DailyAzureUpdatesGenerator

October 14, 2025 - Azure Updates Summary Report (Details Mode)

Generated on: October 14, 2025 Target period: Within the last 24 hours Processing mode: Details Mode Number of updates: 5 items

Update List

1. Public Preview: Environmental sustainability features in Azure API Management

Published: October 13, 2025 16:30:27 UTC Link: Public Preview: Environmental sustainability features in Azure API Management

Update ID: 513074 Data source: Azure Updates API

Categories: In preview, Integration, Internet of Things, Mobile, Web, API Management, Features

Summary:

• What was updated
  Azure API Management introduced environmental sustainability features, now available in public preview.

• Key changes or new features
  The update enables API traffic and policy behavior to be carbon-aware, helping organizations reduce the carbon footprint of their API infrastructure. This includes insights and controls that allow developers and IT teams to optimize API usage and policies based on environmental impact metrics.

• Target audience affected
  Developers, API architects, and IT professionals managing Azure API Management services who are focused on sustainability and want to integrate carbon footprint considerations into their API operations.

• Important notes if any
  These features are currently in public preview, so users should evaluate them in non-production environments and provide feedback. Organizations aiming to meet sustainability goals can leverage these capabilities to align API management with environmental objectives.

For more details, visit: https://azure.microsoft.com/updates?id=513074

Details:

Azure API Management (APIM) has introduced environmental sustainability features in public preview, aimed at enabling organizations to reduce the carbon footprint associated with their API operations. This update reflects a growing emphasis on sustainable cloud computing by integrating carbon-aware capabilities directly into API management workflows.

Background and Purpose
As cloud adoption expands, so does the energy consumption and associated carbon emissions of IT infrastructure. Enterprises increasingly seek to align their digital transformation with sustainability goals. Azure API Management, a critical service for managing, securing, and scaling APIs, now incorporates environmental considerations to help organizations monitor and optimize the carbon impact of their API traffic and policies. The purpose is to provide actionable insights and controls that enable greener API operations without compromising performance or security.

Specific Features and Detailed Changes
The public preview introduces carbon-aware features that analyze API traffic patterns and policy executions to estimate and minimize carbon emissions. Key capabilities include:

• Carbon Footprint Metrics: APIM now provides metrics related to the estimated carbon emissions generated by API calls, enabling visibility into the environmental impact of API workloads.
• Carbon-Aware Policy Behavior: New policy expressions and controls allow API administrators to implement routing or throttling decisions based on carbon intensity data. For example, APIs can be configured to route traffic to regions or endpoints with lower carbon intensity or delay non-critical requests during periods of high carbon emissions.
• Integration with Carbon Intensity Data: The system leverages real-time carbon intensity data from Azure regions, reflecting the current sustainability profile of the underlying data centers.

Technical Mechanisms and Implementation Methods
The implementation relies on integrating carbon intensity signals—data representing the grams of CO2 equivalent emitted per kilowatt-hour of electricity consumed—into the APIM service telemetry and policy engine. This is achieved by:

• Collecting real-time carbon intensity metrics from Azure’s sustainability data sources.
• Correlating API request volumes and processing activities with these metrics to estimate carbon emissions per API call.
• Extending the APIM policy framework to include carbon-aware conditions and actions, enabling dynamic traffic management based on environmental factors.
• Exposing new monitoring metrics through Azure Monitor and Application Insights for detailed reporting and analysis.

Use Cases and Application Scenarios

• Sustainable API Routing: Enterprises can route API requests to Azure regions with lower carbon intensity, optimizing for greener energy sources.
• Demand Shaping: Non-urgent API calls can be deferred or throttled during periods of high carbon emissions to reduce environmental impact.
• Carbon Reporting: Organizations can generate reports on the carbon footprint of their API usage, supporting sustainability audits and compliance.
• Green SLAs: Service providers can offer sustainability-based service-level agreements by leveraging carbon-aware policies.

Important Considerations and Limitations

• The feature is currently in public preview, so it should not be used in production environments without appropriate risk assessment.
• Carbon intensity data granularity and accuracy depend on Azure’s regional sustainability data, which may vary.
• Implementing carbon-aware routing may introduce latency or availability trade-offs that need to be carefully managed.
• Integration with existing API policies requires testing to ensure compatibility and performance.

