Kategorie: Microsoft Azure

Accelerating AI and databases with Azure Container Storage, now 7 times faster and open source

More companies than ever before are choosing to run stateful workloads—such as relational databases, AI inferencing, and messaging queues—on Kubernetes. For developers building on Kubernetes, storage performance has never been more important.

Today, we’re announcing the next major release of Azure Container Storage – v2.0.0. Compared to prior versions, it delivers up to 7 times higher IOPS, 4 times less latency, and improved resource efficiency. With built-in support for local NVMe drives, Azure Container Storage now delivers our fastest, most powerful Kubernetes storage platform on Azure. It’s now also completely free to use, and available as an open-source version for installation on non-AKS clusters. Whether you’re running stateful applications in production, scaling AI workloads, or streamlining dev/test environments, this major release’s performance will give your workloads a considerable boost.

Get started with Azure Container Storage documentation

What’s Azure Container Storage?

Before we dive into the latest enhancements, let’s take a moment to revisit what Azure Container Storage is and how developers run stateful workloads on Kubernetes with speed, simplicity, and reliability.

Azure Container Storage is a cloud-native volume management and orchestration service specifically designed for Kubernetes. It integrates seamlessly with AKS (Azure Kubernetes Service) to enable provisioning of persistent volumes for production-scale, stateful workloads.

Azure Container Storage’s vision is to serve as the unified block storage orchestrator for Kubernetes workloads on Azure, providing a consistent experience across multiple storage backends for simplified volume orchestration via Kubernetes APIs. This v2.0.0 release focuses specifically on breakthrough performance with local NVMe storage, bringing enterprise-grade performance with cloud-native simplicity. Later this year, we’ll be debuting support for Azure Container Storage to integrate with Elastic SAN.

Azure Container Storage delivers optimized performance and efficiency with low-latency storage for high throughput stateful applications, along with built-in orchestration and automation that allows Kubernetes to manage storage pools, persistent volume lifecycles, snapshots, and scaling—all without switching contexts or managing individual CSI (container storage interface) drivers.

What’s new?

There’s quite a bit to unpack here, so let’s take a deeper dive into some of the key benefits that Azure Container Storage v2.0.0 delivers:

Pricing changes

As before, you’ll continue to pay for the underlying storage backend you use. But Azure Container Storage versions 2.0.0 and beyond will no longer charge a per-GB monthly fee for storage pools larger than 5 TiB for both our first party managed and open-source version, making the service now completely free to use. Provision as much storage as you need without worrying about additional management fees. This means you get enterprise-grade storage orchestration and breakthrough performance without any additional service costs—just pure value for your Kubernetes workloads.

Enhanced performance with reduced resource consumption

This release of Azure Container Storage is optimized specifically for local NVMe drives provided with a variety of VM families. This focus unlocks the fastest possible I/O performance for your most demanding workloads while reducing infrastructure costs.

Perhaps most exciting, this latest version of Azure Container Storage on local NVMe is now faster than ever before. We’ve rebuilt our architecture from the ground up—from the kernel level to the control plane—to push the limits of our storage orchestrator. This dramatic speed improvement comes with an equally impressive reduction in cluster resource consumption. Previously, Azure Container Storage on local NVMe had three performance modes that could consume 12.5%, 25%, or 50% of your node pool’s CPU cores. Azure Container Storage v2.0.0 no longer has performance tiers. Instead, it delivers superior performance while using fewer resources than even our previous lowest-impact setting. This translates directly to cost savings—you get better performance while freeing up CPU capacity for your applications to perform even faster.

Let’s look at the benchmarks. On fio (Flexible I/O Tester), the open-source industry standard for storage testing, Azure Container Storage on NVMe delivers approximately 7 times higher IOPS and 4 times less latency compared to the previous version.

But how does this translate to real workloads? We tested our own PostgreSQL for AKS deployment guide and found that PostgreSQL’s transactions per second improved by 60% while cutting latency by over 30%. For database-driven applications, this means faster query responses, higher throughput, and better user experiences.

All in all, Azure Container Storage delivers a significant performance boost for I/O-demanding workloads out of the box without additional configuration needed, offering developers a simple yet powerful tool in their cloud-native arsenal.

Accelerated AI model loading and KAITO Integration

For AI and machine learning workloads, model loading time can be a significant bottleneck. Azure VMs equipped with GPUs have local NVMe drives available. With the latest NVMe enhancements in the new v2.0.0 version, Azure Container Storage takes advantage of this hardware by dramatically accelerating model file loading for AI inferencing workloads. With our recent integration with KAITO, the first Kubernetes-native controller for automating AI model deployment, you can now deploy and scale AI models faster than ever, reducing time-to-inference and improving overall AI application responsiveness.

Above: Azure Container Storage providing fast NVMe-backed storage for model files

We loaded Llama-3.1-8B-Instruct LLM and found a 5 times improvement in model file loading speed with Azure Container Storage v2.0.0, compared to using an ephemeral OS disk.

More flexible scaling options

Azure Container Storage previously required a minimum of three nodes when using ephemeral drives. It now works with clusters of any size, including single-node deployments. This flexibility is particularly valuable for applications with robust built-in replication or backup capabilities, development environments, and edge deployments where you need high-performance storage without the overhead of larger clusters. The elimination of minimum node requirements also reduces costs for smaller deployments while maintaining the same high-performance capabilities.

Open source and community support

We recognize how important the open-source community is to the health and spirit of the Kubernetes ecosystem. Azure Container Storage version 2.0.0 is now built on our newly created open-source repositories, making it accessible to the broader Kubernetes community.

Whether you need the Azure-managed version for seamless AKS integration or prefer the community open-source version for self-hosted Kubernetes clusters, you get the same great product and features. The open-source approach also means easier installation, greater transparency, and the ability to contribute to the project’s evolution.

