Announcing the General Availability of Azure Load Balancer Health Event Logs
Health event logs are now fully available in all public, Azure China, and Government regions under the Azure Monitor resource log category LoadBalancerHealthEvent, providing you with enhanced capabilities to monitor and troubleshoot your load balancer resources. Health Event Types As announced in our previous public preview blog, the following health events are now logged when detected by the Azure Load Balancer platform. These events are designed to address the most critical issues affecting your load balancer’s health and availability: LoadBalancerHealthEventType Scenario DataPathAvailabilityWarning Detect when the Data Path Availability metric of the frontend IP is less than 90% due to platform issues DataPathAvailabilityCritical Detect when the Data Path Availability metric of the frontend IP is less than 25% due to platform issues NoHealthyBackends Detect when all backend instances in a pool are not responding to the configured health probes HighSnatPortUsage Detect when a backend instance utilizes more than 75% of its allocated ports from a single frontend IP SnatPortExhaustion Detect when a backend instance has exhausted all allocated ports and will fail further outbound connections until ports have been released or more ports are allocated Benefits of Using Health Event Logs Health event logs provide deeper insights into the health of your load balancer, eliminating the need to set thresholds for metric-based alerts or manage complex metric data for historical analysis. Here’s how you can get started using these logs today: Create Diagnostic Settings: Archive or analyze these logs for long-term insights. Leverage Log Analytics: Use powerful querying capabilities to gain detailed insights. Configure Alerts: Set up alerts to trigger actions based on the generated logs. For more detailed instructions on how to enable and use health event logs, refer to our documentation here. Contoso’s Story Context: Contoso uses a Standard Public Load Balancer with outbound rules to connect their application to public APIs. They allocate 8k ports to each backend instance using an outbound rule, anticipating up to 8 backend instances in a pool. Problem: Contoso is concerned about SNAT port exhaustion and wants to create alerts to warn them if backend instances are close to consuming all allocated SNAT ports. Solution with metrics: Initially, they create an alert using the Used SNAT ports metric, triggering when the value exceeds 6k ports (out of 8k). However, this requires constant adjustment as they scale their infrastructure and update port allocation on outbound rules. Solution with health event logs: With the new health event logs, Contoso configures two alerts: HighSnatPortUsage: Sends an email and creates an incident whenever this event is generated, warning network engineers to allocate more SNAT ports. SnatPortExhaustion: Notifies the on-call engineer immediately to address critical impact to outbound connectivity due to lack of SNAT ports. Now, Contoso no longer needs to adjust alert rules as they scale, ensuring seamless monitoring and response. What’s Next? This general availability announcement marks a significant step in enhancing the health and monitoring capabilities of Azure Load Balancer. We are committed to expanding these capabilities with additional health event types, providing configuration guidance, best practices, and warnings for service-related limits. We welcome your feedback and look forward to hearing about your experiences with health event logs. Get started today by exploring our public documentation. Stay tuned on Azure Updates for future announcements and enhancements!
Price reduction and upcoming features for Azure confidential ledger!
