Your target end-state: Azure landing zones conceptual architecture
By: DomAllen, Senior Program Manager and Jeff_Mitchell_MSFT, Principal Cloud Solution Architect Customers today recognize the cloud enables digital transformation for the enterprise, while consistently meeting unique requirements for business growth. Cloud services are deployed at hyperscale, allowing you to consistently manage and optimize governance and operations management controls beyond on-premises environments—extending unified management across any infrastructure to multicloud and the edge. To help you prepare for your cloud adoption journey, we are excited to announce the availability of Azure landing zone conceptual architecture—your environment's strategic design path and target technical state. It represents scale and maturity decisions based on experiences and feedback from customers who have successfully adopted Azure. To realize the value of the agility the cloud can provide, we recommend that environments be implemented to enable consistent scale—while meeting your business needs by creating consistent ways to govern and manage resources, not just by type, but also by organization, cost, and security. Besides designing an architectural platform, you must implement and maintain the platform and design a systematic architectural and technical delivery approach to building patterns for success on the platform. We recommend developing a continuous engineering loop to ensure that environment lifecycles align with the Azure roadmap. Your process should validate new services in the context of enterprise controls—and it should deliver its learnings back to the platform, inputs for future iterations. Azure landing zone conceptual architecture Through a landing zone accelerator approach and a reference implementation, you enable the effective construction and operationalization of landing zones on Azure—at scale, aligned with the Azure roadmap and Microsoft Cloud Adoption Framework for Azure. Landing zone accelerator architecture represents the strategic design path and target technical state of your Azure environment. The architecture will continue evolving with the Azure platform, ultimately shaped by design decisions that are aligned with the architectural implementation best practices to safeguard your Azure journey. Not all organizations adopt Azure in the same way. Enterprise-scale landing zone architectures, (as illustrated in Figure 1 below) might vary between customers, depending on enterprise requirements. Varied design considerations and recommendations might yield different trade-offs, depending on your organization's cloud adoption path. Variation along your path is expected—but if you follow core recommendations, the target architecture that results will set you on a path to sustainable scale on Azure. Figure 1 You can download PDF files of the Azure landing zone conceptual architecture diagrams with: Virtual WAN (PDF) network topology Traditional Azure network topology based on hub-and-spoke (PDF) architecture or download a Visio diagram (VSDX) file with a diagram of both Virtual WAN and hub-and-spoke architectures. Getting your environment ready, faster: Azure landing zone accelerator Azure landing zone accelerator enables your organization to make templatized landing zone deployments, with baked-in, repeatable best practices for governance, security, and compliance and it comes with a set of design principles for managing the platform at scale. These principles serve as a compass for subsequent design decisions across critical technical domains. Deploy the Azure landing zone accelerator (see Figure 2, below) directly within the Azure portal to speed up your implementation—allowing you to customize environment configurations for compliance, security, and operations management controls. GitHub integration will help your team to set up CI/CD pipelines—if your cloud operating model includes Infrastructure as Code (IaC) DevOps practices for infrastructure management. Figure 2 While your organization may have already adopted third party automation toolchain products, you may need to start with a smaller implementation of the Azure landing zone conceptual architecture. Explore more open source and partner landing zone implementation options. Start, align, and enhance your landing zone Our conversations with customers and partners help us recognize that organizations may be at different stages along their cloud journey when reviewing landing zone implementation options. The deployment recommendations that advance your specific, strategic design path and target technical state will match the stage you're in along your cloud path. Get started with the best next steps for your own cloud adoption path, and review your journey to the target architecture. Some organizations with a conceptual architecture matching the operating model and resource structure they plan to use can launch the ready-to-deploy experience with the Azure landing zone accelerator. Picture Azure landing zone guidance as a large highway that leads to the cloud (your target architecture). You're whizzing down this long and spacious-laned highway, and you see on-ramps and exits flashing by. Your highway will have several onramps feeding into its large asphalt path towards cloud adoption. Three points reflect the most common customer journeys—customer experiences centering on three landing zone implementation stages: Start, Align, and Enhance. Start