge. Disconnected Operations Public Preview AKS on Azure Local can now operate entirely offline, supporting customers in sovereign, regulated, or isolated environments. Clusters can be deployed, managed, and updated without continuous Azure connectivity, syncing only when connectivity is temporarily restored. Small Form Factor Bare-Metal Preview The new SFF edition brings AKS to compact industrial PCs and constrained retail or factory environments. It delivers bare-metal performance in a much smaller footprint, including optional GPU support for edge inferencing. Improvements to Azure Local Medium Azure Local Medium continues to mature with expanded hardware compatibility, improved lifecycle reliability, and better workload portability across cloud and local deployments — enabling enterprises to standardize on AKS across all tiers of infrastructure. 2-Node High Availability for the Edge For space- and cost-constrained environments, AKS Arc can support HA clusters with only two nodes, enabling robust production workloads in places where traditional 3-node clusters are not feasible. Operational Excellence with AKS Arc Enterprises operating distributed Kubernetes fleets will benefit from new governance and connectivity capabilities. AKS Arc Gateway Public Preview Arc Gateway simplifies hybrid connectivity by streamlining cluster onboarding and reducing required firewall rules. This creates a more secure and operationally efficient pattern for managing large fleets of Arc-enabled clusters. KMS v2 for Kubernetes secrets encryption at rest in etcd KMS v2 enhances Kubernetes secret encryption for hybrid and on-prem clusters, delivering improved reliability, stronger security boundaries, and consistency with Azure’s cloud-native cryptography approach. AKS as the Hybrid AI Application Platform AI is the defining theme of Ignite 2025 and AKS enabled by Azure Arc is now the foundation for deploying AI where the data resides. Organizations increasingly need to run AI models in datacenters, factories, field environments, and sovereign locations, and this year’s updates establish AKS Arc as Azure’s platform for distributed and offline AI workloads. AI Foundry Local: Build and Fine-Tune AI Models Anywhere AI Foundry Local brings Azure AI Foundry’s core capabilities: the curated model catalog, development tools, templates, and fine-tuning support into customer environments. It allows developers to run foundation models locally using optimized execution paths for GPUs, NPUs, and CPUs; fine-tune models with LoRA/QLoRA in regulated or offline scenarios; and package model artifacts for deployment on AKS clusters. This enables a complete hybrid AI development loop that works both online and fully disconnected. KAITO Public Preview on AKS Arc KAITO automates model serving across cloud, datacenter, and edge. Now available on AKS Arc, it provides one-click packaging, optimization, and deployment of models built in AI Foundry Local. Customers can run ONNX, Hugging Face, or custom models with edge-aware performance optimization across diverse hardware, including CPU-only and GPU-accelerated nodes. Expanded GPU Capabilities Hybrid AI workloads benefit from expanded GPU options, including general availability of the NVIDIA RTX 6000 Ada, preview support for NVIDIA L-series GPUs, and new GPU Partitioning (GPU-PV) support for efficient resource utilization. These capabilities make it possible to run high-performance inferencing and training workloads across a wide range of hybrid deployment scenarios. RAG on Azure Local: Bring Generative AI to On-Premises Data RAG (Retrieval-Augmented Generation) on Azure Local enables organizations to ground AI in their own on-premises data without moving information to the cloud. Delivered as a first-party Azure Arc extension, it provides an integrated retrieval pipeline for ingesting, indexing, and querying enterprise content stored in datacenters or edge locations. With support for hybrid search, multi-modal data, evaluation tooling, and responsible AI controls, organizations can build RAG applications that remain fully compliant with data sovereignty requirements while reducing latency and improving accuracy. By running the full RAG workflow locally — from retrieval to generation — customers can create intelligent applications that leverage proprietary documents, images, and other unstructured data directly within their secure environments. Expanding Application Capabilities at the Edge AKS Container Apps on the Edge A major milestone this year is the public preview of ACA on the edge, enabling teams to bring the simplicity of Azure Container Apps to Azure Local Medium. Developers can deploy AI-powered microservices, inference endpoints, and event-driven applications at the edge using the same ACA programming model used in Azure. AKS Edge Essentials The latest release improves cluster stability, enhances offline lifecycle operations, and strengthens both Linux and Windows support, making it easier to operate AKS at scale in constrained or intermittently connected environments. Enhanced Storage, Telemetry, and Security for Hybrid AI