Explore our open-source repository (local-csi-driver), and learn more about our related block storage products:

Azure Container Storage enabled by Azure Arc

Use Container Storage Interface (CSI) driver for Azure Disk on Azure Kubernetes Service (AKS)

In summary

This major update to Azure Container Storage delivers a faster and leaner high-performance Kubernetes storage platform. Here’s what you get:

Included out of the box: This release focuses on ephemeral drives (local NVMe and temporary SSD) provided with select VM families, including storage-optimized L-series, GPU-enabled ND-series, and general-purpose Da-series.

Enhanced workload support: Optimized for demanding applications like PostgreSQL databases and KAITO-managed AI model serving.

Superior performance: 7 times improvement in read/write IOPS and 4 times reduction in latency, with 60% better PostgreSQL transaction throughput.

Open source: Built on open-source foundations with community repositories for easier installation on any Kubernetes cluster.

Flexible scaling: Deploy on clusters with as few as one node—no minimum cluster size requirements.

Zero service fees: Completely free to use for all storage pool sizes—you only pay for underlying storage.

Getting started

Ready to experience the performance boost? Here are your next steps:

New to Azure Container Storage? Start with our comprehensive documentation.

Deploying specific workloads? Check out our updated deployment guide for PostgreSQL.

Want the open-source version? Visit our GitHub repository for installation instructions.

Have questions or feedback? Reach out to our team at AskContainerStorage@microsoft.com.

Regardless of your workload, Azure Container Storage provides the performance and ease you expect from modern cloud-native storage. We’re excited to see what you build—and we’d love to hear your feedback. Happy hacking!
The post Accelerating AI and databases with Azure Container Storage, now 7 times faster and open source appeared first on Microsoft Azure Blog.
Quelle: Azure

Agent Factory: Connecting agents, apps, and data with new open standards like MCP and A2A

This blog post is the fifth out of a six-part blog series called Agent Factory which will share best practices, design patterns, and tools to help guide you through adopting and building agentic AI.

An agent that can’t talk to other agents, tools, and apps is just a silo. The real power of agents comes from their ability to connect to each other, to enterprise data, and to the systems where work gets done. Integration is what transforms an agent from a clever prototype into a force multiplier across a business.

With Azure AI Foundry customers and partners, we see the shift everywhere: customer service agents collaborating with retrieval agents to resolve complex cases, research agents chaining together across datasets to accelerate discovery, and business agents acting in concert to automate workflows that once took teams of humans. The story of agent development has moved from “can we build one?” to “how do we make them work together, safely and at scale?” 

Connect agents with Azure AI Foundry

Industry trends show integration as the unlock

At Microsoft over the years, I’ve seen how open protocols shape ecosystems. From OData, which standardized access to data APIs, to OpenTelemetry, which gave developers common ground for observability, open standards have consistently unlocked innovation and scale across industries. Today, customers in Azure AI Foundry are looking for flexibility without vendor lock-in. The same pattern is now unfolding with AI agents. Proprietary, closed ecosystems create risk if agents, tools, or data can’t interoperate, causing innovation to stall and an increase in switching costs.

Standard protocols taking root: Open standards like the Model Context Protocol (MCP) and Agent2Agent (A2A) are creating a lingua franca for how agents share tools, context, and results across vendors. This interoperability is critical for enterprises who want the freedom to choose best-of-breed solutions and ensure their agents, tools, and data can work together, regardless of vendor or framework.

A2A collaboration on MCP: Specialist agents increasingly collaborate as teams, with one handling scheduling, another querying databases, and another summarizing. This mirrors human work patterns, where specialists contribute to shared goals. Learn more about how this connects to MCP and A2A in our Agent2Agent and MCP blog. 

Connected ecosystems: From Microsoft 365 to Salesforce to ServiceNow, enterprises expect agents to act across all their apps, not just one platform. Integration libraries and connectors are becoming as important as models themselves. Open standards ensure that as new platforms and tools emerge, they can be integrated seamlessly, eliminating the risk of isolated point solutions.

Interop across frameworks: Developers want the freedom to build with LangGraph, AutoGen, Semantic Kernel, or CrewAI—and still have their agents talk to each other. Framework diversity is here to stay.

What integration at scale requires

From our work with enterprises and open-source communities, a picture emerges of what’s needed to connect agents, apps, and data:

Cross-agent collaboration by design: Multi-agent workflows require open protocols that allow different runtimes and frameworks to coordinate. Protocols like A2A and MCP are rapidly evolving to support richer agent collaboration and integration. A2A expands agent-to-agent collaboration, while MCP is growing into a foundational layer for context sharing, tool interoperability, and cross-framework coordination.

Shared context through open standards: Agents need a safe, consistent way to pass context, tools, and results. MCP enables this by making tools reusable across agents, frameworks, and vendors.

Seamless enterprise system access: Business value only happens when agents can act: update a CRM record, post in Teams, or trigger an ERP workflow. Integration fabrics with prebuilt connectors remove the heavy lift. Enterprises can connect new and legacy systems without costly rewrites or proprietary barriers.

Unified observability: As workflows span agents and apps, tracing and debugging across boundaries becomes essential. Teams must see the chain of reasoning across multiple agents to ensure safety, compliance, and trust. Open telemetry and evaluation standards give enterprises the transparency and control they need to operate at scale.

How Azure AI Foundry enables integration at scale

Azure AI Foundry was designed for this connected future. It makes agents interoperable, enterprise ready, and integrated into the systems where businesses run.

Model Context Protocol (MCP): Foundry agents can call MCP-compatible tools directly, enabling developers to reuse existing connectors and unlock a growing marketplace of interoperable tools. Semantic Kernel also supports MCP for pro-code developers. 

A2A support: Through Semantic Kernel, Foundry implements A2A so agents can collaborate across different runtimes and ecosystems. Multi-agent workflows—like a research agent coordinating with a compliance agent before drafting a report—just work.

Enterprise integration fabric: Foundry comes with thousands of connectors into SaaS and enterprise systems. From Dynamics 365 to ServiceNow to custom APIs, agents can act where business happens without developers rebuilding integrations from scratch. And with Logic Apps now supporting MCP, existing workflows and connectors can be leveraged directly inside Foundry agents.