is for those beginning their cloud adoption journey—who wish to develop a new cloud environment, without dependencies—where no production workloads are deployed. Perhaps, to begin with—your organization might have a blank sheet of paper, and you're looking for the best route to get to your target end-state— the target technical state and strategic design path that guides the very beginning of your cloud adoption—always in alignment with the conceptual architecture. Launch the ready-to-deploy experience with the Azure landing zone accelerator, explore various other design area topics that help you determine where you need to customize, and explore other implementation options within Azure landing zones. Align is for those who have already implemented services in Azure. Perhaps your organization is looking for ways to change your environment to more closely resemble the conceptual architecture. We see a growing trend of organizations that might undergo requirements to introduce controls or design patterns because of a new workload being deployed. This would require specific environment configurations able to meet business or compliance requirements. We recognize cloud environments are never static implementations. As your unique business requirements change (or your team's capabilities expand), configurations of landing zones may need to iterate. For example, as your organization begins its cloud journey, it may choose to run with a baseline security configuration (made necessary by business requirements) to run a workload in the cloud. This may expand over time to require more sophisticated security services like Azure Sentinel to address more detailed security requirements. Enhance represents the cusp of the Ready methodological approach and the continuous deployment of consistent, unified security, governance, and operational management controls supported by the methodologies of Secure, Manage, and Govern within the Microsoft Cloud Adoption Framework for Azure. We’re excited about new updates to our Azure landing zone guidance in the Cloud Adoption Framework—about its potential to prepare for, and unlock, your successful and balanced digital transformation. Some organizations with conceptual architectures matching the operating model and resource structure they plan to use will launch the ready-to-deploy Azure landing zone accelerator experience—with baked in governance, compliance, and security. Other organizations, already in line with best practices—looking to add additional controls or features, may forge ahead and enhance guidance for management, governance, or security. These technical considerations are part of maturing key ongoing processes for cloud environments, like management, governance, and security. Learn more about Azure landing zone conceptual architecture—or get started deploying the Azure landing zone accelerator (see Figure 2, above) directly within the Azure portal to accelerate your implementation, and customize environment configurations for compliance, security, and operations management controls. Or, simply benefit from deployments providing a full implementation of the conceptual architecture, with ready-to-deploy configurations for key components such as management groups and policies. Check out our Channel 9 episodes on Azure landing zones today, on IT Ops Talk and the Azure Enablement Show!Migrate or modernize your applications using Azure Migrate
Introduction The journey to the cloud is an essential step for modern enterprises looking to leverage the benefits of security, innovation (AI), scalability, flexibility, and cost-efficiency. To help unlock these benefits migration or modernization to Azure is critical for reasons such as colocation of IT assets. A crucial part of this transformation is understanding the current state of your IT infrastructure, including workloads, applications, and their interdependencies. Often, organizations aim to set their migration goals based on the applications they want to move to the cloud, rather than focusing on individual servers or databases in isolation. In our endeavour to both simplify and enrich your cloud adoption journey. We are introducing new capabilities in Azure Migrate to help you achieve your goals. About Azure Migrate Azure Migrate is Microsoft’s free platform for migrating to and modernizing in Azure. It provides IT resource discovery, assessment, business case analysis, planning, migration, and modernization capabilities in a workload agnostic manner. You can run and monitor your migration/ modernization journey from a single, secure portal. Currently, Azure Migrate's application aware experience supports the discovery of following workloads: Windows Server, Linux, SQL Server, .NET webapp on IIS, and Java on Tomcat running on various platforms including, VMware, Microsoft, Bare-metal, AWS EC2, GCP CE, and Xen. Further, it will support migration assessments for Azure VM, Azure VMware Solution (AVS), Azure SQL Managed Instance, Azure SQL Database, App Service Code, App Service Containers, and Azure Kubernetes Service. Last, it will support in-line Lift and Shift migration to Azure VM. Note: MySQL discovery and assessment is available in the classic experience only. Introducing Application awareness in Azure Migrate A key step in any cloud transformation plan is a current state analysis of the entire IT estate covering workloads and applications, and relationships/ dependencies among them. We are excited to