Integration with Related Azure Services

• Azure Monitor and Application Insights: For capturing and visualizing carbon footprint metrics alongside API performance data.
• Azure Sustainability Calculator: To correlate API emissions data with broader organizational sustainability metrics.
• Azure Traffic Manager or Front Door: Can be used in conjunction with APIM’s carbon-aware policies to implement global traffic routing based on sustainability criteria.
• Azure Functions and Logic Apps: For automating responses or notifications triggered by carbon intensity thresholds detected in API traffic.

In summary, the introduction of environmental sustainability features in Azure API Management empowers IT professionals to incorporate carbon-aware decision-making into their API infrastructure, enabling greener cloud operations through real-time carbon intensity data integration, enhanced policy controls, and comprehensive monitoring

---

2. Public Preview: PostgreSQL 18 on Azure Database for PostgreSQL – Flexible Server

Published: October 13, 2025 16:00:05 UTC Link: Public Preview: PostgreSQL 18 on Azure Database for PostgreSQL – Flexible Server

Update ID: 508403 Data source: Azure Updates API

Categories: In preview, Databases, Hybrid + multicloud, Azure Database for PostgreSQL, Features

Summary:

• What was updated
  Azure Database for PostgreSQL – Flexible Server now offers public preview support for PostgreSQL version 18.

• Key changes or new features
  PostgreSQL 18 brings enhancements in performance and scalability, along with developer productivity improvements. Early access allows users to leverage the latest community-driven features and optimizations in a managed environment.

• Target audience affected
  Developers building applications on PostgreSQL and IT professionals managing database infrastructure on Azure will benefit from testing and adopting PostgreSQL 18 in their workloads.

• Important notes if any
  This is a public preview release, so it is recommended for evaluation and testing purposes rather than production workloads. Users should monitor for updates and potential changes before general availability. For more details and to get started, visit the official Azure update page.

Details:

The recent public preview release of PostgreSQL 18 on Azure Database for PostgreSQL – Flexible Server enables IT professionals to access the latest version of the open-source relational database engine within a managed, scalable cloud environment. This update aims to provide enhanced performance, scalability, and developer productivity improvements by integrating PostgreSQL 18’s new features into Azure’s flexible server architecture.

Background and Purpose
Azure Database for PostgreSQL – Flexible Server is designed to offer greater control and customization over PostgreSQL deployments compared to the single server option, including zone-redundant high availability and burstable compute tiers. The introduction of PostgreSQL 18 in public preview aligns with Azure’s commitment to providing customers with the most current database engine versions to leverage new capabilities and optimizations. This update allows early adopters to evaluate PostgreSQL 18’s enhancements in a managed cloud environment, facilitating migration planning and application modernization.

Specific Features and Detailed Changes
PostgreSQL 18 introduces multiple improvements that impact query performance, concurrency, and developer experience. Key features include:

• Enhanced query parallelism and indexing algorithms that reduce latency and improve throughput for complex workloads.
• Improved partitioning strategies and vacuuming processes that optimize storage management and reduce maintenance overhead.
• New SQL features and extensions that simplify application development, such as expanded JSON functionality and procedural language enhancements.
• Better support for large-scale workloads through improved connection handling and resource management.

Azure’s Flexible Server integrates these features while maintaining compatibility with existing PostgreSQL tools and extensions, enabling seamless upgrades.

Technical Mechanisms and Implementation Methods
Azure implements PostgreSQL 18 on Flexible Server using containerized instances orchestrated to provide high availability and automated patching. The flexible server model supports zone-redundant high availability, enabling failover across availability zones with minimal downtime. Users can configure compute and storage independently, allowing scaling based on workload demands. The preview supports Azure-managed backups, point-in-time restore, and monitoring through Azure Monitor and Log Analytics. Underlying infrastructure leverages Azure’s network and storage subsystems optimized for low latency and high throughput.