Unified observability and governance: Tracing, evaluation, and compliance checks extend across multi-agent and multi-system workflows. Developers can debug cross-agent reasoning and enterprises can enforce identity, policy, and compliance end-to-end.

Why this matters now

Enterprises don’t want isolated point solutions—they want connected systems that scale. The next competitive advantage in AI isn’t just building smarter agents, it’s building connected agent ecosystems that work across apps, frameworks, and vendors. Interoperability and open standards are the foundation for this future, giving customers the flexibility, choice, and confidence to invest in AI without fear of vendor lock-in.

Azure AI Foundry makes that possible:

Flexible protocols (MCP and A2A) for agentic collaboration and interoperability.

Enterprise connectors for system integration.

Guardrails and governance for trust at scale.

With these foundations, organizations can move from siloed prototypes to truly connected AI ecosystems that span the enterprise.

What’s next

In part six of the Agent Factory series, we’ll focus on one of the most critical dimensions of agent development: trust. Building powerful agents is only half the challenge. Enterprises need to ensure these agents operate with the highest standards of security, identity, and governance.

Did you miss these posts in the series?

Agent Factory: The new era of agentic AI—common use cases and design patterns.

Agent Factory: Building your first AI agent with the tools to deliver real-world outcomes.

Agent Factory: Top 5 agent observability best practices for reliable AI.

Agent Factory: From prototype to production—developer tools and rapid agent development.

Azure AI Foundry
Build adaptable AI agents that connect with each other to automate tasks and enhance user experiences.

Learn more

The post Agent Factory: Connecting agents, apps, and data with new open standards like MCP and A2A appeared first on Microsoft Azure Blog.
Quelle: Azure

Agent Factory: From prototype to production—developer tools and rapid agent development

This blog post is the fourth out of a six-part blog series called Agent Factory which will share best practices, design patterns, and tools to help guide you through adopting and building agentic AI.

Developer experiences as the key to scale

AI agents are moving quickly from experimentation to real production systems. Across industries, we see developers testing prototypes in their Integrated Development Environment (IDE) one week and deploying production agents to serve thousands of users the next. The key differentiator is no longer whether you can build an agent—it’s how fast and seamlessly you can go from idea to enterprise-ready deployment.

Deploy AI agents quickly with Azure AI Foundry

Industry trends reinforce this shift:

In-repo AI development: Models, prompts, and evaluations are now first-class citizens in GitHub repos—giving developers a unified space to build, test, and iterate on AI features. 

More capable coding agents: GitHub Copilot’s new coding agent can open pull requests after completing tasks like writing tests or fixing bugs, acting as an asynchronous teammate.

Open frameworks maturing: Communities around LangGraph, LlamaIndex, CrewAI, AutoGen, and Semantic Kernel are rapidly expanding, with “agent templates” on GitHub repos becoming common.

Open protocols emerging: Standards like the Model Context Protocol (MCP) and Agent-to-Agent (A2A) are creating interoperability across platforms.

Developers increasingly expect to stay in their existing workflow—GitHub, VS Code, and familiar frameworks—while tapping into enterprise-grade runtimes and integrations. The platforms that win will be those that meet developers where they are—with openness, speed, and trust.

What a modern agent platform should deliver

From our work with customers and the open-source community, we’ve seen a clear picture emerge of what developers really need. A modern agent platform must go beyond offering models or orchestration—it has to empower teams across the entire lifecycle:

Local-first prototyping: Developers want to stay in their flow. That means designing, tracing, and evaluating AI agents directly in their IDE with the same ease as writing and debugging code. If building an agent requires jumping into a separate UI or unfamiliar environment, iteration slows and adoption drops.

Frictionless transition to production: A common frustration we hear is that an agent that runs fine locally becomes brittle or requires heavy rewrites in production. The right platform provides a single, consistent API surface from experimentation to deployment, so what works in development works in production—with scale, security, and governance layered in automatically.

Open by design: No two organizations use the exact same stack. Developers may start with LangGraph for orchestration, LlamaIndex for data retrieval, or CrewAI for coordination. Others prefer Microsoft’s first-party frameworks like Semantic Kernel or AutoGen. A modern platform must support this diversity without forcing lock-in, while still offering enterprise-grade pathways for those who want them.

Interop by design: Agents are rarely self-contained. They must talk to tools, databases, and even other agents across different ecosystems. Proprietary protocols create silos and fragmentation. Open standards like the Model Context Protocol (MCP) and Agent-to-Agent (A2A) unlock collaboration across platforms, enabling a marketplace of interoperable tools and reusable agent skills.

One-stop integration fabric: An agent’s real value comes when it can take meaningful action: updating a record in Dynamics 365, triggering a workflow in ServiceNow, querying a SQL database, or posting to Teams. Developers shouldn’t have to rebuild connectors for every integration. A robust agent platform provides a broad library of prebuilt connectors and simple ways to plug into enterprise systems.

Built-in guardrails: Enterprises cannot afford agents that are opaque, unreliable, or non-compliant. Observability, evaluations, and governance must be woven into the development loop—not added as an afterthought. The ability to trace agent reasoning, run continuous evaluations, and enforce identity, security, and compliance policies is as critical as the models themselves.

How Azure AI Foundry delivers this experience 

Azure AI Foundry is designed to meet developers where they are, while giving enterprises the trust, security, and scale they need. It connects the dots across IDEs, frameworks, protocols, and business channels—making the path from prototype to production seamless.

Build where developers live: VS Code, GitHub, and Foundry

Developers expect to design, debug, and iterate AI agents in their daily tools—not switch into unfamiliar environments. Foundry integrates deeply with both VS Code and GitHub to support this flow.

VS Code extension for Foundry: Developers can create, run, and debug agents locally with direct connection to Foundry resources. The extension scaffolds projects, provides integrated tracing and evaluation, and enables one-click deployment to Foundry Agent Service—all inside the IDE they already use.