announce the preview of application aware experiences in Azure Migrate – across every phase of the migration journey. This allows you to gain insights into the total cost of ownership, identify suitable IaaS and PaaS targets, and receive tailored migration and modernization guidance. To get started with Azure Migrate, simply create an Azure Migrate project on Azure portal, and leverage Azure Migrate’s wide-ranging discovery capabilities, including the Azure Migrate appliance or importing inventory via RVTools to discover your environment. Azure Migrate allows you to explore inventory across Infra-Data-Web tiers and use the updated dependency analysis to identify application boundaries. As part of the application aware experiences, we are introducing the concept of tags within Azure Migrate. So once dependencies are identified, you can group the dependent workloads comprising an application via tags. “Tagging has significantly streamlined the assignment of applications name and its environment associations with discovered servers. We consider this feature to be highly advantageous, as it will assist in generating an application-based inventory and assessment. Furthermore, it will be instrumental in organizing a high-level migration move group.” - Tata Consultancy Services (Engineering Practice (Azure) | AI.Cloud) Next, Azure Migrate can be used to create application-specific business cases to identify savings and ROI, assess ideal migration strategies, and get recommendations for Azure services, SKUs, resource costs, and migration/modernization tools. Further, as part of executing the migration and onboarding to Azure, customers can use the recommended tools to modernize via re-platform and refactor (out of band) techniques or use the integrated rehost migration experience to rehost to Azure VM. Complemented with a refreshed user experience As part of delivering application awareness and sustainability insights, Azure Migrate will also feature a refreshed user interface. The new experience is designed to help you in every step of your migration journey – across Decide, Plan and Execute phases. The experience provides you with a new intuitive table of contents and overview page to allow easy navigation. You can explore discovered workloads and their relationships through effective search, sort, and seamless transition from Azure Migrate to other specialized migration tools, depending on your specific goals and requirements. Finally, you can quickly create and visualize different migration and modernization strategies side-by-side. “There has been a notable improvement in User Experience, where with the help of Overview page I can Explore and run assessment, Business case once I access Azure Migrate. Action Centre feature will be highly beneficial to track the issues, which was quite useful in our customer validation.” - Tata Consultancy Services (Engineering Practice (Azure) | AI.Cloud) Interested in trying the new feature-set and experience? The capabilities described above are currently in preview. You can try the new feature-set and experience by selecting the banner shown below from the classic Azure Migrate experience, or by using the URL https://aka.ms/AzureMigrate/Preview. These enhancements in Azure Migrate underscore our commitment to providing comprehensive, user-friendly, and efficient migration solutions. Curious to learn more? Here are key links – Documentation - https://aka.ms/AzureMigrate/Documentation Training videos - Seismic - https://aka.ms/AzureMigrate/Recipes* YouTube - https://aka.ms/AzureMigrate/QuickBytes* *Training videos will be available shortly on the respective sites/ applications.
Migration planning of MySQL workloads using Azure Migrate
In our endeavor to increase coverage of OSS workloads in Azure Migrate, we are announcing discovery and modernization assessment of MySQL databases running on Windows and Linux servers. Customers previously had limited visibility into their MySQL workloads and often received generalized VM lift-and-shift recommendations. With this new capability, customers can now accurately identify their MySQL workloads and assess them for right-sizing into Azure Database for MySQL. MySQL workloads are a cornerstone of the LAMP stack, powering countless web applications with their reliability, performance, and ease of use. As businesses grow, the need for scalable and efficient database solutions becomes paramount. This is where Azure Database for MySQL comes into play. Migrating from on-premises to Azure Database for MySQL offers numerous benefits, including effortless scalability, cost efficiency, enhanced performance, robust security, high availability, and seamless integration with other Azure services. As a fully managed Database-as-a-Service (DBaaS), it simplifies database management, allowing businesses to focus on innovation and growth. What is Azure Migrate? Azure Migrate serves as a comprehensive hub designed to simplify the migration journey of on-premises infrastructure, including servers, databases, and web applications, to Azure Platform-as-a-Service (PaaS) and Infrastructure-as-a-Service (IaaS) targets at scale. It provides a unified platform with a suite of tools and features to help you identify the best migration path, assess Azure readiness, estimate the cost of hosting workloads on Azure, and execute the migration with minimal downtime and risk. Key features of the MySQL Discovery and Assessment in Azure Migrate The new MySQL