This week in Azure
John’s video this week is a shorter one, but he also dropped a deep-dive into Cosmos DB optimization covering partition keys, global secondary indexes, data modeling, and the various types of skew that can hurt performance. Worth watching if you’re running Cosmos DB and haven’t revisited your data model in a while.
Smaller batch of updates this week. The AKS CNI overlay CIDR expansion going GA is probably the most practical one for anyone running large clusters. On the AI side, Foundry Local went GA, letting you run models locally with a 20 MB runtime addition.
| Category | Update | Status |
|---|---|---|
| Compute | AKS CNI overlay CIDR expansion | GA |
| Compute | Azure Functions MCP resource triggers | GA |
| Compute | AKS disable HTTP proxy | GA |
| Compute | AKS observability improvements (namespace/workload views) | GA |
| Compute | Azure Red Hat OpenShift NVIDIA H100/H200 GPU support | GA |
| Networking | Network Watcher rule impact analysis | Preview |
| Networking | Azure Service Bus network security perimeter support | GA |
| Storage | Azure Migrate Azure Files assessment | Preview |
| Database | PostgreSQL consolidated maintenance notifications | GA |
| Database | PgBouncer 1.25.1 support | GA |
| AI | MAI speech transcription, speech generation & Maya Image 2 models | Preview |
| AI | Grok 4.2 in Azure AI Foundry | GA |
| AI | Foundry Local | GA |
AKS CNI overlay CIDR expansion (GA)
You can now expand the pod CIDR range on AKS clusters using CNI overlay. CNI overlay gives pods their own IP address space, separate from the node’s subnet. Each node gets a /24 from that pod CIDR. If you’re running out of room, you can now make the range larger (say, from a /8 to a /16).
CNI Overlay: Node subnet ──→ 10.0.0.0/16 (node IPs) Pod CIDR ──→ 192.168.0.0/16 (pod IPs, separate) └── each node gets a /24 slice
What you can do: ✓ Expand the existing pod CIDR (e.g. /16 → /8) ✗ Shrink the range ✗ Add a non-contiguous range ✗ Add a completely new rangeTwo constraints: IPv4 only, Linux nodes only. If you’ve been running into pod IP exhaustion on larger clusters, this saves you from having to rebuild.
Azure Functions MCP resource triggers (GA)
Azure Functions could already expose MCP tools (actions an AI agent can call). Now they can also expose MCP resources, which is the knowledge side of the protocol.
An MCP server tells a client what it can do. Tools are actions. Resources are data, either static or dynamic. With resource triggers, your Azure Function-based MCP server can respond to resource requests from the calling application, making the server more complete.
MCP Server on Azure Functions: Tools ──→ "perform action X" (already supported) Resources ──→ "here's data Y" (new)
AI App ──→ MCP: "What can you do?" ←── Tools: [createOrder, getStatus] ←── Resources: [productCatalog, pricingData]If you’re building MCP servers on Azure Functions, this fills in the missing half. Your server can now offer both capabilities and knowledge through a single hosting model.
AKS disable HTTP proxy (GA)
You can now disable the HTTP proxy on an existing AKS cluster. HTTP proxy routes outbound traffic through a required proxy endpoint for inspection or internet access control.
One thing to know: disabling the proxy triggers a node reimage. Make sure you have pod disruption budgets configured so your workloads drain gracefully during the rollout.
AKS observability improvements (GA)
The namespace and workload views in AKS monitoring now pull data from Azure Monitor workspaces backed by Prometheus. This gives you Kubernetes-native metrics for node utilization, namespace breakdowns, workload resource consumption, and pod-level data.
The practical difference: better resource utilization visibility and easier troubleshooting when you’re trying to figure out which namespace or workload is eating your cluster’s resources.
Azure Red Hat OpenShift NVIDIA GPU support
Azure Red Hat OpenShift clusters now support VM SKUs with NVIDIA H100 and H200 GPUs. If you’re running AI inference, training, or HPC workloads on OpenShift, you can now use GPU-accelerated containers on these higher-end SKUs.