Use Cases and Application Scenarios
This update is particularly beneficial for enterprises and developers requiring:

• Modernizing existing PostgreSQL workloads to leverage new engine capabilities without managing infrastructure.
• Running complex analytical queries or transactional workloads that benefit from improved parallelism and indexing.
• Developing cloud-native applications that utilize advanced JSON and procedural language features.
• Scaling database resources dynamically in response to fluctuating workloads in SaaS, e-commerce, financial services, and IoT applications.

Important Considerations and Limitations
As a public preview, PostgreSQL 18 on Flexible Server may have some feature gaps or stability considerations compared to generally available versions. It is recommended to use this preview for evaluation and testing rather than production workloads. Certain extensions or third-party tools may not yet be fully compatible with PostgreSQL 18. Additionally, region availability may be limited during the preview phase. Users should review Azure’s documentation for any known issues and monitor the service health dashboard.

Integration with Related Azure Services
PostgreSQL 18 on Flexible Server integrates seamlessly with Azure ecosystem services such as:

• Azure App Service and Azure Kubernetes Service (AKS) for hosting applications that connect to the database.
• Azure Data Factory and Azure Synapse Analytics for data ingestion, transformation, and analytics workflows.
• Azure Monitor and Azure Security Center for observability, alerting, and security management.
• Azure Active Directory for authentication and role-based access control integration.

This integration facilitates building end-to-end cloud solutions leveraging the latest PostgreSQL capabilities with Azure’s managed services.

In summary, the public preview of PostgreSQL 18 on Azure Database for PostgreSQL – Flexible Server provides IT professionals early access to the newest PostgreSQL features within a scalable, managed environment, enabling enhanced performance and developer productivity while integrating deeply with Azure’s cloud ecosystem.

---

3. Retirement: Azure Custom Vision will be retired on September 25, 2028

Published: October 13, 2025 16:00:05 UTC Link: Retirement: Azure Custom Vision will be retired on September 25, 2028

Update ID: 502914 Data source: Azure Updates API

Categories: AI + machine learning, Azure AI Custom Vision, Retirements

Summary:

• What was updated
  Microsoft announced the planned retirement of the Azure Custom Vision service, effective September 25, 2028.

• Key changes or new features
  No new features will be added as the service is entering a retirement phase. Full support, including security updates and technical assistance, will continue until the retirement date.

• Target audience affected
  Developers and IT professionals currently using Azure Custom Vision for building and deploying custom image classification and object detection models.

• Important notes if any
  Customers should begin planning their migration strategies well in advance of the retirement date. Microsoft recommends evaluating alternative Azure Cognitive Services or other machine learning platforms to replace Custom Vision workloads. Continuing to use the service after September 25, 2028, will not be supported. Early migration will help avoid disruptions and maintain service continuity.

For more details, visit: https://azure.microsoft.com/updates?id=502914

Details:

The announced retirement of Azure Custom Vision on September 25, 2028, signals Microsoft’s planned phase-out of this specialized AI service designed for building custom image classification and object detection models. Azure Custom Vision has enabled developers and data scientists to rapidly create, train, and deploy tailored computer vision models without deep expertise in machine learning or computer vision algorithms. This update serves as a long-term notice to allow existing users ample time to transition their workloads and explore alternative solutions.

Background and Purpose:
Azure Custom Vision was introduced to simplify the creation of custom image recognition models by providing an accessible interface and automated training pipelines leveraging transfer learning on pre-trained convolutional neural networks. Over time, Microsoft has evolved its AI and vision offerings, integrating more advanced and scalable services such as Azure Cognitive Services’ Computer Vision and the Azure AI platform’s Custom Neural Voice and Form Recognizer. The retirement announcement reflects a strategic consolidation of AI services to focus on more integrated, scalable, and versatile solutions.

Specific Features and Detailed Changes:
The core capabilities of Azure Custom Vision—image classification (multi-class and multi-label) and object detection—will no longer be available after the retirement date. Until then, Microsoft will maintain full support, including service availability, security updates, and technical assistance. No new features or enhancements will be introduced, and customers should avoid starting new projects on this platform. The service’s APIs, SDKs, and portal interfaces will continue to function normally until the cutoff date.