Discovery and Assessment feature in Azure Migrate (Preview) introduces several powerful capabilities: Discover MySQL database instances: The tool allows you to discover MySQL instances within your environment efficiently. By identifying critical attributes of these instances, it lays the foundation for a thorough assessment and a strategic migration plan. Assessment for Azure readiness: The feature evaluates the readiness of your MySQL database instances to migrate to Azure Database for MySQL – Flexible Server. This assessment considers several factors, including compatibility and performance metrics, to ensure a smooth transition. SKU recommendations: Based on the discovered data, the tool recommends the optimal compute and storage configuration for hosting MySQL workloads on Azure Database for MySQL. Furthermore, it provides insights into the associated costs, enabling better financial planning. How to get started? To begin using the MySQL Discovery and Assessment feature in Azure Migrate, follow this five-step onboarding process: Create an Azure Migrate Project: Initiate your migration journey by setting up a project in the Azure portal. Configure the Azure Migrate Appliance: Use a Windows-based appliance to discover the inventory of servers and provide guest credentials for discovering the workloads and MySQL credentials to fetch database instances and their attributes. Review Discovered Inventory: Examine the detailed attributes of the discovered MySQL instances. Create an Assessment: Evaluate the readiness and get detailed recommendations for migration to Azure Database for MySQL. For a detailed step-by-step guidance check out the documentation for discovery and assessment tutorials. Documentation: Discover MySQL databases running in your datacenter Assess MySQL database instances for migration to Azure Database for MySQL Share your feedback! In summary, the MySQL Discovery and Assessment feature in Azure Migrate enables you to effortlessly discover, assess, and plan your MySQL database migrations to Azure. Try the feature out in public preview and fast-track your migration journey! If you have any queries, feedback or suggestions, please let us know by leaving a comment below or by directly contacting us at AskAzureDBforMySQL@service.microsoft.com. We are eager to hear your feedback and support you on your journey to Azure.Azure VMware Solution Broadcom VMSA-2025-0004 Remediation
With continuous monitoring and security intelligence gathering, Microsoft ensures proactive identification and mitigation of security threats. By leveraging advanced analytics, Microsoft is able to detect vulnerabilities early, empowering organizations to stay ahead of potential risks and safeguard their digital assets effectively. Recently, Microsoft discovered a critical ESXi vulnerability and has been collaborating with Broadcom to develop and qualify a secure patch to address this issue. With Microsoft’s commitment to the security of our platform and our improved lifecycle management process, we were able to quickly assemble a global team to work on the acceleration and validation of the ESXi 8.0 U2d Build 24585300 security patch. We have successfully qualified the security patch that will mitigate VMSA-2025-0004 across our fleet. As a result, with the public release of this vulnerability we are ready to patch your existing Azure VMware Solution infrastructure. We are committing to completing the remediation within 30-days. Microsoft will communicate the scheduled date of patching over the next three weeks. Any Azure VMware Solution private cloud deployed after March 4, 2025 will be provisioned with the patch already applied to the environment. Microsoft takes an in-depth approach to vulnerability and risk management. With our new and improved partnership with Broadcom, this allows us to enhance our overall security and quickly address vulnerabilities in VMware solutions. If you are interested in the Azure VMware Solution, please use these resources to learn more about the service: Homepage: Azure VMware Solution Documentation: Azure VMware Solution SLA: SLA for Azure VMware Solution Azure Regions: Azure Products by Region Known Issues: Azure VMware Solution Software Versions: Azure VMware Solution Security Advisories: Broadcom Release Notes: ESXi 8.0 U2d Build 24585300 Author Bios Ricky Perez is a Senior Technical Program Manager in the Azure VMware Solution product group at Microsoft. His background is in solution architecture with experience in public cloud and core infrastructure services. Chastidy Harris is a Senior Program Manager in the Azure VMware Solution product group at Microsoft. Rahi Patel is a Senior Technical Program Manager in the Azure VMware Solution product group at Microsoft. René van den Bedem is a Principal Technical Program Manager in the Azure VMware Solution product group at Microsoft. His background is in enterprise architecture with extensive experience across all facets of the enterprise, public cloud & service provider spaces, including digital transformation and the business, enterprise, and technology architecture stacks. René works backwards from the problem to be solved and designs solutions that deliver business value with the minimum of risk. In addition to being the first quadruple VMware Certified Design Expert (VCDX), he is also a Dell Technologies Certified Master Enterprise Architect, a Nutanix Platform Expert (NPX), and a VMware vExpert.What's new in Azure Migrate?