Effective March 1, 2025, you can keep your records in Azure confidential ledger (ACL) at the reduced price of ~$3/day per instance! The reduced price is for the computation and the ledger use. The price of any additional storage used will remain unchanged. To tamper protect your records: Automatically create hash (e.g. MD5 or SHA256) of your blob storage data and keep those in Azure confidential ledger. For forensics, you can verify the integrity of the data against the signature in ACL. Imagine doing this as you are migrating data from one system to another, or when you restore archived records from cold storage. It is also valuable when there is a need to protect from insider/administrator risks and confidently report to authorities. If you keep your data in Azure SQL database, you can use their security ledger feature to auto generate record digests and store them in confidential ledger for integrity protection and safeguarding. You can use the SQL stored procedure to verify that no tampering or administrator modifications occurred to your SQL data! In addition, we are announcing the preview of User Defined Functions for Azure confidential ledger. Imagine doing a schema validation before writing data to the Ledger or using pattern matching to identify sensitive information in log messages and perform data massaging to mask it. To increase your awareness, request access for this preview via the sign-up form. Get started by reading our documentation and trying out confidential ledger yourself! _____________________________________________________________________________________________________ What is Azure confidential ledger and what is the change? It is a tamper protected and auditable data store backed by a Merkle tree blockchain structure for sensitive records that require high levels of integrity protection and/or confidentiality. While customers from AI, financial services, healthcare, and supply chain continue to use the ledger for their business transaction’s archival needs and confidential data’s unique identifiers for audit purposes, we are acting on their feedback for scaling ledgers to more of their workloads with a more competitive price! How can I use Azure confidential ledger? - Azure SQL database ledger customers can enable confidential ledger as its trusted digest store to uplevel integrity and security protection posture - Azure customers who use blob storage have found value in migrating their workloads to Azure with a tamper protection check via the Azure confidential ledger Marketplace App. - Azure customers who use data stores and databases (e.g. Kusto, Cosmos, and Log Analytics) may benefit from auditability and traceability of logs being kept in the confidential ledger with new compliance certifications in SOC 2 Type 2 and ISO27001. How much does Azure confidential ledger cost? - Approximately $3/day/ledger _____________________________________________________________________________________________________ Resources Explore the Azure confidential ledger documentation Read the blog post on: Integrity protect blob storage Read the blog post on: How to choose between ledger in Azure SQL Database and Azure Confidential Ledger Read the blog post on: Verify integrity of data transactions in Azure confidential ledger View our recent webinar in the Security Community Recent case studies: HB Antwerp & BeekeeperAI
Enhancing Azure Private DNS Resiliency with Internet Fallback
Is your Azure environment prone to DNS resolution hiccups, especially when leveraging Private Link and multiple virtual networks? Dive into our latest blog post, "Enhancing Azure Private DNS Resiliency with Internet Fallback," and discover how to eliminate those frustrating NXDOMAIN errors and ensure seamless application availability. I break down the common challenges faced in complex Azure setups, including isolated Private DNS zones and hybrid environments, and reveal how the new internet fallback feature acts as a vital safety net. Learn how this powerful tool automatically switches to public DNS resolution when private resolution fails, minimizing downtime and simplifying management. Our tutorial walks you through the easy steps to enable internet fallback, empowering you to fortify your Azure networks and enhance application resilience. Whether you're dealing with multi-tenant deployments or intricate service dependencies, this feature is your key to uninterrupted connectivity. Don't let DNS resolution issues disrupt your operations. Read the full article to learn how to implement Azure Private DNS internet fallback and ensure your applications stay online, no matter what.February 2025 Feature Updates