Model Inference API: With a single, unified inference endpoint, developers can evaluate performance across models and swap them without rewriting code. This flexibility accelerates experimentation while future-proofing applications against a fast-moving model ecosystem.

GitHub Copilot and the coding agent: Copilot has grown beyond autocomplete into an autonomous coding agent that can take on issues, spin up a secure runner, and generate a pull request, signaling how agentic AI development is becoming a normal part of the developer loop. When used alongside Azure AI Foundry, developers can accelerate agent development by having Copilot generate agent code while pulling in the models, agent runtime, and observability tools from Foundry needed to build, deploy, and monitor production-ready agents.

Use your frameworks

Agents are not one-size-fits-all, and developers often start with the frameworks they know best. Foundry embraces this diversity:

First-party frameworks: Foundry supports both Semantic Kernel and AutoGen, with a convergence into a modern unified framework coming soon. This future-ready framework is designed for modularity, enterprise-grade reliability, and seamless deployment to Foundry Agent Service.

Third-party frameworks: Foundry Agent Service integrates directly with CrewAI, LangGraph, and LlamaIndex, enabling developers to orchestrate multi-turn, multi-agent conversations across platforms. This ensures you can work with your preferred OSS ecosystem while still benefiting from Foundry’s enterprise runtime.

Interoperability with open protocols

Agents don’t live in isolation—they need to interoperate with tools, systems, and even other agents. Foundry supports open protocols by default:

MCP: Foundry Agent Service allows agents to call any MCP-compatible tools directly, giving developers a simple way to connect external systems and reuse tools across platforms.

A2A: Semantic Kernel supports A2A, implementing the protocol to enable agents to collaborate across different runtimes and ecosystems. With A2A, multi-agent workflows can span vendors and frameworks, unlocking scenarios like specialist agents coordinating to solve complex problems.

Ship where the business runs

Building an agent is just the first step—impact comes when users can access it where they work. Foundry makes it easy to publish agents to both Microsoft and custom channels:

Microsoft 365 and Copilot: Using the Microsoft 365 Agents SDK, developers can publish Foundry agents directly to Teams, Microsoft 365 Copilot, BizChat, and other productivity surfaces.

Custom apps and APIs: Agents can be exposed as REST APIs, embedded into web apps, or integrated into workflows using Logic Apps and Azure Functions—with thousands of prebuilt connectors to SaaS and enterprise systems.

Observe and harden

Reliability and safety can’t be bolted on later—they must be integrated into the development loop. As we explored in the previous blog, observability is essential for delivering AI that is not only effective, but also trustworthy. Foundry builds these capabilities directly into the developer workflow:

Tracing and evaluation tools to debug, compare, and validate agent behavior before and after deployment.

CI/CD integration with GitHub Actions and Azure DevOps, enabling continuous evaluation and governance checks on every commit.

Enterprise guardrails—from networking and identity to compliance and governance—so that prototypes can scale confidently into production.

Why this matters now

Developer experience is the new productivity moat. Enterprises need to enable their teams to build and deploy AI agents quickly, confidently, and at scale. Azure AI Foundry delivers an open, modular, and enterprise-ready path—meeting developers in GitHub and VS Code, supporting both open-source and first-party frameworks, and ensuring agents can be deployed where users and data already live.

With Foundry, the path from prototype to production is smoother, faster, and more secure—helping organizations innovate at the speed of AI.

What’s next

In Part 5 of the Agent Factory series, we’ll explore how agents connect and collaborate at scale. We’ll demystify the integration landscape—from agent-to-agent collaboration with A2A, to tool interoperability with MCP, to the role of open standards in ensuring agents can work across apps, frameworks, and ecosystems. Expect practical guidance and reference patterns for building truly connected agent systems.

Did you miss these posts in the series?

Agent Factory: The new era of agentic AI—common use cases and design patterns.

Agent Factory: Building your first AI agent with the tools to deliver real-world outcomes.

Agent Factory: Top 5 agent observability best practices for reliable AI.

Azure AI Foundry
Build AI agents that automate tasks, enhance user experiences, and deliver results.

Learn more

The post Agent Factory: From prototype to production—developer tools and rapid agent development appeared first on Microsoft Azure Blog.
Quelle: Azure

Microsoft Cost Management updates—July & August 2025

Whether you’re a new student, a thriving startup, or the largest enterprise, you have financial constraints. You need to know what you’re spending, where your money is being spent, and how to plan for the future. Nobody wants a surprise bill—and that’s where Microsoft Cost Management comes in. We’re always looking for ways to learn more about your challenges and help you do more with less.

See the newest features on Microsoft Cost Management

Here are a few of the latest improvements and updates (July 2025):

Service Principal support for Partner Admin Reader role (EA indirect partners)

Azure Pricing Calculator: Tip of the Month

New ways to save money with Microsoft Cloud

New videos and learning opportunities

Documentation updates

Let’s dig into the details.

Service Principal support for Partner Admin Reader role (EA indirect partners)

We’re excited to announce that Azure now supports assigning the Partner Admin Reader role to Service Principals. This enhancement empowers Enterprise Agreement indirect partners (CSPs who manage customer Azure costs) to programmatically access cost data across their customers’ enrollments under their Partner Customer Number (PCN) via Azure Active Directory applications—without relying on interactive user accounts.

Why this matters:

Managing cloud costs across multiple customers is complex and might be error-prone when relying on manual exports or shared credentials. Partners need secure, scalable, and automated access to cost data to integrate insights into their tools and optimize spend in real time.

With these enhancements, partners can now:

Automate cost data retrieval securely using Azure Active Directory service principals (no shared user credentials).

Integrate Cost Management data into partner billing tools, dashboards, or workflows using APIs.

Maintain strong governance and control access to billing scopes with Azure Role-Based Access Control.

Enable near real-time monitoring, invoice reconciliation, and proactive cost optimization across multiple customers.

To get started, learn more about how to assign Enterprise Agreement roles to service principals.

