This week in Azure
A solid post-Build week with no single headline, but the database side stands out. Azure Managed Redis gets Entra-based data-plane RBAC. Azure SQL Database Entra logins go GA. Azure PostgreSQL maintenance control reaches GA. And a SQL MCP server lands, spanning SQL, Postgres and Cosmos DB.
On compute, Azure Boost guest RDMA is in preview, direct memory-to-memory networking between VMs, no kernel network stack in the way. And Anthropic’s new Fable 5 model landed in Foundry and GitHub Copilot. That one comes with a caveat worth reading carefully before you deploy it.
Compute
Azure Boost guest RDMA (preview)
Azure Boost offloads network, storage and management functions from the host partition onto dedicated hardware on each node. Lower latency, better performance. Guest RDMA layers Remote Direct Memory Access on top of that.
Instead of the app going through the TCP/IP stack, driver, NIC, network, and back the other way, RDMA lets two VMs talk memory-to-memory and skip the kernel network stack entirely.
For workloads where every microsecond of network latency matters (HPC, tightly coupled distributed databases, in-memory caches doing replication), bypassing the TCP/IP stack is a real win. Now available VM-to-VM in Azure.
Azure Site Recovery: Linux NVMe Azure VM support
ASR now supports Linux VMs that use NVMe as the storage controller. Think the v6 generation of DA, EA, FAS SKUs. Specifically RHEL 9.15 and Ubuntu 24 work today. You can use ASR for VM-to-VM migration even on these modern instances, which until now were blocked from ASR-based migrations.
Premium SSD v2 on non-zonal VMs
Premium SSD v2 is the better disk option in Azure (sub-millisecond latency, separately scalable capacity/IOPS/throughput, dynamic without redeploy). Previously you had to deploy your VM in an availability zone to attach Premium SSD v2. Now it’s supported on non-zonal VMs too. More flexibility for workloads that aren’t using AZs.
NCv6 GPU VMs
A new GPU-enabled VM series, the NCv6, built on Nvidia RTX Pro 6000 Blackwell Server Edition GPUs. 96 GB of GDDR7 memory per GPU. Available in both general-purpose and compute-optimised vCPU-to-memory ratios. Useful for AI inferencing and training where you need plenty of GPU memory but not the absolute top-end Hopper SKUs.
Azure Batch legacy VM SKU retirements
Two retirement waves for Azure Batch pools that pin to old SKU families:
- Retire May 1st, 2028: D, DS, DV2, DSV2, LS.
- Retire November 15th, 2028: AV2, FFS, FSV2, GGS, LSV2.
The pools themselves don’t break overnight, but they’ll become unstable as the underlying SKUs go away. If you have Batch workloads still on these families, schedule the migration. Newer SKUs perform better anyway.
Networking
Azure VPN Client for Linux (preview) retired
The native Azure VPN Client for Linux never made it out of preview and is being retired end of August 2026. If you were using it for point-to-site VPN, migrate to a different client based on your tunnel type:
- OpenVPN-based tunnels: use the OpenVPN client.
- IKEv2-based tunnels: use Strong Swan.
Storage
Azure Migrate: SMB and NFS file shares to Azure Files
Azure Migrate now supports discovery and assessment of SMB and NFS file shares on both Windows and Linux, with Azure Files as the migration target. The assessment includes a business-case comparison (on-prem vs cloud cost), recommends which Azure Files SKU to use, and even flags cases where Azure VM might be a better fit than Azure Files.
If you’ve been postponing a file-share migration because the discovery and sizing work was painful, this closes that gap.
Minimum billable object size for cool/cold/archive, delayed
A minimum billable object size was due to come into effect for non-hot access tiers (Cool, Cold, Archive) on July 1st, 2026. That date has been pushed, with no firm new date yet. So you’ve got more time to clean up tier strategy, but use it. The change is still coming.
GPv1 and Legacy Blob storage accounts: new account creation blocked
Two old storage account types are on the way out. You can no longer create new GPv1 or Legacy Blob storage accounts, and they’ll be fully retired on October 13th, 2026. GPv1 will automatically convert to GPv2. Legacy Blob requires conversion.
GPv1 to GPv2 has a cost difference. If you’re on GPv1, work out which features you’re using, decide where to land (probably GPv2 or maybe ADLS Gen 2 depending on workload), and migrate before October.
Database
Azure Managed Redis: Entra RBAC for data management (preview)
Azure Managed Redis (the high-performance in-memory cache / stateful store) now supports Entra-based access control for the data plane, not just the control plane.
No more shared keys for cache access. Identity-based, audited, rotatable. Same direction Azure has been pushing for years for everything else. Nice to finally see it on managed Redis.
Azure PostgreSQL maintenance control (GA)
Postgres Flexible Server’s maintenance control reaches GA. View, reschedule and apply maintenance events through a proper interface. You can now reschedule up to 14 days ahead. If you’ve been dealing with maintenance windows landing at inconvenient times, this is the relief valve.