The Azure Communication Services team is excited to share several new product and feature updates released in January 2025. You can view previous blog articles. 1. Calling Native SDKs add calling to Teams call queues and auto attendants Status: GA Calling Native SDKs can now place calls to a Teams call queue or auto attendant. After answering the call, video calling and screenshare are available to both the Teams and Azure Communication Services users. These features are available in the Calling SDKs for Android, iOS, and Windows. See the Quickstart documentation for more details. For more information, see: Contact center scenarios Teams Call Queue on Azure Communication Services Teams Auto Attendant on Azure Communication Services 2. Calling Web & Graph Beta SDKs add Teams shared line appearance Status: Public Preview Microsoft Teams shared line appearance lets a user choose a delegate to answer or handle calls on their behalf. This feature is helpful if a user has an administrative assistant who regularly handles the user's calls. In the context of Teams shared line appearance, a manager is someone who authorizes a delegate to make or receive calls on their behalf. A delegate can make or receive calls on behalf of the delegator. For more information, see: Microsoft Teams shared line appearance Tutorial - Teams Shared Line Appearance 3. Number Lookup API Status: GA We are excited to announce the General Availability of the Number Lookup API. Azure Communication Services enables you to validate the number format, retrieve insights and look up a specific phone number using the Communication Services Number Lookup SDK. This new function is part of the Phone Numbers SDK and can be used to support customer service scenarios, appointment reminders, two-factor authentication, and other real-time communication needs. Number Lookup enables you to reliably retrieve number insights (format, type, location, carrier, and so on) before engaging with end users. For more information, see: Number Lookup API concepts in Azure Communication Services Look up operator information for a phone number using Azure Communication Services 4. Updated navigation for technical documentation Status: Live In response to customer feedback and multiple customer interviews, we’re excited to announce an update to the navigational model of our technical documentation. We’ve adjusted the structure of our docs site navigation to make it quicker and simpler than ever to find the information you need when you need it. For more information, see: Azure Communication Services technical documentation table of contents update | Microsoft Community Hub Stay connected with our latest updates Never miss an update! Click the 'Follow' button to get notified about new blog posts and feature releases, or click here to check out our previous blog posts.Boosting Performance with the Latest Generations of Virtual Machines in Azure
Microsoft Azure recently announced the availability of the new generation of VMs (v6)—including the Dl/Dv6 (general purpose) and El/Ev6 (memory-optimized) series. These VMs are powered by the latest Intel Xeon processors and are engineered to deliver: Up to 30% higher per-core performance compared to previous generations. Greater scalability, with options of up to 128 vCPUs (Dv6) and 192 vCPUs (Ev6). Significant enhancements in CPU cache (up to 5× larger), memory bandwidth, and NVMe-enabled storage. Improved security with features like Intel® Total Memory Encryption (TME) and enhanced networking via the new Microsoft Azure Network Adaptor (MANA). By Microsoft By Microsoft Evaluated Virtual Machines and Geekbench Results The table below summarizes the configuration and Geekbench results for the two VMs we tested. VM1 represents a previous-generation machine with more vCPUs and memory, while VM2 is from the new Dld e6 series, showing superior performance despite having fewer vCPUs. VM1 features VM1 - D16S V5 (16 Vcpus - 64GB RAM) VM1 - D16S V5 (16 Vcpus - 64GB RAM) VM2 features VM2 - D16ls v6 (16 Vcpus - 32GB RAM) VM2 - D16ls v6 (16 Vcpus - 32GB RAM) Key Observations: Single-Core Performance: VM2 scores 2013 compared to VM1’s 1570, a 28.2% improvement. This demonstrates that even with half the vCPUs, the new Dld e6 series provides significantly better performance per core. Multi-Core Performance: Despite having fewer cores, VM2 achieves a multi-core score of 12,566 versus 9,454 for VM1, showing a 32.9% increase in performance. VM 1 VM 2 Enhanced Throughput in Specific Workloads: File Compression: 1909 MB/s (VM2) vs. 1654 MB/s (VM1) – a 15.4% improvement. Object Detection: 2851 images/s (VM2) vs. 1592 images/s (VM1) – a remarkable 79.2% improvement. Ray Tracing: 1798 Kpixels/s (VM2) vs. 1512 Kpixels/s (VM1) – an 18.9% boost. These results reflect the significant advancements enabled by the new generation of Intel processors. Score VM 1 VM 1 VM 1 Score VM 2 VM 2 VM 2 Evolution of Hardware in Azure: From Ice Lake-SP to Emerald Rapids Technical Specifications of the Processors Evaluated Understanding the dramatic performance improvements begins with a look at the processor specifications: Intel Xeon Platinum 8370C (Ice Lake-SP) Architecture: Ice Lake-SP Base Frequency: 2.79 GHz Max Frequency: 3.5 GHz L3 Cache: 48 MB Supported Instructions: AVX-512, VNNI, DL Boost VM 1 Intel Xeon Platinum 8573C (Emerald Rapids) Architecture: Emerald Rapids Base Frequency: 2.3 GHz Max