Introduction The journey to the cloud is an essential step for modern enterprises looking to leverage the benefits of scalability, flexibility, and cost-efficiency. A crucial part of this transformation is understanding the current state of your IT infrastructure, including workloads, applications, and their interdependencies. Often, organizations aim to set their migration goals based on the applications they want to move to the cloud, rather than focusing on individual servers or databases in isolation. I am thrilled to share that Azure Migrate is evolving to both simplify and enrich your cloud adoption journey. We are introducing new capabilities in Azure Migrate to help you achieve your goals. Introducing Application awareness in Azure Migrate [limited preview] A key step in any cloud transformation plan is a current state analysis of the entire IT estate covering workloads and applications, and relationships/ dependencies among them. I am excited to announce the limited preview of application aware experiences in Azure Migrate – across every phase of the migration journey. This allows you to gain insights into the total cost of ownership, identify suitable IaaS and PaaS targets, and receive tailored migration and modernization guidance. To get started with Azure Migrate, simply create an Azure Migrate project on Azure portal, and leverage Azure Migrate’s wide-ranging discovery capabilities, including the Azure Migrate appliance or importing inventory via RVTools to discover your environment. This allows you to explore inventory across Infra-Data-Web tiers and use the updated dependency analysis to identify application boundaries. As part of the application aware experiences, we are introducing the concept of tags within Azure Migrate. So once dependencies are identified, you can group the dependent workloads comprising an application via tags. Then, Azure Migrate can be used to create application-specific business cases to identify savings and ROI, assess ideal migration strategies, and get recommendations for Azure services, SKUs, resource costs, and migration/modernization tools. Further, as part of executing the migration and onboarding to Azure, customers can use the recommended tools to modernize via re-platform and refactor (out of band) techniques or use the integrated rehost migration experience to rehost to Azure VM. Complemented with a refreshed user experience As part of delivering application awareness and sustainability insights, Azure Migrate will also feature a refreshed user interface. The new experience is designed to help customers across every step of the migration journey – across Decide, Plan and Execute phases. The experience provides you with a new intuitive table of contents and overview page to allow easy navigation. You can explore discovered workloads and their relationships through effective search, sort, and seamless transition from Azure Migrate to other specialized migration tools, depending on your specific goals and requirements. Finally, you can quickly create and visualize different migration and modernization strategies side-by-side. Expanded support for workloads and platforms In addition to the capabilities described above, Azure Migrate continues to evolve to support capabilities provided by Azure for customers to evaluate and execute as part of their cloud adoption journey. As part of this effort, I am pleased to announce public preview of the following capabilities. These capabilities are available for customers, partners and sellers to try today! ROI/TCO of Azure Arc in Azure Migrate Business Case [public preview] We understand that customers are looking to understand the best path as they evaluate the cloud. This includes continuing to stay on-premises in their current environment while benefiting from Azure services such as Azure Arc. Knowing the varying needs of every customer and with the goal to meet customers where they are, we are introducing the envisioning of ROI for Azure Arc in Azure Migrate Business Case. This includes - Azure Migrate business case to help you compare the Total Cost of Ownership (TCO) for on-premises estates versus Azure, including year-on-year cash flow analysis. With this new capability, the Azure Migrate Business Case now includes the added value of Azure Arc for resources remaining on-premises during the customer’s migration journey. You can now visualize cost savings and other benefits of using Azure security and management tools via Azure Arc for your on-premises servers and see licensing benefits such as Extended Security Updates and SQL Pay-As-You-Go. In addition to visualizing the business case for Arc, customers can identify and at-scale onboard machines that are not yet Arc-enabled directly from the Azure Migrate portal. Additional details and step by step instructions can be found here. Support for migrations to Azure Stack HCI [public preview] Azure Stack HCI enables customers to run workloads in the private cloud or edge and offers an ideal platform for modernizing workloads with enhanced performance, scalability, simplified management, and cost efficiency. To support this modernization, we have introduced the ability to migrate virtual machines from Hyper-V and VMware environments to Azure Stack HCI using Azure Migrate: Server Migrations. Like Azure migrations, you can leverage Azure Migrate to discover virtual machines from VMware and Hyper-V environments at scale, without needing prior agent installation. After discovery, you can migrate