Azure Pricing Calculator: Tip of the Month 

When working with estimates in the Azure Pricing Calculator—that include multiple services—scrolling through all the details can become overwhelming. To simplify your view, click the collapse button on your estimate. This instantly minimizes the detailed configuration for all services in your estimate, leaving just the summary line visible.

Why this helps:

Reduces unnecessary scrolling when managing large estimates.

Makes it easier to focus on the services you want to review or adjust.

Keeps your workspace clean and organized, especially when sharing estimates with others.

Try collapsing services the next time you build a complex estimate. It’s a small trick that makes a big difference in navigating your pricing scenarios!

New ways to save money with Microsoft Cloud

Here are new and updated offers you might be interested in for cost savings and optimization from July and August 2025:

Generally available: Azure Firewall ingestion-time transformation for cost-efficient logging. Now you can filter or transform Azure Firewall logs before they’re ingested into Log Analytics, reducing the amount of data stored and lowering your logging costs without losing critical security insights. 

Public preview: Azure Storage Mover–free Amazon Web Services S3-to-Azure Blob migration. Now you can move data from Amazon Web Services S3 to Azure Blob Storage securely and at no additional cost using Azure Storage Mover. This fully managed service simplifies multi-cloud or full migration scenarios without third-party tools, reducing complexity and expenses.

New videos and learning opportunities

We added several new videos for your viewing and learning. Whether you are new to Cost Management or require a refresher, these videos will prove to be highly beneficial:

Managing Access to Cost Management Data

How to use the Azure Copilot to understand your costs

Configuring Cost Allocation Rules and Tags

Documentation updates

The Cost Management and Billing documentation continues to evolve. Here are some our new and updated documents from July and August:

Pay your Microsoft Customer Agreement or Microsoft Online Subscription Program bill: Updated on July 2 to add partial payment options and India-specific payment methods.

Manage Azure Reservations: Updated on July 8 to clarify reservation scope changes, splitting reservations, and limitations on billing subscription changes.

Charge back Azure saving plan costs: Published on July 9 to explain chargeback/showback for savings plans using amortized cost and API queries.

Calculate Enterprise Agreement (EA) savings plan cost savings: Published on July 9 to guide EA customers in calculating savings plan benefits using amortized usage data.

Manage Azure costs with automation: Updated on July 10 to add best practices for Cost Details API, automation workflows, and handling large datasets.

Understand and work with Cost Management scopes: Updated on July 25 to clarify Role-Based Access Control vs. billing scopes and role requirements for cost visibility.

Manage a Microsoft Azure Consumption Commitment resource: Published on August 14 to describe MACC resources, movement between subscriptions, and deletion rules.

Set up your billing account for a Microsoft Customer Agreement: Updated on August 14 to detail EA-to-MCA transition steps, prerequisites, and common migration issues.

Manage a Microsoft Azure credit resource under a subscription: Published on August 19 to introduce Azure Credit resources for MCA accounts and explain moving or deleting them.

Permissions to view and manage Azure reservations: Updated on August 21 to expand guidance on Role-Based Access Control roles, billing roles, and delegation for reservation access.

Want to keep an eye on all documentation updates? Check out the change history of the Cost Management and Billing documentation in the Azure Docs repository on GitHub. If you see something missing, select Edit at the top of the document and submit a quick pull request. You can also submit a GitHub issue. We welcome and appreciate all contributions!

What’s next for Cost Management

These are just a few of the updates from the last two months. Don’t forget to check out previous Microsoft Cost Management updates for more tips and features. We’re always listening and making continuous improvements based on your feedback—please keep it coming!

Follow the team, share your ideas, and get involved:

Submit ideas and vote on requests in the Cost Management feedback forum.

Watch and subscribe to the Microsoft Cost Management YouTube channel.

Stay tuned for more in next month’s update.

Microsoft Cost Management
Manage your cloud costs with confidence.

Get started >

The post Microsoft Cost Management updates—July & August 2025 appeared first on Microsoft Azure Blog.
Quelle: Azure

Azure mandatory multifactor authentication: Phase 2 starting in October 2025

As cyberattacks become increasingly frequent, sophisticated, and damaging, safeguarding your digital assets has never been more critical, and at Microsoft, your security is our top priority. Microsoft research shows that multifactor authentication (MFA) can block more than 99.2% of account compromise attacks, making it one of the most effective security measures available.

As announced in August 2024, Azure started to implement mandatory MFA for Azure Public Cloud sign-ins. By enforcing MFA for Azure sign-ins, we aim to provide you with the best protection against cyber threats as part of Microsoft’s commitment to enhance security for all customers, taking one step closer to a more secure future.

As previously announced, Azure MFA enforcement was rolled out gradually in phases to provide customers with enough time to plan and execute their implementations:

Phase 1: MFA enforcement on Azure Portal, Microsoft Entra admin center, and Intune admin center sign-ins.

Phase 2: Gradual enforcement for MFA requirement for users performing Azure resource management operations through any client (including but not limited to: Azure Command-Line Interface (CLI), Azure PowerShell, Azure Mobile App, REST APIs, Azure Software Development Kit (SDK) client libraries, and Infrastructure as Code (IaC) tools).

We are proud to announce that multifactor enforcement for Azure Portal sign-ins was rolled out for 100% of Azure tenants in March 2025. Now, Azure is announcing the start of Phase 2 MFA enforcement at the Azure Resource Manager layer, starting October 1, 2025. Phase 2 enforcement will be gradually applied across Azure tenants through Azure Policy, following Microsoft safe deployment practices.

Starting this week, Microsoft sent notices to all Microsoft Entra Global Administrators by email and through Azure Service Health notifications to notify the start date of enforcement and how to prepare for upcoming MFA enforcement.

Prepare for mandatory MFA enforcement

Customer impact

Users will be required to authenticate with MFA before performing resource management operations. Workload identities, such as managed identities and service principals, aren’t impacted by either phase of this MFA enforcement.

Learn more about the scope of enforcement.