Technical Mechanisms and Implementation Methods:
Azure Custom Vision operates by allowing users to upload labeled images, which are then used to train models using transfer learning on Microsoft’s cloud infrastructure. The service abstracts complex model training, hyperparameter tuning, and deployment steps, exposing REST APIs and SDKs for integration into applications. Post-retirement, these APIs will be deprecated, and calls will cease to function. Users should plan to export existing models or retrain them using alternative Azure AI services or open-source frameworks.

Use Cases and Application Scenarios:
Typical use cases include retail product recognition, defect detection in manufacturing, medical image classification, and content moderation. Organizations have leveraged Custom Vision for rapid prototyping and deployment of vision models embedded in mobile apps, IoT devices, and web services. The retirement necessitates migration plans for these scenarios to ensure continuity.

Important Considerations and Limitations:

• Customers must plan their migration well before September 2028 to avoid service disruption.
• There is no direct one-to-one replacement within Azure Cognitive Services; however, the broader Computer Vision API and Azure Machine Learning provide more flexible and powerful alternatives.
• Exporting trained models for use in Azure Machine Learning or on-premises environments may require format conversions and retraining.
• Legacy applications tightly coupled with Custom Vision APIs will need code refactoring.
• Data privacy and compliance considerations remain paramount during migration, especially when transferring labeled datasets or models.

Integration with Related Azure Services:
Azure Custom Vision has historically integrated with Azure IoT Edge for edge deployment, Azure Functions for serverless inference, and Azure DevOps for CI/CD pipelines. Post-retirement, users should consider:

• Azure Cognitive Services’ Computer Vision for general image analysis tasks.
• Azure Machine Learning for custom model training, deployment, and lifecycle management, offering greater control and scalability.
• Azure IoT Edge continues to support deployment of containerized AI models, enabling edge inferencing with models trained outside Custom Vision.
• Azure Blob Storage and Azure Data Factory remain relevant for managing and orchestrating image datasets during migration.

In summary, the retirement of Azure Custom Vision by September 25, 2028, requires IT professionals to initiate strategic planning for migrating existing custom vision workloads to alternative Azure AI services or custom machine learning pipelines. Maintaining operational continuity, adapting application architectures, and leveraging more advanced AI platforms will be critical to future-proofing computer vision capabilities within the Azure ecosystem.

---

4. Public Preview: Azure Integrated HSM

Published: October 13, 2025 15:30:40 UTC Link: Public Preview: Azure Integrated HSM

Update ID: 503325 Data source: Azure Updates API

Categories: In preview, Security, Features, Services

Summary:

• What was updated
  Microsoft announced the public preview of Azure Integrated HSM, a new Hardware Security Module (HSM) cache and cryptographic accelerator integrated within Azure virtual machines.

• Key changes or new features
  Azure Integrated HSM provides a local HSM cache that accelerates cryptographic operations, reducing latency and improving performance for workloads requiring intensive cryptography. It enhances security by securely storing keys closer to the compute environment, minimizing exposure to network-based attacks. This solution is designed to offload cryptographic processing from software to hardware, enabling faster and more secure key operations directly within VMs.

• Target audience affected
  Developers and IT professionals running security-sensitive applications on Azure VMs that rely heavily on cryptographic operations, such as encryption, decryption, signing, and key management. This is particularly relevant for industries with stringent security and compliance requirements.

• Important notes if any
  Azure Integrated HSM is currently in public preview, so users should evaluate it in non-production environments first. Integration requires VM support and may involve configuration changes. Customers should review documentation for compatibility and best practices to maximize security and performance benefits.

Details:

The Azure Integrated HSM public preview introduces a novel Hardware Security Module (HSM) cache and cryptographic accelerator embedded within Azure virtual machines, aimed at significantly enhancing the security posture and cryptographic performance for workloads with intensive encryption and key management demands.

Background and Purpose:
Cryptographic operations, especially those involving key protection and encryption/decryption, are critical for securing data and applications but often introduce latency and computational overhead. Traditional approaches rely on either software-based cryptography or external HSMs accessed over the network, which can cause performance bottlenecks and increase attack surface. Azure Integrated HSM addresses these challenges by embedding a dedicated HSM cache and crypto accelerator directly into the VM environment, reducing latency and improving throughput while maintaining strong security guarantees.