virtual machines to Azure Stack HCI through an easy-to-use Azure Migrate portal experience, ensuring zero data loss and minimal downtime. This migration keeps data flow locally from on-premises to Azure Stack HCI. Learn more about this capability here. Expanded OSS Support in Azure Migrate [public preview] Azure Migrate has been diligently expanding its capabilities to better support customers using Linux. We are thrilled to highlight three significant updates that enhance your migration experience: Support for newer Linux Distributions [public preview] Azure Migrate now supports a range of newer Linux distributions, including Rocky Linux, Alma Linux, SLES 15, RHEL 9, and Ubuntu 22.04. This enhancement ensures a broader compatibility for Linux workloads, allowing you to migrate seamlessly, whether using agentless or agent-based migrations. Azure Hybrid Benefit (AHB) for Enterprise Linux [public preview] We've integrated Azure Hybrid Benefit (AHB) for Enterprise Linux (RHEL and SLES) into the migration process. Customers can visualize the savings from AHB directly in Azure Migrate business case assessments, maximizing their return on investment. To leverage AHB, you can directly enable the appropriate licenses for migrating Enterprise Linux machines within Azure Migrate. This integration eliminates the need for manual installation of the AHB extension post migrations, streamlining the migration workflow and ensuring compliance. Discovery and Assessment of MySQL Databases [public preview] In our endeavor to increase coverage of OSS workloads in Azure Migrate, we are announcing discovery and modernization assessment of MySQL databases running on Linux servers. Customers previously had limited visibility in their MySQL workloads and often received generalized VM lift-and-shift recommendations. With this new capability, you can now accurately identify the MySQL workloads and assess them for right-sizing into Azure Database for MySQL: Flexible Server. CSV Import powered discovery for SQL Servers [limited preview] We understand that deploying an appliance may not be the quickest way to generate migration assessments to enable planning. Further, many times customers can’t provide credentials for SQL Server instances, to allow Azure Migrate to capture relevant details and provide accurate readiness and right-sized recommendations. Hence, we are now adding the ability to import SQL Server details which can then be used to discover SQL Server instances and databases and generate accurate assessment reports. Use existing repositories such as SQL Server Dynamic Management Views, SCOM etc. to populate the CSV schema required to discover SQL Server. Interested in trying the limited preview experience? The capabilities described above are currently in limited preview. To take advantage of these capabilities for your environment, please share your interest here. Conclusion The enhancements in Azure Migrate underscore our commitment to providing comprehensive, user-friendly, and efficient migration solutions. Stay tuned for more updates and join us at Ignite 2024 for a detailed demo of these exciting new features. Curious to learn more? Here is a sneak peek of what we plan to announce at Ignite - https://youtu.be/aquRVLvau7cMigrate or modernize your applications using Azure Migrate
Introduction Moving to cloud is an essential step for enterprises looking to leverage the benefits of security, innovation (AI), scalability, flexibility, and cost-efficiency. To help unlock these benefits migration or modernization to Azure is critical for reasons such as colocation of IT assets. A crucial part of this transformation is understanding the current state of your IT infrastructure, including workloads, applications, and their interdependencies. Cloud migration is most effective when you can decide, plan and execute it holistically focusing on applications rather than focusing on individual servers or workloads in isolation. In our endeavour to both simplify and enrich your cloud adoption journey, we are evolving Application awareness in Azure Migrate that we introduced last year with features summarized below. Overview “The new design of Azure Migrate is much more intuitive, it allows us to group workloads into applications and track them throughout the migration journey. The Business Case Generator is a true game changer, providing insights that are ready for presentation at Leadership meetings. Azure Migrate continues to improve, making the execution of migration programs more seamless, faster, and secure. It has been an invaluable tool for our customers who are in the path of migrating to Azure” - Karthik Balachandran | Architect | EY Azure Migrate delivers a major evolution in cloud migration capabilities with application awareness. Here are key new features and why they matter: Multi-Server Dependency Mapping – Provides a holistic view of application topology, so you understand all server interactions before migrating. This reduces risk by ensuring no server is left behind and dependencies are respected during cloud transition. Software & Security Insights– Offers built-in intelligence on software inventory and vulnerabilities (e.g. highlighting outdated software and missing patches). This helps improve your environment’s security and stability as part of the migration journey, benefiting IT admins and security teams. Application definition & import– Allows you to treat applications as first-class citizens in Azure Migrate (not just tag groupings). You