How to prepare

1. Enable MFA for your users

To ensure your users can perform resource management actions, enable MFA for your users by October 1, 2025. To identify which users in your environment are set up for mandatory MFA, follow these steps. 

2. Understand potential impact

To understand potential impact ahead of Phase 2 enforcement, assign built-in Azure Policy definitions to block resource management operations if the user has not authenticated with MFA.

Customers can gradually apply this enforcement across different resource hierarchy scopes, resource types, or regions.

3. Update your Azure CLI and PowerShell clients

For the best compatibility experience, users in your tenant should use Azure CLI version 2.76 and Azure PowerShell version 14.3 or later.

Next steps for multifactor authentication for Azure sign-in

To ensure your users can perform resource management actions, enable MFA for your users by October 1, 2025. 

To understand the potential impact, apply a built-in Azure Policy definition in audit or enforcement mode.

For the best compatibility experience, users in your tenant should use Azure CLI version 2.76 and Azure PowerShell version 14.3 or later.

If you can’t enable MFA for your tenant by October 1, 2025, the Global Administrator for your tenant can postpone the enforcement date through Azure Portal.

Keep an eye out for further communications through the previously communicated notification channels.

MFA for Azure sign-in
Prepare for Phase 2 of multifactor authentication enforcement.

Learn more

The post Azure mandatory multifactor authentication: Phase 2 starting in October 2025 appeared first on Microsoft Azure Blog.
Quelle: Azure

Agent Factory: Top 5 agent observability best practices for reliable AI

This blog post is the third out of a six-part blog series called Agent Factory which will share best practices, design patterns, and tools to help guide you through adopting and building agentic AI.

Seeing is knowing—the power of agent observability

As agentic AI becomes more central to enterprise workflows, ensuring reliability, safety, and performance is critical. That’s where agent observability comes in. Agent observability empowers teams to:

Detect and resolve issues early in development.

Verify that agents uphold standards of quality, safety, and compliance.

Optimize performance and user experience in production.

Maintain trust and accountability in AI systems.

With the rise of complex, multi-agent and multi-modal systems, observability is essential for delivering AI that is not only effective, but also transparent, safe, and aligned with organizational values. Observability empowers teams to build with confidence and scale responsibly by providing visibility into how agents behave, make decisions, and respond to real-world scenarios across their lifecycle.

Learn more about building agentic AI in Azure AI Foundry

What is agent observability?

Agent observability is the practice of achieving deep, actionable visibility into the internal workings, decisions, and outcomes of AI agents throughout their lifecycle—from development and testing to deployment and ongoing operation. Key aspects of agent observability include:

Continuous monitoring: Tracking agent actions, decisions, and interactions in real time to surface anomalies, unexpected behaviors, or performance drift.

Tracing: Capturing detailed execution flows, including how agents reason through tasks, select tools, and collaborate with other agents or services. This helps answer not just “what happened,” but “why and how did it happen?”

Logging: Records agent decisions, tool calls, and internal state changes to support debugging and behavior analysis in agentic AI workflows.

Evaluation: Systematically assessing agent outputs for quality, safety, compliance, and alignment with user intent—using both automated and human-in-the-loop methods.

Governance: Enforcing policies and standards to ensure agents operate ethically, safely, and in accordance with organizational and regulatory requirements.

Traditional observability vs agent observability

Traditional observability relies on three foundational pillars: metrics, logs, and traces. These provide visibility into system performance, help diagnose failures, and support root-cause analysis. They are well-suited for conventional software systems where the focus is on infrastructure health, latency, and throughput.

However, AI agents are non-deterministic and introduce new dimensions—autonomy, reasoning, and dynamic decision making—that require a more advanced observability framework. Agent observability builds on traditional methods and adds two critical components: evaluations and governance. Evaluations help teams assess how well agents resolve user intent, adhere to tasks, and use tools effectively. Agent governance can ensure agents operate safely, ethically, and in compliance with organizational standards.

This expanded approach enables deeper visibility into agent behavior—not just what agents do, but why and how they do it. It supports continuous monitoring across the agent lifecycle, from development to production, and is essential for building trustworthy, high-performing AI systems at scale.

Azure AI Foundry Observability provides end-to-end agent observability

Azure AI Foundry Observability is a unified solution for evaluating, monitoring, tracing, and governing the quality, performance, and safety of your AI systems end to end in Azure AI Foundry—all built into your AI development loop. From model selection to real-time debugging, Foundry Observability capabilities empower teams to ship production-grade AI with confidence and speed. It’s observability, reimagined for the enterprise AI era.

With built-in capabilities like the Agents Playground evaluations, Azure AI Red Teaming Agent, and Azure Monitor integration, Foundry Observability brings evaluation and safety into every step of the agent lifecycle. Teams can trace each agent flow with full execution context, simulate adversarial scenarios, and monitor live traffic with customizable dashboards. Seamless CI/CD integration enables continuous evaluation on every commit and governance support with Microsoft Purview, Credo AI, and Saidot integration helps enable alignment with regulatory frameworks like the EU AI Act—making it easier to build responsible, production-grade AI at scale.

Five best practices for agent observability

1. Pick the right model using benchmark driven leaderboards

Every agent needs a model and choosing the right model is foundational for agent success. While planning your AI agent, you need to decide which model would be the best for your use case in terms of safety, quality, and cost.

You can pick the best model by either evaluating the model on your own data or use Azure AI Foundry’s model leaderboards to compare foundation models out-of-the-box by quality, cost, and performance—backed by industry benchmarks. With Foundry model leaderboards, you can find model leaders in various selection criteria and scenarios, visualize trade-offs among the criteria (e.g., quality vs cost or safety), and dive into detailed metrics to make confident, data-driven decisions.

Azure AI Foundry’s model leaderboards gave us the confidence to scale client solutions from experimentation to deployment. Comparing models side by side helped customers select the best fit—balancing performance, safety, and cost with confidence.
—Mark Luquire, EY Global Microsoft Alliance Co-Innovation Leader, Managing Director, Ernst & Young, LLP*

2. Evaluate agents continuously in development and production

Agents are powerful productivity assistants. They can plan, make decisions, and execute actions. Agents typically first reason through user intents in conversations, select the correct tools to call and satisfy the user requests, and complete various tasks according to their instructions. Before deploying agents, it’s critical to evaluate their behavior and performance.