Distributed AI workloads require robust identity, storage, and observability patterns, and Ignite brings major updates in all three areas. The Arc-enabled Azure Monitor Pipeline improves telemetry ingestion across disconnected or segmented networks, caching data locally and syncing to Azure when connectivity is available. Workload Identity Federation for Arc enables secure, secret-less identity for workloads running at the edge. And Azure Container Storage enabled by Arc, now expanded for AKS Arc clusters, provides a high-performance persistent storage layer suited for vector stores, embedding caches, cloud ingest and mirror. Conclusion Ignite 2025 represents a major step forward for AKS enabled by Azure Arc as both a hybrid Kubernetes platform and a hybrid AI application platform. With disconnected operations, edge-native Container Apps, improved GPU acceleration, KAITO for unified model serving, AI Foundry Local for offline model development, and a fully consistent operational model across cloud, datacenter, and edge, AKS Arc now enables organizations to run their most critical cloud-native and AI workloads anywhere they operate. We look forward to continuing to support customers as they build the next generation of hybrid and edge AI applications.Accelerate your cloud migration journey with Azure Arc resource discovery in Azure Migrate (preview)
With Azure Migrate's new Arc-based discovery (preview), you can leverage your existing Arc-enabled servers and Arc-enabled SQL Server instances to quickly gain insights into: Migration readiness for Azure targets such as Azure VMs, Azure SQL Database, and Azure SQL Managed Instance. Savings potential for different migration strategies—all without deploying new on-premises infrastructure.Operate everywhere with AI-enhanced management and security
Farzana Rahman and Dushyant Gill from Microsoft discuss new AI-enhanced features in Azure that make it simpler to acquire, connect, and operate with Azure's management offerings across multiple clouds, on-premises, and at the edge. Key updates include enhanced management for Windows servers and virtual machines with Windows Software Assurance, Windows Server 2025 hotpatching support in Azure Update Manager, simplified hybrid environment connectivity with Azure Arc gateway, a multicloud connector for AWS, and Log Analytics Simple Mode. Additionally, Azure Migrate Business Case helps compare the total cost of ownership, and new Copilot in Azure capabilities that simplify cloud management and provide intelligent recommendations.Public Preview: Audit and Enable Windows Recovery Environment (WinRE) for Azure Arc-enabled Servers
Windows Recovery Environment is a secure, isolated partition that enables diagnostics and repair when a system encounters critical failures – such as a stop error (commonly known as the blue screen of death). WinRE provides a reliable fallback mechanism for mission-critical workloads, allowing IT administrators to recover systems quickly and securely. With this Public Preview, Azure Arc introduces a set of Azure Policies that allow organizations to audit and enable WinRE across their fleet of Arc-enabled Windows Servers. These policies are powered by the Machine Configuration component of the Azure Connected Machine agent, which ensures secure and compliant configuration enforcement. Through the Azure Policy, the Azure Connected Machine agent detects whether WinRE is configured and reports its health status. If WinRE is not configured and the WinRE partition has been provisioned, customers can enable WinRE through the Azure Policy. These Azure Policies are available at no additional cost for servers covered under: Windows Server 2012 Extended Security Updates (ESUs) Microsoft Defender for Servers Plan 2 Windows Server Software Assurance attestation Windows Server Pay-as-you-Go licensing For other servers, these policies will incur charges associated with Azure Machine Configuration. To get started, deploy and assign these Azure Policies to Azure Arc-enabled servers in your existing subscription. [Preview]: Audit Windows machines that do not have Windows Recovery Environment (WinRE) enabled [Preview]: Configure Windows Recovery Environment (WinRE) on Windows machines Auditing and enablement of WinRE through Azure Arc underscores the capability of Azure Arc to increasingly afford resiliency across hybrid, multicloud, and edge workloads.Welcoming the Next Wave at Build: New Partners Join the Azure Arc ISV Program