Frequency: 4.2 GHz L3 Cache: 260 MB Supported Instructions: AVX-512, AMX, VNNI, DL Boost VM 2 Impact on Performance Cache Size Increase: The jump from 48 MB to 260 MB of L3 cache is a key factor. A larger cache reduces dependency on RAM accesses, thereby lowering latency and significantly boosting performance in memory-intensive workloads such as AI, big data, and scientific simulations. Enhanced Frequency Dynamics: While the base frequency of the Emerald Rapids processor is slightly lower, its higher maximum frequency (4.2 GHz vs. 3.5 GHz) means that under load, performance-critical tasks can benefit from this burst capability. Advanced Instruction Support: The introduction of AMX (Advanced Matrix Extensions) in Emerald Rapids, along with the robust AVX-512 support, optimizes the execution of complex mathematical and AI workloads. Efficiency Gains: These processors also offer improved energy efficiency, reducing the energy consumed per compute unit. This efficiency translates into lower operational costs and a more sustainable cloud environment. Beyond Our Tests: Overview of the New v6 Series While our tests focused on the Dld e6 series, Azure’s new v6 generation includes several families designed for different workloads: 1. Dlsv6 and Dldsv6-series Segment: General purpose with NVMe local storage (where applicable) vCPUs Range: 2 – 128 Memory: 4 – 256 GiB Local Disk: Up to 7,040 GiB (Dldsv6) Highlights: 5× increased CPU cache (up to 300 MB) and higher network bandwidth (up to 54 Gbps) 2. Dsv6 and Ddsv6-series Segment: General purpose vCPUs Range: 2 – 128 Memory: Up to 512 GiB Local Disk: Up to 7,040 GiB in Ddsv6 Highlights: Up to 30% improved performance over the previous Dv5 generation and Azure Boost for enhanced IOPS and network performance 3. Esv6 and Edsv6-series Segment: Memory-optimized vCPUs Range: 2 – 192* (with larger sizes available in Q2) Memory: Up to 1.8 TiB (1832 GiB) Local Disk: Up to 10,560 GiB in Edsv6 Highlights: Ideal for in-memory analytics, relational databases, and enterprise applications requiring vast amounts of RAM Note: Sizes with higher vCPUs and memory (e.g., E128/E192) will be generally available in Q2 of this year. Key Innovations in the v6 Generation Increased CPU Cache: Up to 5× more cache (from 60 MB to 300 MB) dramatically improves data access speeds. NVMe for Storage: Enhanced local and remote storage performance, with up to 3× more IOPS locally and the capability to reach 400k IOPS remotely via Azure Boost. Azure Boost: Delivers higher throughput (up to 12 GB/s remote disk throughput) and improved network bandwidth (up to 200 Gbps for larger sizes). Microsoft Azure Network Adaptor (MANA): Provides improved network stability and performance for both Windows and Linux environments. Intel® Total Memory Encryption (TME): Enhances data security by encrypting the system memory. Scalability: Options ranging from 128 vCPUs/512 GiB RAM in the Dv6 family to 192 vCPUs/1.8 TiB RAM in the Ev6 family. Performance Gains: Benchmarks and internal tests (such as SPEC CPU Integer) indicate improvements of 15%–30% across various workloads including web applications, databases, analytics, and generative AI tasks. My personal perspective and point of view The new Azure v6 VMs mark a significant advancement in cloud computing performance, scalability, and security. Our Geekbench tests clearly show that the Dld e6 series—powered by the latest Intel Xeon Platinum 8573C (Emerald Rapids)—delivers up to 30% better performance than previous-generation machines with more resources. Coupled with the hardware evolution from Ice Lake-SP to Emerald Rapids—which brings a dramatic increase in cache size, improved frequency dynamics, and advanced instruction support—the new v6 generation sets a new standard for high-performance workloads. Whether you’re running critical enterprise applications, data-intensive analytics, or next-generation AI models, the enhanced capabilities of these VMs offer significant benefits in performance, efficiency, and cost-effectiveness. References and Further Reading: Microsoft’s official announcement: Azure Dld e6 VMs Internal tests performed with Geekbench 6.4.0 (AVX2) in the Germany West Central Azure region.Learn to elevate security and resiliency of Azure and AI projects with skilling plans