can create and manage app groupings easily, enabling a shift from managing individual workloads to managing whole applications in your migration project. Application migration or modernization RoI – Allows you to identify investments required in respective migration strategies as well as savings that would accrue as application are moved to Azure. Application Assessments– Delivers holistic migration plans per app, including recommended strategies (Rehost, Replatform, Refactor), target Azure services, sizing, cost estimates, and readiness checks. This empowers cloud architects to make informed decisions with an application-level focus. Code insight integration – GitHub Copilot assessment – Enables a developer-driven assessment loop by incorporating GitHub App Modernization Assessment reports. This tightens collaboration with dev teams and can dynamically adjust migration recommendations (e.g., flagging apps that need refactoring). CAST Highlight– Brings code-level analytics at scale into the migration plan. By importing CAST’s code scan results, you can identify technical debt and required code changes upfront, ensuring the recommended cloud approach truly fits the app’s codebase. Wave Planning with 1P Tool Integration– Provides a planning and execution framework to migrate in phases and launch the appropriate migration tools for each component seamlessly. This ensures end-to-end coverage – from migration scheduling to real-time execution – all within Azure Migrate. Capability deep dive Identify your applications using multi-server dependency mapping and subsequently define them One of the first steps in cloud migration planning is identifying application boundaries and dependencies. Azure Migrate’s new multi-server dependency mapping provides a rich visualization of how servers communicate with each other in your environment. This goes beyond the single-server dependency view of the past – now you can visualize an entire datacenter’s topology in one view. When you discover your on-premises environment, Azure Migrate’s agentless dependency analysis automatically begins mapping connections. It even measures connection strength, helping distinguish steady, critical communication from ephemeral connections. You can subsequently define applications, and assign metadata such as Name, type – Custom or Packaged (Commercial off the shelf), Criticality, Complexity (based on the number of dependencies), etc. Additionally, you can export your discovered inventory, assign application names in a spreadsheet, and import it back to quickly create many application grouping. You are free to refine or correct groupings, too. If during analysis you realize a server or workload was grouped incorrectly, simply update the application to add or remove that member (with no need to re-run discovery). Deleting an application grouping will not delete the underlying servers; it just removes the logical app wrapper, so you can reorganize safely as needed. Now, you can plan migrations by application units rather than individual workloads. This leads to more predictable outcomes (since all interdependent pieces move together), and it eliminates guesswork that used to come from manually correlating server relationships. Proactive Software and Security Insights Migration is not just about moving workloads – it’s an opportunity to remediate and improve what you have. The new Software and Security Insights surface critical information about your IT estate early on, so you can address potential issues before migration. Once your inventory is discovered, Azure Migrate now highlights: Software Insights:The portal flags certain software or OS components that might need attention or have cloud-friendly alternatives. For example, it might detect that some VMs run outdated middleware or unsupported OS versions. The tool provides recommendations for replacement or upgrade – e.g. suggesting you Repurchase a legacy product through Azure Marketplace or move to a SaaS solution for that functionality. This helps you plan modernization (repurchasing or upgrading software) as part of the migration project, rather than carrying technical debt to the cloud. Security Insights:Azure Migrate also integrates with security monitoring to detect vulnerabilities and missing updates in your servers. More importantly, it advises how to fix them: e.g. enabling Microsoft Defender for Cloud to address vulnerabilities, and using Azure Update Manager to apply pending updates. In essence, you get a mini security assessment alongside your inventory. These insights empower IT admins and security teams to tackle risks as part of migration planning. Rather than “lift-and-shift and then fix later,” you can remediate issues in parallel with migration, leading to a more secure and optimized environment on Azure. RoI for modernizing applications We are bringing in updates to Azure Migrate Business case to help ascertain the value you stand to gain by modernizing your applications – Custom or Packaged, as well as providing spend analysis across recommended migration strategies – Rehost, Replatform and Refactor. Holistic application assessments covering Infra-Data-Web tiers Application assessment builds on Azure Migrate’s existing server, database and webapp assessments, to give a migration game-plan for an entire application. It analyzes each component and then recommends An overall migration strategyamong Rehost, Replatform and Refactor, for the application under consideration. Migration readiness, and