We are thrilled to announce the second round of partners joining the Azure Arc ISV Partner Program for Microsoft Build. Following its successful launch at Ignite last fall, this innovative program continues to grow, enabling partners to publish their offers on the Azure Marketplace for deployment to Arc-enabled Kubernetes clusters. With this new wave, we’re also expanding the solution landscape by introducing four new categories—Security, Networking & Service Mesh, API Infrastructure & Management, and Monitoring & Observability. These additions reflect the evolving needs of hybrid and multi-cloud environments and highlight the breadth of innovation our partners bring to the Azure Arc ecosystem. This new wave of collaborations marks a significant milestone in our journey to foster a vibrant ecosystem of innovation and excellence. This expansion marks a significant step forward in building a dynamic and innovative ecosystem that drives success for both customers and partners alike. What is Azure Arc? Azure Arc is the bridge that extends Azure to on-premises, edge, or even multi-cloud environments. It simplifies governance and management by delivering the consistency of the Azure platform. The ability to create offerings for Azure Arc in the marketplace is a significant benefit to our partners, allowing them to integrate with Azure services and tools and access a large and diverse customer base. Azure Arc enables partners to validate their applications and offer them to customers so they can manage their Kubernetes cluster on Azure. Edge developers can leverage these building blocks to develop their enterprise applications, and we aim to provide them with a one-stop shop in Azure Marketplace. Meet our partners The Azure Arc ISV Partner Program is focusing on expanding categories such as security, networking & service mesh, API infrastructure & management, monitoring & observability. We are excited to introduce our esteemed partners, HashiCorp, Traefik Labs, Solo.io, and Dynatrace, who have Arc-enabled their applications and will now be available on the Azure Marketplace. Here’s a closer look at their offerings: HashiCorp HashiCorp is a leading provider of infrastructure automation and security solutions for modern, dynamic IT environments. HashiCorp Vault Enterprise for Azure Arc enables organizations to manage access to secrets and protect sensitive data using identity-based security principles. As enterprises shift to hybrid and multi-cloud architectures, traditional perimeter-based security models fall short. Vault helps to address this challenge by authenticating every user and application, authorizing access based on identity and policy, encrypting secrets, and injecting just-in-time credentials. It also helps to automate the rotation of secrets, certificates, and encryption keys—reducing operational risk and improving compliance. By integrating with Azure Arc, Vault Enterprise can be deployed and managed alongside other Azure Arc-enabled services. This allows organizations to consistently enforce zero trust security practices—whether workloads run on-premises, in Azure, or in other cloud environments—while benefiting from centralized governance and compliance visibility through the Azure control plane. To deploy HashiCorp Vault Enterprise for Azure Arc, visit aka.ms/HashiCorpForAzureArc. To learn more about HashiCorp Vault Enterprise on Azure Arc, visit HashiCorp Vault Traefik Labs Traefik for Azure Arc empowers organizations to modernize and scale their AI and API runtime infrastructure across any Kubernetes in hybrid and multi-cloud environments. With over 3.3 billion downloads and 250,000+ production nodes globally, Traefik can be deployed in three modular and progressive phases—Application Proxy, API & AI Gateway, and API Management—meeting users where they are on their journey and enabling seamless transitions without vendor lock-in or disruptive migrations. Traefik helps deliver zero-config service discovery across Kubernetes and other orchestrators, efficiently replacing legacy tools with simplified traffic routing and management. As needs grow, they more easily transition to comprehensive AI and API Gateway capabilities with centralized authentication and authorization, semantic caching for AI workloads, and data governance for responsible AI deployments. The final evolution helps introduce complete API governance, observability, self-service developer portals, and instant mock APIs—enabling unified management across both traditional and AI-enabled services without disruptive architectural changes. By combining Azure Arc with Traefik, organizations gain more unified control over API and AI workloads, enhanced by features like semantic caching and content guard. This integration helps bridge fragmented environments, accelerates deployment, and enable clearer versioning boundaries—fundamental for scaling AI and API services across distributed systems. To deploy Traefik for Azure Arc, visit aka.ms/TraefikForAzureArc. To learn more about Traefik for Azure Arc and get started, visit aka.ms/TraefikForArcJumpstart. Solo.io Solo.io is a leading provider of service mesh and API infrastructure solutions for cloud-native applications. Istio for Azure Arc, powered by Solo.io, helps deliver an enterprise-grade service mesh experience through Istio in Ambient Mode—specifically optimized for Azure Arc-enabled Kubernetes clusters. This modern, sidecar-less architecture helps to simplify deployment, reduces operational overhead, and improves resource efficiency while maintaining Istio’s advanced capabilities. The solution provides robust Layer 7 traffic management, zero-trust security with mutual TLS and fine-grained authorization, and deep observability through distributed