This week in Azure
John’s video this week covers Work IQ, the personalization layer behind Microsoft’s Copilot experiences. Skip to around the 8-minute mark for the demo: a cloud-based agent takes a single prompt and works through planning, reasoning, and execution on its own, including building a web app. He also published a curated learning path at sav.ai with about 15-16 videos on the Microsoft AI ecosystem.
Biggest updates this week: VM ephemeral OS disk full caching lands in preview (one flag for better reliability on scale sets), and Cosmos DB for PostgreSQL gets a retirement date. If you’re running the latter, migration planning should start now regardless of the March 2029 deadline.
| Category | Update | Status |
|---|---|---|
| Compute | Azure Red Hat OpenShift in Indonesia Central | GA |
| Compute | VM/VMSS ephemeral OS disk full caching | Preview |
| Networking | App Configuration Azure Front Door integration | Preview |
| Storage | Premium SSD v2 in South India and USGov Arizona | GA |
| Storage | User delegation SAS for tables, files, and queues | GA |
| Storage | Azure Data Box import to Files Provisioned v2 | GA |
| Storage | Azure NetApp Files cool access enhancements | Preview |
| Database | Cosmos DB for PostgreSQL retirement (March 2029) | Retiring |
| Integration | Event Grid MQTT enhancements | GA |
| Integration | Event Grid preview features (MQTT 2.0, webhooks, NSP) | Preview |
| AI | Copilot Cowork | Frontier |
| AI | Azure Speech Neural HD 2.5 | GA |
| AI | Nemotron-3-Super-120B-A12B model in Foundry | GA |
VM/VMSS ephemeral OS disk full caching (preview)
VMs and virtual machine scale sets can now cache the entire ephemeral OS disk to local storage, removing the remote storage dependency that existed even with ephemeral disks.
With standard ephemeral OS disks, your writes go to local storage on the host node, but the base OS image still gets read from remote storage. Full caching copies the entire OS image to local storage in the background after the VM boots.
Standard ephemeral OS disk: Writes ──→ local storage (fast) Reads ──→ remote storage (base image still remote)
Full caching enabled: Writes ──→ local storage (fast) Reads ──→ local storage (cached after boot) └── no remote storage dependencyTwo things improve: resiliency (a remote storage failure won’t take down your VM) and latency (everything runs against local storage). You enable it with a single flag on the ephemeral OS disk configuration.
If you’re running VMSS workloads where VMs are disposable tin soldiers, you’re probably already using ephemeral disks. Full caching is just an enableFullCaching flag away from making them better. No managed disk costs, no remote storage dependency, better performance.
App Configuration with Azure Front Door integration (preview)
App Configuration now integrates with Azure Front Door to scale configuration delivery to millions of clients. No more building your own proxy layer.
Without AFD: App Config Store ←── Client 1 ←── Client 2 ←── ... ←── Client 1,000,000 (scaling problem)
With AFD: App Config Store ←── Azure Front Door ←── Client 1 (cache + global ←── Client 2 anycast delivery) ←── ... ←── Client 1,000,000 (Front Door handles the scale)The setup: you create an App Configuration endpoint on Azure Front Door and set the App Configuration store as its origin. Managed identity secures the communication between Front Door and the store. Front Door then retrieves and caches key values, feature flags, and other configuration data.
SPAs, mobile apps, anything where large numbers of clients need to pull configuration. Front Door’s layer 7 anycast with split TCP and caching handles the distribution, so the App Configuration store doesn’t need to handle the load directly.
Premium SSD v2 in new regions
Premium SSD v2 is now available in South India and USGov Arizona. What makes Premium SSD v2 worth using: separate dials for IOPS, throughput, and capacity that you can adjust dynamically while the disk is in use. Sub-millisecond latency on top of that.
If you need high IOPS for databases, analytics, or gaming workloads, and you want to pay for exactly the performance profile you need, these are the disks. Works with both VMs and containers.
User delegation SAS for tables, files, and queues (GA)
User delegation shared access signatures are now generally available for Azure Table Storage, Azure Files, and Azure Queue Storage. This was already available for blob storage and has now been extended to the remaining storage services.
