Observability for the Age of Generative AI
Every generation of computing brings new challenges in how we monitor and trust our systems. With the rise of Generative AI, applications are no longer static code—they’re living systems that plan, reason, call tools, and make choices dynamically. Traditional observability, built for servers and microservices, simply can’t tell you when an AI agent is correct, safe, or cost-efficient. We’re reimagining observability for this new world. At Ignite, we introduced the next wave of Azure Monitor and AI Foundry integration—purpose-built for GenAI apps and agents. End-to-End GenAI Observability Across the AI Stack Customers can see not just whether their systems are up or fast, but also whether their agent responses are accurate. Azure Monitor, in partnership with Foundry, unifies agent telemetry with infrastructure, application, network, and hardware signals—creating a true end-to-end view that spans AI agents, the services they call, and the compute they run on. New capabilities include: Agent Overview Dashboard in Grafana and Azure – Gain a unified view of one or more GenAI agents, including success rate, grounding quality, safety violations, latency, and cost per outcome. Customize dashboards in Grafana or Azure Monitor Workbooks to detect regressions instantly after a model or prompt change—and understand how those changes affect user experience and spend. AI-Tailored Trace View – Follow every AI decision as a readable story: plan → reasoning → tool calls → guardrail checks. Identify slow or unsafe steps in seconds, without sifting through thousands of spans. AI-Aware Trace Search by Attributes – Search, sort, and filter across millions of runs using GenAI-specific attributes like model ID, grounding score, or cost. Find the “needle” in your GenAI haystack in a single query. Foundry Low-Code Agent Monitoring – Agents created through Foundry’s visual, low-code interface are now automatically observable. Without writing a single line of code, you can track reliability, safety, and cost metrics from day one. Full-Stack Visibility Across the AI Stack – All evaluations, traces, and red-teaming results are now published to Azure Monitor, where agent signals correlate seamlessly with infrastructure KPIs and application telemetry to deliver a unified operational view. Check out our get started documentation. Powered by OpenTelemetry Innovation This work builds directly on the new OpenTelemetry extensions announced in our recent Azure AI Foundry blog post. Microsoft is helping define the OpenTelemetry agent specification, extending it to capture multi-agent orchestration traces, LLM reasoning context, and evaluation signals—enabling interoperability across Azure Monitor, AI Foundry, and partner tools such as Datadog, Arize, and Weights & Biases. By building on open standards, customers gain consistent visibility across multi-cloud and hybrid AI environments—without vendor lock-in. Built for Enterprise Scale and Trust With open standards and deep integration between Azure Monitor and AI Foundry, organizations can now apply the same discipline they use for traditional applications to their GenAI workloads, complete with compliance, cost governance, and quality assurance. GenAI is redefining what it means to operate software. With these innovations, Microsoft is giving customers the visibility, control, and confidence to operate AI responsibly, at enterprise scale.Generally Available - Azure Monitor Private Link Scope (AMPLS) Scale Limits Increased by 10x!