tracing and logging. It’s ideal for IT operations, DevOps, and security teams managing workloads in regulated industries like finance, healthcare, retail, and technology—where resilience, security, and visibility are important. By using Istio for Azure Arc, organizations can deploy and manage service mesh consistently across hybrid and multi-cloud environments, accelerating application delivery while maintaining control and compliance. To deploy Istio for Azure Arc, visit aka.ms/IstioForAzureArc. To learn more about Istio for Azure Arc, visit Istio by Solo.io. Dynatrace Dynatrace is a leading provider of AI-driven monitoring and performance analytics solutions. Dynatrace Operator helps streamlines your processes, gains insights, and accelerates innovation with its powerful AI-driven platform. Now available through the Microsoft Azure Marketplace, this solution more easily integrates with your Microsoft ecosystem—from Azure to Arc-enabled Kubernetes Service and beyond. With Dynatrace Operator, you can build custom apps and automations tailored to your unique business needs, empowering you to work smarter, not harder. Visualize and fully understand your entire Hybrid cloud ecosystem in real time, plus benefit from automated identification and illustration of application dependencies and their underlying infrastructure, delivering enriched, contextualized data for more informed decisions. Designed to help enterprises automate, analyze, and innovate faster, Dynatrace Operator is your key to unlocking efficiency and growth. By combining Azure Arc with Dynatrace Operator, organizations can deploy and manage monitoring and performance analytics consistently across hybrid and multi-cloud environments, accelerating application delivery while maintaining control and compliance. To deploy Dynatrace Operator for Azure Arc, visit aka.ms/DynatraceOperatorForArc. To learn more about Dynatrace Operator for Azure Arc, visit Dynatrace | Kubernetes monitoring. Become an Arc-enabled Partner These partners have collaborated with Microsoft to join our ISV ecosystem, helping provide resilient and scalable applications more readily accessible for our Azure Arc customers via the Azure Marketplace. Joining forces with Microsoft enables partners to stay ahead of the technological curve, strengthen customer relationships, and contribute to transformative digital changes across industries. We look forward to expanding this program to include more ISVs, enhancing the experience for customers using Arc enabled Kubernetes clusters. As we continue to expand our Azure Arc ISV Partner Program, stay tuned for more blogs on the new partners being published to the Azure Marketplace. To reach out and learn more about the Azure Arc ISV Partner Program visit: What is the Azure Arc ISV Partner program? or reach out to us at https://aka.ms/AzureArcISV.Arc Jumpstart Newsletter: April 2025 Edition
We’re thrilled to bring you the latest updates from the Arc Jumpstart team in this month’s newsletter. Whether you are new to the community or a regular Jumpstart contributor, this newsletter will keep you informed about new releases, key events, and opportunities to get involved in within the Azure Adaptive Cloud ecosystem. Check back each month for new ways to connect, share your experiences, and learn from others in the Adaptive Cloud community.Arc Jumpstart Newsletter: March 2025 Edition
We’re thrilled to bring you the latest updates from the Arc Jumpstart team in this month’s newsletter. Whether you are new to the community or a regular Jumpstart contributor, this newsletter will keep you informed about new releases, key events, and opportunities to get involved in within the Azure Adaptive Cloud ecosystem. Check back each month for new ways to connect, share your experiences, and learn from others in the Adaptive Cloud community.Announcing Private Preview: ArgoCD through Microsoft GitOps
We're excited to announce the Private Preview for Microsoft GitOps ArgoCD. Delivered as a cluster extension across Azure Kubernetes Service (AKS) and Azure Arc-enabled Kubernetes, Microsoft GitOps delivers a consistent and robust management, security, and deployment experience for ArgoCD across your heterogeneous environments. This capability complements Microsoft GitOps existing support for Flux, which is currently in General Availability. By signing up for the Private Preview, you'll get access to the ArgoCD cluster extension and the opportunity to connect with and provide feedback to the Microsoft GitOps product group. Sign up today at https://aka.ms/MicrosoftGitOpsPreviewSignup. Advantages of the current Microsoft GitOps experience for ArgoCD include: Simplified, templatized deployment as a cluster extension Managed and automated upgrade reducing overhead Official supportability and security for enterprise readiness Integration with Azure identity and authentication We look forward to continuing to deliver on an exceptional Microsoft GitOps experience across ArgoCD and Flux for customers running containerized workloads not only on Azure, but also on on-premises and other public clouds through Azure Arc.