Network Watcher rule impact analysis (preview)
Before applying security admin rule changes through Azure Virtual Network Manager, you can now see what the impact will be. Network Watcher evaluates proposed rule changes and shows you what they’d affect before anything goes live.
This is the kind of feature that prevents outages. You draft your rule changes, run the impact analysis, and catch misconfigurations before they break connectivity. Simple idea, long overdue.
Azure Service Bus network security perimeter support
Azure Service Bus can now sit inside a network security perimeter. The perimeter groups multiple PaaS services together so they can communicate freely, while inbound and outbound access is controlled at the perimeter boundary.
A concrete example: put Service Bus and Key Vault in the same perimeter. Service Bus can access Key Vault directly for customer-managed encryption keys without punching individual firewall holes. The same pattern works for any combination of perimeter-supported services.
Azure Migrate Azure Files assessment (preview)
Azure Migrate can now evaluate your on-premises SMB and NFS file shares for migration to Azure Files. The assessment covers suitability, cost, and recommends which Azure Files tier to use based on your performance and resiliency requirements.
Azure Files supports both SMB and NFS across its standard and premium tiers, so the tool also tells you which region and SKU make sense for your workloads. If you’ve been putting off a file share migration because you weren’t sure about sizing, this removes some of the guesswork.
PostgreSQL consolidated maintenance notifications
If you have multiple Azure Database for PostgreSQL flexible servers across subscriptions in the same region, you now get a single consolidated maintenance notification instead of one per server. Previously, managing dozens of servers meant dozens of emails. This just reduces the noise.
PgBouncer 1.25.1 (GA)
PgBouncer 1.25.1 is now available on Azure Database for PostgreSQL flexible server. PgBouncer handles connection pooling, which matters when you have many short-lived or idle connections that would otherwise exhaust your server’s connection limits.
The 1.25.1 update includes performance, stability, security, and protocol improvements. It’s a managed update, so it rolls out automatically.
New MAI models (preview)
Three new models from Microsoft in public preview:
- A speech transcription model covering 25 languages at 50% reduced GPU usage compared to existing options
- A speech generation model that produces 60 seconds of audio in 1 second
- Maya Image 2, a text-to-image model
These are purpose-built models for specific scenarios rather than general-purpose LLMs. If you’re building apps that need speech or image generation, they’re worth evaluating.
Grok 4.2 in Azure AI Foundry
Grok 4.2, part of the Grok 4 family, is now available in Azure AI Foundry. It’s a general-purpose LLM designed for reasoning-heavy problem solving. It joins a catalog that now has something like 12,000 models. The Foundry catalog keeps growing daily.
Foundry Local (GA)
Foundry Local went GA. It’s a lightweight runtime (about 20 MB added to your app package) for running models on the local device. It handles model acquisition, management, and hardware acceleration across GPUs and NPUs, using the ONNX runtime for inference.
Foundry Local: App ──→ Foundry Local Runtime (20 MB) ├── Model download & management ├── Hardware detection (GPU, NPU) ├── ONNX Runtime inference └── Curated model catalog (optimized for local execution)The model catalog is curated rather than the full Foundry library. Only models optimized for local execution show up. The broader push here is hybrid AI: use local hardware where it makes sense, offload to the cloud when you need more. If you’ve been wanting to add on-device inference to an app without managing the infrastructure yourself, this handles the plumbing.
Final thoughts
Lighter week, but a few things to act on. The AKS CNI overlay CIDR expansion going GA is a relief for anyone who’s been worrying about pod IP space on growing clusters. The MCP resource triggers for Azure Functions round out a hosting story that was missing half the protocol. And Foundry Local going GA is worth experimenting with if you’re building apps that could benefit from local inference without the cloud round-trip.
The Network Watcher rule impact analysis is the kind of boring-but-important feature that will quietly prevent production incidents. Dry-run your security rule changes before applying them.
Sources
- John Savill, “Azure Update - 10th April 2026,” YouTube, https://www.youtube.com/watch?v=placeholder