Specific Features and Detailed Changes:

• Embedded HSM Cache: A hardware-based secure enclave within the VM that caches cryptographic keys securely, minimizing the need to repeatedly fetch keys from external key vaults or HSMs.
• Crypto Accelerator: Dedicated hardware units accelerate common cryptographic algorithms (e.g., AES, RSA, ECC), offloading CPU and reducing cryptographic operation latency.
• Seamless Integration: The solution integrates transparently with Azure Key Vault and Azure Dedicated HSM, enabling secure key provisioning and lifecycle management without modifying application code.
• Support for Standard APIs: Compatible with standard cryptographic libraries and APIs, allowing existing applications to leverage the acceleration with minimal changes.
• Enhanced Security: Keys stored in the integrated HSM cache are protected by hardware root of trust and isolated from the host OS and hypervisor, mitigating risks of key exposure.

Technical Mechanisms and Implementation:
Azure Integrated HSM leverages a hardware root of trust embedded in the underlying Azure infrastructure, combined with a secure enclave within the VM that acts as a local HSM cache. When a cryptographic key is requested, it is securely provisioned from Azure Key Vault or Dedicated HSM into this enclave. Cryptographic operations are then performed locally using the crypto accelerator hardware, which supports offloading symmetric and asymmetric cryptographic algorithms. The enclave enforces strict access control and isolation, ensuring keys never leave the secure boundary in plaintext form. Communication between the VM and Azure Key Vault uses secure, authenticated channels for key provisioning and rotation.

Use Cases and Application Scenarios:

• High-Performance Cryptography: Applications requiring frequent cryptographic operations such as TLS termination, database encryption, or blockchain nodes benefit from reduced latency and higher throughput.
• Regulated Workloads: Workloads with stringent compliance requirements (e.g., financial services, healthcare) that mandate hardware-backed key protection can leverage integrated HSM for enhanced security assurances.
• Cloud-Native Security Architectures: Developers building zero-trust or confidential computing solutions can use Azure Integrated HSM to secure secrets and cryptographic operations within the VM boundary.
• Key-Intensive Microservices: Microservices architectures that perform numerous cryptographic operations per second can reduce CPU overhead and improve scalability.

Important Considerations and Limitations:

• Preview Status: As a public preview feature, it may have limited regional availability and could undergo changes before general availability.
• Supported VM Sizes: Integrated HSM is available only on select VM sizes optimized for hardware acceleration; users must verify compatibility.
• Key Management: Keys must be managed through Azure Key Vault or Dedicated HSM; direct key injection into the integrated HSM cache is not supported.
• Application Compatibility: While designed for seamless integration, some legacy or custom cryptographic implementations may require adaptation to fully leverage hardware acceleration.
• Security Boundary: Although isolated, the integrated HSM cache resides within the VM environment and should be used in conjunction with other security best practices.

Integration with Related Azure Services:
Azure Integrated HSM works closely with Azure Key Vault and Azure Dedicated HSM for key lifecycle management, including provisioning, rotation, and auditing. It complements Azure

---

5. Generally Available: Microsoft Entra ID token refresh code samples in Python and .NET

Published: October 13, 2025 15:00:46 UTC Link: Generally Available: Microsoft Entra ID token refresh code samples in Python and .NET

Update ID: 508413 Data source: Azure Updates API

Categories: Launched, Databases, Hybrid + multicloud, Azure Database for PostgreSQL, Features

Summary:

• What was updated
  Microsoft released generally available code samples demonstrating Entra ID token refresh implementation in Python and .NET for Azure Database for PostgreSQL.

• Key changes or new features
  The new samples provide developers with practical guidance on securely managing and refreshing Azure Entra ID authentication tokens when connecting to PostgreSQL databases. This helps maintain seamless, secure authentication without manual token handling or service interruptions.

• Target audience affected
  Developers and IT professionals integrating Azure Database for PostgreSQL with Microsoft Entra ID authentication, especially those using Python or .NET for application development.