Azure AI Foundry makes agent evaluation easier with several agent evaluators supported out-of-the-box, including Intent Resolution (how accurately the agent identifies and addresses user intentions), Task Adherence (how well the agent follows through on identified tasks), Tool Call Accuracy (how effectively the agent selects and uses tools), and Response Completeness (whether the agent’s response includes all necessary information). Beyond agent evaluators, Azure AI Foundry also provides a comprehensive suite of evaluators for broader assessments of AI quality, risk, and safety. These include quality dimensions such as relevance, coherence, and fluency, along with comprehensive risk and safety checks that assess for code vulnerabilities, violence, self-harm, sexual content, hate, unfairness, indirect attacks, and the use of protected materials. The Azure AI Foundry Agents Playground brings these evaluation and tracing tools together in one place, letting you test, debug, and improve agentic AI efficiently.

The robust evaluation tools in Azure AI Foundry help our developers continuously assess the performance and accuracy of our AI models, including meeting standards for coherence, fluency, and groundedness.
—Amarender Singh, Director, AI, Hughes Network Systems

3. Integrate evaluations into your CI/CD pipelines

Automated evaluations should be part of your CI/CD pipeline so every code change is tested for quality and safety before release. This approach helps teams catch regressions early and can help ensure agents remain reliable as they evolve.

Azure AI Foundry integrates with your CI/CD workflows using GitHub Actions and Azure DevOps extensions, enabling you to auto-evaluate agents on every commit, compare versions using built-in quality, performance, and safety metrics, and leverage confidence intervals and significance tests to support decisions—helping to ensure that each iteration of your agent is production ready.

We’ve integrated Azure AI Foundry evaluations directly into our GitHub Actions workflow, so every code change to our AI agents is automatically tested before deployment. This setup helps us quickly catch regressions and maintain high quality as we iterate on our models and features.
—Justin Layne Hofer, Senior Software Engineer, Veeam

4. Scan for vulnerabilities with AI red teaming before production

Security and safety are non-negotiable. Before deployment, proactively test agents for security and safety risks by simulating adversarial attacks. Red teaming helps uncover vulnerabilities that could be exploited in real-world scenarios, strengthening agent robustness.

Azure AI Foundry’s AI Red Teaming Agent automates adversarial testing, measuring risk and generating readiness reports. It enables teams to simulate attacks and validate both individual agent responses and complex workflows for production readiness.

Accenture is already testing the Microsoft AI Red Teaming Agent, which simulates adversarial prompts and detects model and application risk posture proactively. This tool will help validate not only individual agent responses, but also full multi-agent workflows in which cascading logic might produce unintended behavior from a single adversarial user. Red teaming lets us simulate worst-case scenarios before they ever hit production. That changes the game.
—Nayanjyoti Paul, Associate Director and Chief Azure Architect for Gen AI, Accenture

5. Monitor agents in production with tracing, evaluations, and alerts

Continuous monitoring after deployment is essential to catch issues, performance drift, or regressions in real time. Using evaluations, tracing, and alerts helps maintain agent reliability and compliance throughout its lifecycle.

Azure AI Foundry observability enables continuous agentic AI monitoring through a unified dashboard powered by Azure Monitor Application Insights and Azure Workbooks. This dashboard provides real-time visibility into performance, quality, safety, and resource usage, allowing you to run continuous evaluations on live traffic, set alerts to detect drift or regressions, and trace every evaluation result for full-stack observability. With seamless navigation to Azure Monitor, you can customize dashboards, set up advanced diagnostics, and respond swiftly to incidents—helping to ensure you stay ahead of issues with precision and speed.

Security is paramount for our large enterprise customers, and our collaboration with Microsoft allays any concerns. With Azure AI Foundry, we have the desired observability and control over our infrastructure and can deliver a highly secure environment to our customers.
—Ahmad Fattahi, Sr. Director, Data Science, Spotfire

Get started with Azure AI Foundry for end-to-end agent observability

To summarize, traditional observability includes metrics, logs, and traces. Agent Observability needs metrics, traces, logs, evaluations, and governance for full visibility. Azure AI Foundry Observability is a unified solution for agent governance, evaluation, tracing, and monitoring—all built into your AI development lifecycle. With tools like the Agents Playground, smooth CI/CD, and governance integrations, Azure AI Foundry Observability empowers teams to ensure their AI agents are reliable, safe, and production ready. Learn more about Azure AI Foundry Observability and get full visibility into your agents today!

What’s next

In part four of the Agent Factory series, we’ll focus on how you can go from prototype to production faster with developer tools and rapid agent development.

Did you miss these posts in the series?

Agent Factory: The new era of agentic AI—common use cases and design patterns.

Agent Factory: Building your first AI agent with the tools to deliver real-world outcomes.

Azure AI Foundry
Build adaptable AI agents that automate tasks and enhance user experiences.

Learn more

*The views reflected in this publication are the views of the speaker and do not necessarily reflect the views of the global EY organization or its member firms.
The post Agent Factory: Top 5 agent observability best practices for reliable AI appeared first on Microsoft Azure Blog.
Quelle: Azure

Protecting Azure Infrastructure from silicon to systems

At Microsoft, secure design begins at the foundation of our computing stack—the silicon level—and extends through every layer of the cloud. Since launching the Secure Future Initiative (SFI)—a company-wide commitment to security, we continue to prioritize delivering products and solutions that are secure by design, secure by default, and secure in operation.

SFI sits at the core of Azure’s approach to designing hardware systems, reshaping the architecture, deployment, and operations of our physical cloud and AI infrastructure. Azure is redefining workload security from the datacenter to the edge. Our comprehensive approach includes Azure Boost, which isolates control and data planes for virtual machines; the Azure Integrated HSM, a custom security chip providing FIPS 140-3 Level 3 key protection within our servers; and confidential computing, which protects data in-use through hardware-based trusted execution environments (TEEs). 