Introduction We are excited to announce the General Availability (GA) of Azure Monitor Private Link Scope (AMPLS) scale limit increase, delivering 10x scalability improvements compared to previous limits. This enhancement empowers customers to securely connect more Azure Monitor resources via Private Link, ensuring network isolation, compliance, and Zero Trust alignment for large-scale environments. What is Azure Monitor Private Link Scope (AMPLS)? Azure Monitor Private Link Scope (AMPLS) is a feature that allows you to securely connect Azure Monitor resources to your virtual network using private endpoints. This ensures that your monitoring data is accessed only through authorized private networks, preventing data exfiltration and keeping all traffic inside the Azure backbone network. AMPLS – Scale Limits Increased by 10x in Public Cloud & Sovereign Cloud (Fairfax/Mooncake) - Regions In a groundbreaking development, we are excited to share that the scale limits for Azure Monitor Private Link Scope (AMPLS) have been significantly increased by tenfold (10x) in Public & Sovereign Cloud regions as part of the General Availability! This substantial enhancement empowers our customers to manage their resources more efficiently and securely with private links using AMPLS, ensuring that workload logs are routed via the Microsoft backbone network. What’s New? 10x Scale Increase Connect up to 3,000 Log Analytics workspaces per AMPLS (previously 300) Connect up to 10,000 Application Insights components per AMPLS (previously 1,000) 20x Resource Connectivity Each Azure Monitor resource can now connect to 100 AMPLS resources (previously 5) Enhanced UX/UI Redesigned AMPLS interface supports loading 13,000+ resources with pagination for smooth navigation Private Endpoint Support Each AMPLS object can connect to 10 private endpoints, ensuring secure telemetry flows Why It Matters Top Azure Strategic 500 customers, including major Telecom service providers and Banking & Financial Services organizations, have noted that previous AMPLS limits did not adequately support their increasing requirements. The demand for private links has grown 3–5 times over existing capacity, affecting both network isolation and integration of essential workloads. This General Availability release resolves these issues, providing centralized monitoring at scale while maintaining robust security and performance. Customer Stories Our solution now enables customers to scale their Azure Monitor resources significantly, ensuring seamless network configurations and enhanced performance. Customer B - Case Study: Leading Banking & Financial Services Customer Challenge: The Banking Customer faced complexity in delivering personalized insights due to intricate workflows and content systems. They needed a solution that could scale securely while maintaining compliance and performance for business-critical applications. Solution: The Banking Customer has implemented Microsoft Private Links Services (AMPLS) to enhance the security and performance of financial models for smart finance assistants, leading to greater efficiency and improved client engagement. To ensure secure telemetry flow and compliance, the banking customer implemented Azure Monitor with Private Link Scope (AMPLS) and leveraged the AMPLS Scale Limit Increase feature. Business Impact: Strengthened security posture aligned with Zero Trust principles Improved operational efficiency for monitoring and reporting Delivered a future-ready architecture that scales with evolving compliance and performance demands Customer B - Case Study: Leading Telecom Service Provider - Scaling Secure Monitoring with AMPLS Architecture: A Leading Telecom Service Provider employs a highly micro-segmented design where each DevOps team operates in its own workspace to maximize security and isolation. Challenge: While this design strengthens security, it introduces complexity for large-scale monitoring and reporting due to physical and logical limitations on Azure Monitor Private Link Scope (AMPLS). Previous scale limits made it difficult to centralize telemetry without compromising isolation. Solution: The AMPLS Scale Limit Increase feature enabled the Telecom Service Provider to expand Azure Monitor resources significantly. Monitoring traffic now routes through Microsoft’s backbone network, reducing data exfiltration risks and supporting Zero Trust principles. Impact & Benefits Scalability: Supports up to 3,000 Log Analytics workspaces and 10,000 Application Insights components per AMPLS (10× increase). Efficiency: Each Azure Monitor resource can now connect to 100 AMPLS resources (20× increase). Security: Private connectivity via Microsoft backbone mitigates data exfiltration risks. Operational Excellence: Simplifies configuration for 13K+ Azure Monitor resources, reducing overhead for DevOps teams. Customer Benefits & Results Our solution significantly enhances customers’ ability to manage Azure Monitor resources securely and at scale using Azure Monitor Private Link Scope (AMPLS). Key Benefits Massive Scale Increase 3,000 Log Analytics workspaces (previously 300) 10,000 Application Insights components (previously 1,000) Each AMPLS object can now connect to: Azure Monitor resources can now connect with up to 100 AMPLS resources (20× increase). Broader Resource Support - Supported resource types include: Data Collection Endpoints (DCE) Log Analytics Workspaces (LA WS) Application Insights components (AI) Improved UX/UI Redesigned AMPLS interface supports loading 13,000+ Azure Monitor resources with pagination for smooth navigation. Private Endpoint Connectivity Each AMPLS object can connect to 10 private endpoints, ensuring secure telemetry flows. Resources: Explore the new capabilities of Azure Monitor Private Link Scope (AMPLS) and see how it can transform your network isolation and resource management. Visit our Azure Monitor Private Link Scope (AMPLS) documentation page for more details and start leveraging these enhancements today! For detailed information on configuring Azure Monitor private link scope and azure monitor resources, please refer to the following link: Use Azure Private Link to connect networks to Azure Monitor - Azure Monitor | Microsoft Learn Design your Azure Private Link setup - Azure Monitor | Microsoft Learn Configure your private link - Azure Monitor | Microsoft Learn
Announcing Azure DNS security policy with Threat Intelligence feed general availability
Azure DNS security policy with Threat Intelligence feed allows early detection and prevention of security incidents on customer Virtual Networks where known malicious domains sourced by Microsoft’s Security Response Center (MSRC) can be blocked from name resolution. Azure DNS security policy with Threat Intelligence feed is being announced to all customers and will have regional availability in all public regions.Advancing Full-Stack Observability with Azure Monitor at Ignite 2025
New AI-powered innovations in the observability space First, we’re excited to usher in the era of agentic cloud operations with Azure Copilot agents. At Ignite 2025, we are announcing the preview of the Azure Copilot observability agent to help you enhance full-stack troubleshooting. Formerly “Azure Monitor investigate”, the observability agent streamlines troubleshooting across application services and resources such as AKS and VMs with advanced root cause analysis in alerts, the portal, and Azure Copilot (gated preview). By automatically correlating telemetry across resources and surfacing actionable findings, it empowers teams to resolve issues faster, gain deeper visibility, and collaborate effectively. Learn more here about the observability agent and learn about additional agents in Azure Copilot here. Additionally, with the new Azure Copilot, we are streamlining agentic experiences across Azure. From operations center in the Azure portal, you can get a single view to navigate, operate and optimize your environments and invoke agents in your workflows. You also get suggested top actions within the observability blade of operations center to prioritize, diagnose and resolve issues with support from the observability agent. Learn more here. In the era of AI, more and more apps are now AI apps. That’s why we’re enhancing our observability capabilities for GenAI and agents: Azure Monitor brings agent-level visibility and control into a single experience in partnership with Observability in Foundry Control Plane through a new agent details view (public preview) showcasing success metrics, quality indicators, safety checks, and cost insights in one place. Simplified tracing also transforms every agent run into a reasonable, plan-and-act narrative for faster understanding. On top of these features, the new smart trace search enables faster detection of anomalies—such as policy violations, unexpected cost spikes, or model regressions—so teams can troubleshoot and optimize with confidence. These new agentic experiences build upon a solid observability foundation provided by Azure Monitor. Learn more here. We’re making several additional improvements in Azure Monitor: Simplified Onboarding & More Centralized Visibility Streamlined onboarding: Azure Monitor now offers streamlined onboarding for VMs, containers, and applications with sensible defaults and abstraction layers. This means ITOps teams can enable monitoring across environments in minutes, not hours. Previously, configuring DCRs and linking Log Analytics workspaces was a multi-step process; now, you can apply predefined templates and scale monitoring across hundreds of VMs faster than before. Centralized dashboards: A new monitor overview page in operations center consolidates top suggested actions and Azure Copilot-driven workflows for rapid investigation. Paired with the new monitoring coverage page (public preview) in Azure Monitor, ITOps can quickly identify gaps based on Azure Advisor recommendations, enable VM Insights and Container Insights at scale, and act on monitoring recommendations—all from a single pane of glass. Learn more here. Richer visualizations: Azure Monitor dashboards with Grafana are now in GA, delivering rich visualizations and data transformation capabilities on Prometheus metrics, Azure resource metrics, and more. Learn more here. Cloud to edge visibility: With expanded support for Arc-enabled Kubernetes with OpenShift and Azure Red Hat OpenShift in Container Insights and Managed Prometheus, Azure Monitor offers an even more complete set of services for monitoring the health and performance of different layers of Kubernetes infrastructure and the applications that depend on it. Learn more here. Advanced Logs, Metrics, and Alert Management Logs & metrics innovations: Azure Monitor now supports the log filtering and transformation (GA), as well as the emission of logs to additional destinations (public preview) such as Azure Data Explorer and Fabric—unlocking real-time analytics and more seamless data control. Learn more here. More granular access for managing logs: Granular RBAC for Log Analytics workspaces ensures compliance and least privilege principles across teams, now in general availability. Learn more here. Dynamic thresholds for log search alerts (public preview): Now you can apply the advanced machine learning methods of dynamic threshold calculations to enhance monitoring with log search alerts. Learn more here. Query-based metric alerts (public preview): Get rich and flexible query-based alerting on Prometheus, VM Guest OS, and custom OTel metrics to reduce complexity and unblock advanced alerting scenarios. Learn more here. OpenTelemetry Ecosystem Expansion Azure Monitor doubles down on our commitment to OpenTelemetry with expanded support for monitoring applications deployed to Azure Kubernetes Service (AKS) by using OTLP for instrumentation and data collection. New capabilities include: Auto-instrumentation with the Azure Monitor OpenTelemetry distro for Java and NodeJS apps on AKS (public preview): this reduces friction for teams adopting OTel standards and ensures consistent telemetry across diverse compute environments. Auto-configuration for apps on AKS in any language already instrumented with the open-source OpenTelemetry SDK to emit telemetry to Azure Monitor. Learn more here. Additionally, we are making it easier to gain richer and more consistent visibility across Azure VMs and Arc Servers with OpenTelemetry visualizations, offering standardized system metrics, per-process insights, and extensibility to popular workloads on a more cost-efficient and performant solution. Learn more here. Next Steps These innovations redefine observability from cloud to edge—simplifying onboarding, accelerating troubleshooting, and embracing open standards. For ITOps and DevOps teams, this means fewer blind spots, faster MTTR, and improved operational resilience. Whether you’re joining us at Microsoft Ignite 2025 in-person or online, there are plenty of ways to connect with the Azure Monitor team and learn more: Attend breakout session BRK149 for a deep dive into Azure Monitor’s observability capabilities and best practices for optimizing cloud resources. Attend breakout session BRK145 to learn more about how agentic AI can help you streamline cloud operations and management. Attend breakout session BRK190 to learn about how Azure Monitor and Microsoft Foundry deliver an end-to-end observability experience for your AI apps and agents. Join theater demo THR735 to see a live demo on monitoring AI agents in production. Connect with Microsoft experts at the Azure Copilot, Operations, and Management expert meet-up booth to get your questions answered.The new frontier of data for the next generation of innovation
A decade ago, an agent that could gather insights from data, trigger actions and make intelligent decisions was science fiction. Today, that kind of intelligent technology is not only possible, but it’s becoming a business requirement. Enterprises must find new and meaningful ways to propel AI innovation that meets customer and business needs. The next generation of innovation requires a data foundation that is unified, secure, and addresses persistent challenges of latency, rigidity, and complexity, while infusing data with AI to optimize performance and accelerate development. This week at Ignite, Microsoft is taking a bold step toward making a future-ready data foundation a reality, unveiling innovations that deliver performance, scale and flexibility, and bridge the gap between analytical intelligence and operational agility. The innovations we’re announcing are catalysts for businesses to modernize faster and build the intelligent applications of tomorrow. By leveraging a unified data strategy on Azure, BMW is much closer to their goal of predictive maintenance for vehicles and smart factories. With these releases announced today at Ignite, Azure is poised to deliver a resilient, scalable, and AI-integrated data foundation that will help you unlock innovation at scale. Modeling a future-proofed data platform A future-proofed data platform should deliver performance at scale, flexibility and openness, unified operations and analytics, streamlined management, and seamless integration with developer tools, all backed by security and trust. The innovations we’re announcing reflect these priorities. Performance at any scale We’re releasing performance enhancements across the database portfolio that let users easily scale performance to support intelligent agents and applications that can stand apart in any industry. These new features enable applications backed by Microsoft databases to seamlessly handle massive throughput and global user loads without performance bottlenecks. Introducing Azure HorizonDB We’re excited to unveil Azure HorizonDB in private preview, a new fully managed PostgreSQL service built for performance and AI workloads that will offer scaling up to 192 virtual cores and 128 TB of storage. Azure HorizonDB is built for business and engineered for developers. Ultra-low latency, high read scale, built in AI, and deep integration