• Important notes if any
  Utilizing these samples can improve security posture by automating token refresh processes, reducing risks associated with expired tokens. It is recommended to review and adapt the samples to fit your application’s authentication flow and security requirements. The samples are accessible via the Azure updates page for immediate implementation.

Details:

The recent Azure update announces the general availability of Microsoft Entra ID token refresh code samples in Python and .NET specifically tailored for Azure Database for PostgreSQL. This enhancement addresses the critical need for secure and efficient management of authentication tokens when applications connect to PostgreSQL instances using Microsoft Entra ID (formerly Azure Active Directory) authentication.

Background and Purpose:
Azure Database for PostgreSQL supports Azure AD-based authentication to provide centralized identity management, improved security, and simplified credential handling. However, managing token lifecycles—particularly refreshing access tokens before expiry—is a common challenge for developers integrating Entra ID authentication into their applications. Prior to this update, developers had to implement custom token refresh logic, which could lead to security risks or connection failures if tokens expired unexpectedly. The purpose of this update is to provide officially supported, tested, and reusable code samples in popular programming languages (Python and .NET) that demonstrate best practices for token refresh workflows, thereby reducing development effort and improving security posture.

Specific Features and Detailed Changes:

• Availability of ready-to-use code samples in Python and .NET that illustrate how to acquire and refresh Microsoft Entra ID access tokens for authenticating to Azure Database for PostgreSQL.
• Samples demonstrate integration with Microsoft Authentication Library (MSAL) for token acquisition and refresh, ensuring compliance with OAuth 2.0 standards.
• Code examples include handling token expiration, caching tokens securely, and renewing tokens seamlessly without interrupting database connectivity.
• The samples are designed to be easily adaptable to real-world applications, showing how to embed token refresh logic into database connection workflows.

Technical Mechanisms and Implementation Methods:
The provided samples leverage MSAL libraries to authenticate users or service principals against Microsoft Entra ID and obtain OAuth 2.0 access tokens scoped for Azure Database for PostgreSQL. The token refresh mechanism relies on MSAL’s built-in token caching and silent token acquisition methods, which check token validity and refresh tokens proactively before expiry. The samples demonstrate:

• Initial authentication using interactive or client credential flows.
• Secure storage of refresh tokens or token cache in memory or persistent storage.
• Automatic token renewal triggered by token expiration events or connection retries.
• Passing the valid access token as part of the PostgreSQL connection string or through connection parameters that support Azure AD authentication.

Use Cases and Application Scenarios:

• Enterprise applications requiring secure, scalable authentication to Azure Database for PostgreSQL without embedding static credentials.
• Microservices or serverless functions written in Python or .NET that connect to PostgreSQL with Entra ID authentication.
• DevOps automation scripts or backend services that must maintain long-lived connections and handle token refresh transparently.
• Multi-tenant SaaS applications where token management complexity is high and security best practices are mandatory.

Important Considerations and Limitations:

• The samples assume familiarity with Microsoft Entra ID concepts, OAuth 2.0 flows, and MSAL usage.
• Token refresh logic depends on proper configuration of Azure AD app registrations, including required API permissions and client secrets or certificates.
• Network connectivity and latency to Microsoft Entra ID endpoints can affect token acquisition and refresh performance.
• Developers must ensure secure handling and storage of tokens to prevent leakage or misuse.
• The samples focus on PostgreSQL; adapting them to other Azure Database services may require modifications.

Integration with Related Azure Services:

• Microsoft Entra ID serves as the identity provider, enabling centralized authentication and authorization management.
• MSAL libraries used in the samples integrate seamlessly with Azure AD to handle token lifecycle management.
• Azure Database for PostgreSQL supports Azure AD authentication natively, allowing token-based access control.
• These samples complement Azure Key Vault usage for secure storage of client secrets or certificates used in authentication flows.
• Integration with Azure Monitor or Application Insights can be added to track authentication events and token refresh metrics for operational visibility.

In summary, this update provides practical, language-specific code samples that

---

This report was automatically generated - 2025-10-14 03:03:02 UTC

This site is open source. Improve this page.