Microsoft has also made ongoing efforts to advance systematic security audits and contribute to the open-source community through Caliptra—a silicon root-of-trust designed to anchor security in hardware. Combining these initiatives with technologies such as confidential computing and code transparency services, our aim is to ensure that every component in the supply chain can be securely verified. 

Figure 1: Building blocks of Azure’s hardware security Architecture .

Purpose built silicon for defense-in-depth 

Azure Boost serves as the system’s security controller, managing secure access to Azure. Only systems with a verified and approved security configuration are granted access. 

To enhance security and performance, Azure Boost offloads control plane services from the host CPU to a dedicated Azure Boost system controller. This setup creates a hardware separation  between Azure’s control plane—running on the Azure Boost controller—and customer workloads—running on the CPU—ensuring strong isolation and protection.

Azure Integrated HSM is a server local Hardware Security Module (HSM) for high-assurance workloads. It is designed to meet the stringent requirements of the Federal Information Processing Standards (FIPS) 140-3 Level 3 security requirements, requiring strong isolation, tamper-resistant hardware, identity-based authentication, and automatic zeroization. Azure Integrated HSM protects keys in-use, by ensuring keys always remain within the bounds of the HSM. 

Unlike centralized remote HSM services, Azure Integrated HSM eliminates network roundtrips for key operations and avoids the need to release keys into the workload environment. Instead of relying on remote access, the Azure Integrated HSM is securely bound to the local workload and provides oracle-style key usage to authorized services within the local environment. 

Learn more about Azure Integrated HSM

Azure Datacenter Secure Control Module (DC-SCM)—DC-SCM is a security and server control module that contains Hydra—a security-focused Board Management Controller (BMC) design, with an integrated root-of-trust and hardware-based security protection on all management interfaces. This root of trust restricts unauthorized access to BMC firmware and ensures the firmware is authenticated and cryptographically measured. 

Confidential Computing offers a spectrum of guarantees

Confidential computing makes use of hardware-based Trusted Execution Environments (TEEs) to protect workloads—such as virtual machines—from other system software, including the hypervisor. 

Microsoft, a founding member of the Confidential Computing Consortium, works closely with CPU and GPU manufacturers to design and integrate confidential computing technologies directly into their hardware. Earlier this year at the Confidential Computing Summit we defined a spectrum of guarantees users can enable with confidential computing when they port their applications, including:  

On by default, is the lift and shift existing applications with minimal change.   

Build in confidential computing by designing services and applications that make deeper use of hardware-based protections.

Leverage transparent confidential computing to gain deeper insights into how confidential services interact and operate securely.

Figure 2. Confidential Computing—Spectrum of Guarantees.

Azure has the most comprehensive portfolio of confidential computing solutions, including confidential virtual machines, containers, generative AI, and services like Azure Confidential Ledger, Azure Attestation, and Managed HSM—each designed to protect code and data throughout its lifecycle using hardware-backed security. 

Hardware Security Transparency

Caliptra is a hardware root of trust that plays a critical role in securing devices. It anchors the chain of trust directly in silicon, establishing foundational security properties that support the integrity of higher-level features. This foundation provides workloads the ability to verify the code and configuration of the underlying platform, enabling workloads establish trust in the hardware platform. 

Caliptra is a fully open-source silicon root of trust developed through a collaboration between Microsoft, AMD, Google, and NVIDIA. In April, we released Caliptra 2.0, which included Adams Bridge—an open-source accelerator designed for post-quantum resilient cryptography. This integration made Caliptra the first open-source root of trust to feature hardened post-quantum cryptography, driving broader adoption across the hardware ecosystem. 

Systematic Security Reviews play a critical role in protecting hardware infrastructure, which relies on both low-level hardware features and the firmware that runs on top of them. Ensuring firmware security involves rigorous code scanning, continuous security reviews, and hardware-based attestation. 

Historically, Microsoft conducted these reviews internally. To enhance transparency and extend security assurance beyond Microsoft, we partnered with Google and the Open Compute Project in 2023 to establish OCP SAFE—a framework for systematic security reviews.

Under OCP SAFE, approved Security Review Providers (SRPs) perform independent evaluations and issue verifiable endorsements of a manufacturer’s security compliance. These endorsements serve as trusted evidence, supporting secure device attestations and reinforcing confidence in the hardware supply chains. 

Enhancing security with Code Transparency Services

Code Transparency Services (CTS) is an immutable ledger technology built to meet the standards of Supply Chain Integrity, Transparency, and Trust (SCITT). It operates exclusively within confidential computing environments, enhancing trust in Azure’s hardware and firmware by ensuring that every component is verifiably secure .

CTS addresses key challenges in firmware provenance, integrity, and auditability across both first-party and third-party supply chains. When paired with a silicon root of trust like Caliptra, and supported by audits such as OCP-SAFE, CTS ensures that hardware and firmware are authorized, non-repudiable, and immutably auditable. 

Today, CTS is a central component in Azure’s confidential cloud services. In addition to Azure’s own usage, CTS will be available as a managed service—allowing Azure customers to create and operate their own transparency service instances. 

Staying secure with Microsoft

Microsoft’s Secure Future Initiative (SFI) provides a guiding framework for building secure and trustworthy cloud infrastructure. By embedding security into every layer—from silicon to systems to services—Azure takes a defense-in-depth approach to cloud security. Through innovations like Azure Boost, Azure Integrated HSM, and confidential computing, and through collaborative efforts such as Caliptra, OCP SAFE, and SCITT, Microsoft is not only securing today’s workloads but also laying the foundation for a more secure and transparent future. 

Azure Boost
Explore next-generation Azure infrastructure.

Learn more >

The post Protecting Azure Infrastructure from silicon to systems appeared first on Microsoft Azure Blog.
Quelle: Azure