PostgreSQL hub for Azure developers
A central place for Postgres-on-Azure developer resources. Sample apps, tutorials, learning paths, solution accelerators. Lives at azure-samples.github.io/postgres-hub. Useful precisely because all the resources are in one place rather than scattered across docs.microsoft.com, GitHub repos, and individual blog posts.
SSMS GitHub Copilot agent mode (preview)
SQL Server Management Studio’s GitHub Copilot integration adds an agent mode in preview. The existing “ask” mode helped with T-SQL and basic admin questions. Agent mode goes further: investigate performance issues, tune queries, troubleshoot errors, handle multi-step admin tasks using skills.
Useful detail: Copilot can run interactions as a different user than the human using SSMS. So Copilot can have its own SQL login with constrained permissions, and the queries it runs are audited under that identity. Sensible separation.
Cosmos DB Synapse Link retirement
Cosmos DB Synapse Link is being retired end of March 2029. The path forward is Cosmos DB mirroring to Microsoft Fabric. Better performance, better feature set. If you’ve got analytics workflows hanging off Synapse Link, plan the move to Fabric mirroring.
Azure SQL Database Entra logins (GA)
Entra-based server principals (logins) for Azure SQL Database go GA. Previously you had to keep local SQL logins around for some scenarios. Now you can use Entra logins from an external provider with server roles assigned to Entra principals.
The real win: you can now fully disable SQL authentication on Azure SQL Database, same as you can already do on Azure SQL Managed Instance. One fewer credential class to manage.
SQL MCP server (GA)
A Model Context Protocol server spanning Azure SQL, PostgreSQL and Cosmos DB. MCP gives agents both capability discovery and a standard way to talk to a system. So this is the agent-shaped way to interact with all three database services. Useful in the same way the per-database MCP servers from Build are useful, but with cross-database coverage in one place.
Observability and security
Azure Monitor ingestion volume change dashboard (preview)
A new dashboard in Azure Monitor that surfaces changes in ingestion volume over time. Spikes, drops, trends. The kind of view that catches “we suddenly started logging 5x more data” before the bill arrives, or “we stopped receiving logs from this resource” before it becomes a detection gap.
Foundry agent security license changes
Foundry agent security capabilities that were previously licensed under Defender for Cloud are moving to the Microsoft 365 Agent license (Agent 365). The protections were already powered by Agent 365 observability, logs and the agent map. This just aligns the licensing.
Moving from Defender for Cloud to the Agent 365 license: agent discovery, posture management, threat detection, real-time protection, advanced hunting. If you’re budgeting Foundry agent security work, factor in the licensing shift.
Anthropic Fable 5 in Foundry and GitHub Copilot
Anthropic’s new Fable 5 model is now available in both Foundry and GitHub Copilot. Worth understanding clearly because it’s a new class of model and it comes with a caveat.
Anthropic introduced a new Fable tier, sitting above Opus, for the hardest knowledge work and coding problems. This is the non-security variant. The security work goes through Mythos and stays restricted to a small set of customers.
Fable 5 is designed for:
- Long-running multi-step workflows that unfold over time.
- Complex code development across systems.
- Research synthesis across many documents.
- Cross-document/table/chart/diagram analysis (multimodal).
- Planning its approach, checking progress against the plan, refining.
It’s clearly aimed at the deepest end of the workload spectrum. Research, large codebase work, complex analysis.
Now the caveat, and you need to read this before deploying it: Anthropic retains prompts and responses for 30 days for quality, safety and attack-mitigation purposes. That’s a substantial deviation from typical enterprise data-retention defaults. Before you point Fable 5 at any sensitive workload, line that retention up against your own data-handling promises. It might be fine, it might not be. It depends on what you’re sending.
There are also use-case blocks today: biology, chemistry, cybersecurity, and distillation (training a model based on Fable 5 output) all get redirected to Opus 4.8. The cybersecurity work happens on Mythos 5, which remains restricted to Project Glasswing customers.
If Fable 5 fits a workload that needs that class of model and the 30-day retention is acceptable, it’s a real capability bump. Otherwise stay on Opus 4.8.
Final thoughts
Two updates worth doing this week.
Azure Managed Redis Entra RBAC: if you’re still using shared keys to talk to managed Redis, kill that dependency. Entra identities on the data plane is the same step every other Azure service went through years ago. Audit your apps, switch.
Azure SQL Entra logins GA: same pattern, same call. Disable SQL authentication, run on Entra. The blast radius of a leaked SQL login compared to a managed identity is night-and-day.
The big watch item is Fable 5. Not because of the capabilities, those are real, but because of the retention policy. Treat it as a data classification question. Which workloads are okay with 30-day Anthropic-side retention, and which absolutely aren’t. Get that clarified before anyone wires it into production.
And don’t ignore the Cosmos DB Synapse Link retirement. 2029 sounds far off, but if you’ve got analytics pipelines hanging off Synapse Link, the migration to Fabric mirroring should be on a planning calendar now, not in 2028.
Sources
- John Savill, “Azure Update - 12th June 2026,” YouTube, https://www.youtube.com/watch?v=fGmEbVxRMiQ