Azure Update - 12th September 2025
Principal Cloud Solutions Architect
Azure update: OpenShift and Databricks region expansion, ANF migration aid, Container Insights, Cosmos DB CMK
Key insights
- Azure File Shares — new resource types
Azure adds new resource types for Azure File Shares to improve management and flexibility.
Microsoft also offers migration help for Azure NetApp Files (ANF) and other file workloads to simplify moves to the new models. - Standard HDD retirement for OS disks
Microsoft announced the planned retirement of Standard HDD for operating system disks.
Customers should plan migrations to SSD-based OS disks to keep performance and support levels current. - Application Gateway network isolation
Application Gateway now supports stronger network isolation to protect web applications from lateral threats.
Use the new controls to segment traffic and reduce attack surfaces for public-facing apps. - MFA Phase 2 and Patch Tuesday security fixes
Microsoft is enforcing a broader MFA rollout (Phase 2), increasing account protection across Azure accounts and services.
The September security update also fixed many vulnerabilities, so enable MFA and apply patches promptly. - Service expansions and database updates
Azure Red Hat OpenShift expanded to more regions for better local performance and compliance.
Azure Database for MySQL 8.4 and self-healing previews plus Cosmos DB for MongoDB with customer‑managed keys improve resilience and encryption options. - Networking platform changes — Load Balancer and Databricks
Microsoft is retiring older defaults such as the Basic Load Balancer and default VM outbound access, so customers must review and update networking designs.
Azure Databricks retains managed outbound options; validate cluster networking and public access settings before changes take effect.
Video overview and context
On September 12, 2025, the channel of author John Savill's [MVP] published a compact Azure update video that walks viewers through a range of service changes and platform notices. The recording covers storage, security, database, and networking items, and it uses time-stamped chapters so viewers can jump to topics of interest. Consequently, the video serves both as a quick heads-up for cloud operators and as a pointer to deeper technical guidance for teams planning changes.
Storage changes and migration signals
First, the update highlights the retirement of Standard HDD for operating system disks and the introduction of new resource types for Azure File Shares, which together signal a clear push toward modern, SSD-backed storage. John explains that the retirement encourages customers to migrate to SSD options for improved performance and reliability, and he notes that Azure NetApp Files migration assistance is available to help larger file workloads move with less disruption. Therefore, teams need to inventory OS disk usage and file share dependencies to prioritize migration work.
However, the migration path involves tradeoffs: while SSDs reduce latency and increase throughput, they tend to cost more than spinning disks, and migrating thousands of VMs or large file shares requires planning and testing. Moreover, some legacy applications may tolerate higher latency and lower IOPS, so organizations must weigh immediate cost increases against long-term operational benefits. In practice, phased migrations that start with critical or latency-sensitive workloads usually balance risk and budget effectively.
Security updates and identity enforcement
The video also covers enforced security steps, notably a phase of mandatory multifactor authentication (MFA) for Azure accounts, linked to recent Patch Tuesday updates. John emphasizes that this move strengthens account security ahead of major platform milestones, but he also warns that strict MFA enforcement can create friction for users and for automation scripts if not planned carefully. Therefore, teams should audit service principals, managed identities, and legacy automation to prevent unexpected access failures.
Furthermore, the update mentions enhanced network isolation for Application Gateway, which provides more granular protection for web applications. While better isolation helps limit attack surfaces, it can increase network design complexity and require changes to routing, Monitoring, and diagnostics. Consequently, engineers should test isolation rules in staging and maintain clear rollback plans to avoid outages during deployment.
Databases, platform expansions, and networking notes
On the platform side, John reports regional expansion for Azure Red Hat OpenShift and new arrivals for Azure PostgreSQL flexible server and Azure MySQL 8.4, along with previews of self-healing capabilities for MySQL. These additions help customers meet data residency and compliance needs while gaining newer engine features and operational improvements. At the same time, new capabilities such as Cosmos DB for MongoDB support for customer-managed keys improve data protection, but they do add configuration steps during setup.
Networking changes are also significant: the video calls out ongoing adjustments to outbound networking for managed services and reminds viewers of the planned retirement of the Basic Load Balancer. In response, teams must assess whether their workloads need the Standard Load Balancer or alternative architectures, and they should factor in changes to egress behavior for services like Azure Databricks. This creates a tradeoff between simplifying management with platform-managed networking and keeping full control by using custom VNet designs and NAT solutions.
Operational challenges and recommended actions
John’s update stresses practical steps: run inventories, prioritize high-risk workloads, and schedule pilot migrations to validate assumptions before broad rollouts. For instance, enabling MFA requires clear communication, staged enforcement, and exception handling for automation; similarly, storage and load balancer changes benefit from canary tests in non-production environments. These incremental approaches reduce the chance of unexpected downtime and give teams time to adjust operational runbooks.
Moreover, the video recommends using built-in migration tools and vendor support where available, while also leaning on community resources for common patterns and troubleshooting tips. Although vendor-assisted migrations can lower operational risk, they may raise costs, so organizations must balance support investments against internal capability building. Ultimately, combining careful planning with automation and monitoring yields the most resilient path forward.
Conclusion and where to look next
In short, the September 12 update from John Savill's [MVP] packs several important signals: Microsoft is moving customers toward SSD storage, tightening identity controls, expanding platform offerings, and retiring older networking primitives. While these changes bring improved performance and security, they also require thoughtful migration planning and tradeoffs around cost, complexity, and user experience. For teams managing Azure estates, the practical takeaway is to prioritize inventory, test changes early, and align migrations with business risk and budget cycles.
For more detail, the video includes chaptered timestamps and hands-on commentary that help operators dive into the items most relevant to them. Accordingly, viewers who need step-by-step walkthroughs will find the recording useful as a companion to formal migration plans and internal runbooks.
Keywords
Azure update September 2025, Microsoft Azure news Sept 12 2025, Azure 2025 release notes, Azure security updates September 2025, Azure AI updates September 2025, Azure pricing changes 2025, Azure Kubernetes Service update Sept 2025, Azure roadmap September 2025