In an era where organizations are increasingly adopting a cloud-first approach to support digital transformation and AI-driven innovation, learning skills to enhance cloud resilience and security has become a top priority. By 2025, an estimated 85% of companies will have embraced a cloud-first strategy, according to research by Gartner, marking a significant shift toward reliance on platforms like Microsoft Azure for mission-critical workloads. Yet according to a recent Flexera survey, 78% of respondents found a lack of skilled people and expertise to be one of their top three cloud challenges along with optimizing costs and boosting security. To help our customers unlock the full potential of their Azure investments, Microsoft introduced Azure Essentials, a single destination for in-depth skilling, guidance and support for elevating reliability, security, and ongoing performance of their cloud and AI investments. In this blog we’ll explore this guidance in detail and introduce you to two new free, self-paced skilling resource Plans on Microsoft Learn to get your team skilled on building resiliency into your Azure and AI environments. Empower your team: Learn proactive resiliency for critical workloads in Azure Azure offers a resilient foundation to reliably support workloads in the cloud, and our Well-Architected Framework helps teams design systems to recover from failures with minimal disruption. Figure 1: Design your critical workloads for resiliency, and assess existing workloads for ongoing performance, compliance and resiliency. The new resiliency-focused Microsoft Learn skilling plan helps teams learn to “Elevate reliability, security, and ongoing performance of Azure and AI projects”, and they see how the Well-Architected Framework, coupled with the Cloud Adoption Framework, provides actionable guidelines to enhance resilience, optimize security measures, and ensure consistent, high-performance for Azure workloads and AI deployments. The Plan also covers cost optimization through the FinOps Framework, ensuring that security and reliability measures are implemented within budget. This training also emphasizes Azure AI Foundry, a tool that allows teams to work on AI-driven projects while maintaining security and governance standards, which are critical to reducing vulnerabilities and ensuring long-term stability. The plan guides learners in securely developing, testing, and deploying AI solutions, empowering them to build resilient applications that can support sustained performance and data integrity. The impact of Azure’s resiliency guidance is significant. According to Forrester, following this framework reduces planned downtime by 30%, prevents 15% of revenue loss due to resilience issues, and achieves an 18% ROI through rearchitected workloads. Given that 60% of reliability failures result in losses of at least $100,000, and 15% of failures cost upwards of $1 million, these preventative measures underscore the financial value of resilient architecture. Ensuring security in Azure AI workloads AI adds complexity to security considerations in cloud environments. AI applications often require significant data handling, which introduces new vulnerabilities and compliance considerations. Microsoft’s guidance focuses on integrating robust security practices directly into AI project workflows, ensuring that organizations adhere to stringent data protection regulations. Azure’s tools, including multi-zone deployment options, network security solutions, and data protection services, empower customers to create resilient and secure workloads. Our new training on proactive resiliency and reliability of critical Azure and AI workloads guides you in building fault-tolerant systems and managing risks in your environments. This plan teaches users how to assess workloads, identify vulnerabilities, and deploy prioritized resiliency strategies, equipping them to achieve optimal performance even under adverse conditions. Maximizing business value and ROI through resiliency and security Companies that prioritize resiliency and security in their cloud strategies enjoy multiple benefits beyond reduced downtime. Forrester’s findings suggest that a commitment to resilience has a three-year financial impact, with significant cost savings from avoided outages, higher ROI from optimized workloads, and increased productivity. Organizations can reinvest these savings into further modernization efforts, expanding their capabilities in AI and data analytics. Azure’s tools, frameworks, and Microsoft’s shared responsibility model give businesses the foundation to build resilient, secure, and high-performing applications that align with their goals. Microsoft Learn’s structured learning Plans provide self-paced modules to help you “Elevate Azure Reliability and Performance” and “Improve resiliency of critical workloads on Azure,” provide essential training to build skills in designing and maintaining reliable and secure cloud projects. As more companies embrace cloud-first strategies, Microsoft’s commitment to proactive resiliency, architectural guidance, and cost management tools will empower organizations to realize the full potential of their cloud and AI investments. Start your journey to a reliable and secure Azure cloud today. Resources: Visit Microsoft Learn PlansAnnouncing the public preview of URI schemes with the Remote Desktop client
Today we’re very excited to announce the public preview of Uniform Resource Identifier (URI) schemes with the Remote Desktop client for Azure Virtual Desktop! This new feature allows you to subscribe to a workspace or connect to a particular desktop or Remote App via two URI schemes, ms-avd and ms-rd, and allows for fast and efficient end user connection to Azure Virtual Desktop resources.