blockers that need to be addressed for respective strategy Target Azure Services and SKUs for workloads comprising the application Monthly cost estimates to run the application on Azure Migration tooling recommendations per workload comprising the application. Instead of piecemeal workload assessments, Cloud architects get a unified view per application – making it much easier to prioritize and plan. For example, you might discover that one application is an easy rehost (quick win), while another would clearly benefit from refactoring to eliminate costly components. Application assessments surface such insights with data, so stakeholders (including application owners and developers) can agree on a path forward with confidence. Ultimately, this leads to high-confidence migration plans and minimizes surprises during execution. Improve analysis with Code-Level Insights from Github Copilot assessment and CAST Most times, whether an application can be easily Replatformed or needs Refactoring depends on the application’s source code. Hence, we are bridging the gap between infrastructure and application development realities and are offering Integration with code analysis tools – GitHub Copilot assessment and CAST Highlight – to incorporate code-level insights into Azure Migrate’s recommendations. Talking about GitHub copilot – it is an indispensable tool for the application development. Developers can identify changes required in the code bases of their applications to make them ready for modernization to PaaS services such as AKS, App Service, etc. The cloud architect running Azure Migrate application assessment can request the application developers to ingest the code change insights from GitHub copilot assessment into Azure Migrate assessment. Once this report is ingested, you’ll see the Azure Migrate assessment refine its recommendations conclusively – such readiness, effort to make the code changes, migration strategy – depending upon whether the code changes are minimal or significant. Similarly, at-scale/ portfolio level code analysis performed using CAST Highlight, a prominent software intelligence platform, can be imported into Azure Migrate to improve the assessment recommendations. In practice, this means Azure Migrate will know if the code has, say, outdated libraries or many hard-coded dependencies that make cloud migration harder. Overall, the integration of code insights leads to more realistic migration plans and smoother hand-offs between cloud infrastructure teams and dev teams. Wave Planning and Integrated Migration Execution After discovering applications, assessing them, and incorporating any code insights, you’re ready to migrate or modernize – but large migrations often happen in phases. That’s where the new Wave Planning feature comes in. Wave planning in Azure Migrate helps you organize and sequence the actual migration execution in waves or batches, plan the migration activities and execute using integrated first party migration tools and track the end-to-end migrations; thereby providing a single place where different users – Cloud architects, developers, application owners, etc. can collaborate and coordinate through the migration journey. If your strategy for an application (or a particular server in the application) is Rehost (lift-and-shift to Azure VMs), Azure Migrate will use its built-in Server Migration capability. You can start the replication of that server to Azure right from the wave plan. If your strategy is Replatform or Refactor and involves migrating data, the wave plan can redirect you to Azure Database Migration Service (DMS). All these integrations mean you can coordinate multi-step migrations from one place. Wave planning is aware of various target strategies and helps orchestrate them, so cloud administrators don’t have to juggle separate tool interfaces for VMs vs. databases vs. web apps. As each part of a wave completes, Azure Migrate updates the wave status for Rehost scenarios and users can manually update the status’ for Refactor or Replatform scenarios where some steps may take out of band. Interested in trying the new feature set and experience? All the above features are available in Azure Migrate now (in preview as of 7 th November, 2025). Just create a new Azure Migrate project and you’ll be greeted with the new interface. From there, you can start defining applications and exploring these capabilities with your own data. About Azure Migrate Azure Migrate is Microsoft’s free platform for migrating and modernizing to Azure. It provides IT resource discovery, assessment, business case analysis, wave planning, migration, and modernization capabilities in a workload agnostic manner. You can run and monitor your migration/ modernization journey from a single, secure portal. Currently, Azure Migrate's application aware experience supports the discovery of following workloads: Windows Server, Linux Server, SQL Server, PostgreSQL, .NET webapp on IIS, and Java on Tomcat running on various platforms including, VMware, Microsoft, Bare-metal, AWS EC2, GCP CE, and Xen. Further, it supports assessments and wave planning for Azure VM, Azure VMware Solution (AVS), Azure SQL Managed Instance, Azure SQL Database, Azure Database for PostgreSQL Flexible Server, App Service Code, App Service Containers, and Azure Kubernetes Service. Last, it supports in-line Lift and Shift migration to Azure VM and Azure Local. Note: MySQL discovery and assessment is available in the classic experience only