with developer tools including GitHub Copilot delivers performance, resilience and simplicity at any scale. With HorizonDB, teams can: Build AI apps that perform at scale with advanced DiskANN vector indexing, pre-provisioned AI models, semantic search, and unified support for relational and graph data. Accelerate app development with built-in extensions, including the PostgreSQL extension for Visual Studio (VS) Code integrated with GitHub Copilot. GitHub Copilot in VS Code is context aware of PostgreSQL and includes one-click performance debugging. Unlock data insights with deep integrations with Microsoft Fabric and Microsoft Foundry. Expect reliability with a service that is enterprise ready on day one, integrated with Entra ID, Private Link networking, and Azure Defender for Cloud. Perfecting performance across the portfolio We’re also addressing cloud-ready performance and scaling needs in Azure Database for PostgreSQL and Azure SQL. Elastic Clusters for Azure Database for PostgreSQL, now generally available, enables developers to easily scale a single database across a cluster of read and write nodes using a simple SQL command. Additionally, new v6 SKUs, which support up to 192 vCores, and general availability of PostgreSQL 18 gives Azure Database for PostgreSQL users a potent performance boost. With the release of the next-generation Azure SQL Managed Instance, we’re helping you modernize SQL Server in the cloud with better performance and easier migration. You’ll now have access to the latest technology, unlocking better performance and scale with more storage and database capacity. Flexible compute, storage and memory options also enhance the ROI of migration and offer broad compatibility for unique workload demands. Multi-modal, flexible and open A comprehensive data strategy isn’t one-size fits all. Openness and flexibility are core tenants of a future-ready data platform. Flexibility means you get to choose the deployment model that works for your business, whether it’s on-premises, cloud only or hybrid. Beyond having flexibility for where your data lives, the modern data platform should also support multiple data models and open APIs to reduce complexity and enable extensibility as workload needs and team resources evolve. That’s why Azure fully embraces, supports, and contributes to open-source innovation. Meet the new Azure DocumentDB We’re excited to announce the general availability of Azure DocumentDB, the new name for our MongoDB-compatible NoSQL document database service with hybrid and multi-cloud flexibility. Powered by the open-source DocumentDB engine managed by the Linux Foundation, Azure DocumentDB is designed for enterprise workloads with the flexibility to build anywhere and run managed on Azure. It includes native vector search powered by DiskANN and full-text search, and it supports advanced search scenarios that combine fuzzy search and BM25 ranking for smarter, more accurate query results. Support for translytical workloads A translytical data platform is designed to support both transactional and analytical workloads. This combo is crucial for responsive, real-time AI applications. A future-proofed data strategy should natively bridge operational data and analytical insight; a capability we’re delivering with Microsoft Fabric. Unifying data with Fabric databases Fabric databases are now generally available, bringing together SQL database and Cosmos DB inside Microsoft Fabric. Built natively into Microsoft Fabric, Fabric databases bridge the gap between traditional databases and data lakes, enabling real-time analytics, transactional processing, and AI workloads to run side by side in one governed environment. Every Fabric Database automatically connects to your organizational data mesh, ready for Power BI, AI, and Copilot experiences. Replicating databases with zero ETL, in near real time, with mirroring If you prefer to keep your operational databases where they are, you can still take advantage of Fabric’s unified data foundation with database mirroring, which is now generally available in Microsoft Fabric, supporting SQL Server, Azure Cosmos DB, and Azure Database for PostgreSQL. With mirroring, you can replicate these databases in Fabric for business analytics and AI scenarios without migrating or refactoring. Several early adopters are already experiencing real results with Fabric Databases and mirroring. AP Pension, a Danish pension fund, has consolidated decades of fragmented data using Microsoft Fabric, enabling a unified, governed analytics platform for actuarial, finance, and development teams. With Fabric, they’ve built a centralized medallion architecture, automated data delivery via APIs, and supported real-time write-back from Power BI through SQL Databases — all with strong governance and security baked in. General availability of SQL Server 2025 SQL Server 2025 is now generally available following an outstanding preview with 10,000 participating organizations, double the download rates of SQL Server 2022, and more than one million databases created so far. Built on SQL Server’s foundation of trusted security, performance and availability, SQL Server 2025 redefines what's possible for enterprise data. With built-in AI and developer-first enhancements, SQL Server 2025 empowers customers to accelerate AI innovation using the data they already