Account/Service SAS
- Tied to storage account key
- Account key has full access
- No time limit enforcement
- Revocation requires key rotation
User delegation SAS
- Tied to Entra ID identity
- Subset of identity's permissions
- Maximum 7-day validity
- Granular control and auditability
Why this matters: account and service SAS tokens are both signed with the storage account key, which has god-mode access to everything. A user delegation SAS is tied to an Entra ID identity, can never exceed that identity’s permissions, and maxes out at seven days. If you’re still generating SAS tokens from account keys, switch to user delegation SAS.
Azure Data Box import to Files Provisioned v2
Azure Data Box can now import data into Azure Files Provisioned v2 storage accounts. If you’re doing a large on-prem to cloud migration where shipping a physical device makes more sense than saturating your network, Data Box is the tool.
Provisioned v2 accounts let you independently set capacity, IOPS, and throughput (same idea as Premium SSD v2). Previously you couldn’t use these as a Data Box target, so you were stuck with standard accounts for large migrations. That limitation is gone.
Azure NetApp Files cool access enhancements (preview)
Azure NetApp Files cool access moves less-used data from the ANF hot tier to regular Azure Storage (the cool tier) to save money. With the premium and ultra service levels, the QoS algorithms for throughput allocation have been reworked to reduce the performance hit when data gets tiered down.
Cosmos DB for PostgreSQL retirement
Cosmos DB for PostgreSQL is being retired at the end of March 2029. If you’re running it, start planning your migration now.
The replacement is PostgreSQL Elastic Cluster. Same Citus extensions for distributed sharding, but with built-in HA, backups, and DR. All future engineering investment goes here. Migration tooling is available.
Event Grid updates
Event Grid got a big batch of updates this week, split between GA and preview.
GA features:
- In-order message delivery within a client session for MQTT
- Connection limiting: one connection attempt per second per client
- Up to 15 MQTT topic segments
- Cross-tenant MQTT delivery
Preview features:
- MQTT 2.0 authentication
- Custom webhook authentication
- Static client ID identifiers
- Managed identities for webhooks
- Cross-tenant webhook delivery
- Network security perimeter support
The network security perimeter support is worth noting. Group multiple Azure PaaS services into the same perimeter and they can talk to each other freely, while you control inbound and outbound access at the group level. Event Grid joining that model means your event-driven architectures get the same network boundary controls as everything else.
Copilot Cowork (Frontier)
Copilot Cowork is now available in Frontier. It runs entirely in the cloud (no local resources, no full access to your machine), uses long-running deep reasoning models, and is grounded in Work IQ with access to Outlook, Teams, and other Microsoft data sources.
You describe the outcomes you want, and Cowork figures out the plan and executes it. You can interrupt and steer it while it runs. John was genuinely excited about this one, which doesn’t happen often. The demo at around the 8-minute mark in his video shows it creating a web app from a single prompt.
Azure Speech Neural HD 2.5
Azure Speech has new voice options with Neural HD 2.5. New speaking styles for English content include things like struggling, skeptical, sighing, and yawning. There’s also better quality for real-time low-latency interactions and more regional availability. If you’re building voice experiences that need to sound natural rather than robotic, the style variety keeps expanding.
Nemotron-3-Super-120B-A12B in Foundry
New NVIDIA model in Azure AI Foundry, and the name is something else: Nemotron-3-Super-120B-A12B. It’s a mixture of experts model with 120 billion total parameters, but only 12 billion activate for any given inference. So it’s fairly compact in resource usage despite the large parameter count.
Mixture of Experts: Total parameters: 120B Active per query: 12B (10%) Context window: 1M tokens Focus: Text generation
Query ──→ Router ──→ [Expert 3] ──→ Response ──→ [Expert 7] (selects most relevant experts)1 million token context window, focused on text generation. You’d pair it with speech-to-text and text-to-speech models for voice workflows, but on its own it’s a text generation model that happens to be very efficient with compute.
Final thoughts
Quieter week compared to the AKS-heavy CW13, but some practical stuff. The ephemeral OS disk full caching is one flag that makes scale sets more resilient. The App Config and Front Door integration means you stop worrying about scaling configuration delivery. And if you’re on Cosmos DB for PostgreSQL, the clock is now ticking.
The user delegation SAS expansion to tables, files, and queues is the one I’d act on soonest. It’s GA, it’s more secure than account key SAS, and there’s no good reason to keep generating tokens from account keys anymore.
Sources
- John Savill, “Azure Update - 3rd April 2026,” YouTube, https://www.youtube.com/watch?v=placeholder