have, securely and at scale, all within SQL Server using the familiar T-SQL language. AI at the core We believe that AI is a force multiplier for the data platform itself, so every Azure database is deeply embedded with AI capabilities transforming them from passive data stores into active, intelligent engines for AI-powered applications. Azure databases are built to understand, reason and act, which translates to faster, more accurate search, smarter recommendations, streamlined developer workflows, and the ability to power agentic and generative AI workloads without friction. Azure SQL integrates DiskANN DiskANN, Microsoft’s cutting-edge vector search algorithm, is now natively integrated into SQL Server 2025, Azure SQL Database and Azure SQL Managed Instance. DiskANN delivers fast, scalable, and highly accurate approximate nearest neighbor (ANN) search, handling millions to billions of vectors with low latency and high recall. This enables developers to build intelligent, AI-powered applications more efficiently directly within the database engine, eliminating the need for external vector databases and simplifying the architecture for future AI-native apps. Azure Cosmos DB supercharged by AI Azure Cosmos DB continues to evolve as the backbone for AI-powered, globally distributed applications. At Ignite, we’re introducing a new wave of enhancements that make vector search, text retrieval, and semantic relevance faster, more intuitive, and more intelligent for modern AI workloads. One of the biggest improvements comes from advancements in Azure Cosmos DB vector search powered by DiskANN. The latest engine optimizations significantly boost throughput and reduce latency for vector insert and update operations. Additional enhancements include: General availability of fuzzy search in Azure Cosmos DB full-text search, which enables more flexible text matching. General availability of Azure Cosmos DB Fleets, allowing multi-tenant apps to share throughput capacity across multiple database accounts while maintaining full security and performance isolation for their tenants. Public preview of fleet analytics that provide insights for multi-tenant workload optimization and growth planning. Azure Database for PostgreSQL optimizes developer experiences We’ve also made improvements to Azure Database for PostgreSQL to help developers streamline their workflows and build and scale next-gen AI solutions faster with confidence. The PostgreSQL extension for Visual Studio (VS) Code, now generally available, seamlessly unifies DBA and developer workflows for PostgreSQL databases—on Azure or anywhere. The improved extension, which already reached more than 250K installs in preview, gives developers a familiar, productive environment to work with PostgreSQL, complete with Azure AD authentication and GitHub Copilot AI assistance for SQL coding. Azure Database for PostgreSQL is also now natively integrated with Microsoft Foundry, enabling developers to build intelligent, secure AI apps and agents with minimal friction. Grounded in security and trust Innovation shouldn’t come at the expense of security. A unified data platform should have end-to-end governance and security built in for enterprise-grade resilience as you build what’s next. At Microsoft, we continue to deliver a secure cloud environment for your data with features like Microsoft Purview for data governance and unified identity and access controls across the entire Azure data estate. Most recently, we’ve announced: Access token refresh with Entra ID for Azure Database for PostgreSQL, which enables database connections using AD credentials to automatically renew tokens, eliminating disruptions and ensuring strong identity-based security without added complexity. Confidential Compute in Azure Database for PostgreSQL, which provides access to Confidential Virtual Machines (CVMs) to protect sensitive data even during processing. The next frontier of data is here BMW has already begun to embrace the next frontier of data. They modernized their Mobile Data Recorder (MDR) system on Azure to deploy multi-agent AI that enables their engineers to instantly analyze telemetry data. Azure Cosmos DB provides persistent storage for chat conversations and memory, while Azure Database for PostgreSQL supports structured telemetry analysis and feedback mechanisms. Both integrate seamlessly with Microsoft Foundry Agent Service, which BMW leverages to orchestrate specialized agents. This solution helped them deliver insights 12x faster, embed AI-driven workflows into daily engineering, and accelerate innovation across their global operations. As someone who’s seen data technology evolve, I’m excited about how the latest capabilities and integrations across the Azure database portfolio simplify architectures while opening new doors. They represent Microsoft’s commitment to helping customers innovate with a unified, intelligent data estate. The organizations that lead in the AI era will be those that have their data house in order; our goal at Microsoft is to give you the keys to that house. With a unified data platform, you’re not just solving today’s problems—you’re building a foundation for endless innovation. Join us online or in person at Microsoft Ignite November 18—21, 2025, to see these announcements in action and get insights on building your own future-ready data strategy.
