You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/application-gateway/json-web-token-overview.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -11,7 +11,7 @@ ms.date: 11/18/2025
11
11
12
12
# JSON Web Token (JWT) validation in Azure Application Gateway (preview)
13
13
14
-
[Azure Application Gateway](/azure/application-gateway/) validates JSON Web Tokens (JWTs) issued by [Microsoft Entra ID](https://docs.azure.cn/en-us/entra/fundamentals/what-is-entra) (formerly Azure Active Directory) in incoming HTTPS requests. This capability provides first-hop authentication enforcement for web APIs or any protected resource without requiring custom code in your backend applications.
14
+
[Azure Application Gateway](/azure/application-gateway/) validates JSON Web Tokens (JWTs) issued by [Microsoft Entra ID](/entra/fundamentals/what-is-entra) (formerly Azure Active Directory) in incoming HTTPS requests. This capability provides first-hop authentication enforcement for web APIs or any protected resource without requiring custom code in your backend applications.
15
15
16
16
This capability verifies the integrity and authenticity of tokens in incoming requests. It then determines whether to allow or deny access before forwarding traffic to backend services. Upon successful validation, the gateway injects the `x-msft-entra-identity` header into the request and forwards it to the backend. Downstream applications can then securely consume verified identity information.
Copy file name to clipboardExpand all lines: articles/azure-netapp-files/whats-new.md
+3-2Lines changed: 3 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -17,13 +17,14 @@ ms.author: anfdocs
17
17
18
18
Azure NetApp Files is updated regularly. This article provides a summary about the latest new features and enhancements.
19
19
20
-
21
-
## March 2026
20
+
## April 2026
22
21
23
22
*[Storage with cool access enhancement](cool-access-introduction.md#throughput-for-premium-and-ultra-service-levels) for Premium and Ultra service levels (preview)
24
23
25
24
Azure NetApp Files introduces an enhancement to storage with cool access for Premium and Ultra service levels that more precisely aligns throughput with data tiering. When cool access is enabled, maximum throughput is dynamically calculated based on the amount of data tiered to cool access storage, rather than applying a fixed reduction. Hot data retains its configured performance, and throughput is adjusted only when data is tiered to the cool tier. This enhancement delivers more predictable QoS behavior while optimizing performance and cost as data access patterns evolve, without requiring manual tuning or reconfiguration.
26
25
26
+
## March 2026
27
+
27
28
*[Large volumes improvement:](large-volumes-requirements-considerations.md#requirements-and-considerations) removed 30% default limit imposed on large volumes
28
29
29
30
Large volumes operational improvement no longer requires a support ticket to increase a large volume past the 30% imposed limit. This allows customer to automate their large volume size increases without waiting for approval and human intervention.
Copy file name to clipboardExpand all lines: articles/azure-vmware/azure-vmware-solution-known-issues.md
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -4,7 +4,7 @@ description: This article provides details about the known issues of Azure VMwar
4
4
ms.topic: reference
5
5
ms.custom: "engagement-fy23"
6
6
ms.service: azure-vmware
7
-
ms.date: 10/22/2025
7
+
ms.date: 04/02/2026
8
8
# Customer intent: "As a cloud administrator, I want to access detailed information about known issues in Azure VMware Solution so that I can implement workarounds and ensure the stability of my virtual environment."
9
9
---
10
10
@@ -23,7 +23,7 @@ Refer to the table to find details about resolution dates or possible workaround
23
23
|[VMSA-2025-0014](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35964) VMware vCenter Server updates address a denial-of-service vulnerability. | July 29, 2025 | Microsoft is aware of VMSA-2025-0014, which details a moderate-severity denial-of-service vulnerability in vCenter Server. Our security assessment has determined that this issue poses a low risk to the Azure VMware Solution platform. This vulnerability will be addressed as part of our regular, scheduled maintenance and update cycles. No immediate action is required from customers. | N/A |
24
24
| [VMSA-2025-0013](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35877) VMXNET3 integer-overflow, VMCI integer-underflow, PVSCSI heap-overflow, and vSockets information-disclosure vulnerabilities. | July 15, 2025 | Microsoft verified the applicability of the vulnerabilities within the Azure VMware Solution service and adjudicated the vulnerabilities at a combined adjusted Environmental Score of [9.3](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/MAC:L/MPR:N/MUI:N/MS:C/MC:H/MI:H/MA:H). Customers are advised to take extra precautions when granting administrative access to guest VMs until the update is addressed. For additional information on the vulnerability, see [this blog post](https://techcommunity.microsoft.com/blog/azuremigrationblog/azure-vmware-solution-broadcom-vmsa-2025-0013-remediation/4433430) (CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, CVE-2025-41239). | July 29, 2025 - Resolved in [ESXi 8.0_U3f](https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-80u3f-release-notes.html) |
25
25
| Changing the default NSX Tier-1 name may cause some NSX features added through the Azure portal, such as DNS Zone and the Segment page, to not function as expected. | June 2025 | Azure VMware Solution uses the NSX Tier-1 name "TNTxx-T1" (where xx is the internal tenant ID) for these features. Therefore do not change the default Tier-1 name. | N/A |
26
-
|Creating stateful gateway firewall rules associated with Azure VMware Solution default NSX-T tier-0 router causes unwanted/unexpected behavior. | May 2025 |Azure VMware Solution deploys with a stateless NSX-T tier-0 router. As such, stateful firewall rules are incompatible even though the NSX-T UI may allow it. Apply stateful services and/or firewall rules at the tier-1 router. | N/A |
26
+
|Gateway firewall is not supported on the default NSX Tier-0 gateway in Azure VMware Solution. | May 2025 |Use the gateway firewall policy on the NSX Tier-1 gateway. Both NSX gateway firewall and distributed firewall require vDefend Firewall add-on licenses on Azure VMware Solution. For more information, see here. | N/A |
27
27
| Azure VMware Solution hosts may see a High pNIC error due to buffer overflows. [Getting alarm in relation to "High pNic error rate detected" on hosts in vSAN clusters when using Mellanox NICs](https://knowledge.broadcom.com/external/article/392333/getting-alarm-in-relation-to-high-pnic-e.html)| June 2025 | The alert should be considered an informational message, since Microsoft manages the service. Select the **Reset to Green** link to clear it. | N/A |
28
28
|[VMSA-2025-0012](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25738) Multiple vulnerabilities (CVE-2025-22243, CVE-2025-22244, CVE-2025-22245) identified in VMware NSX. | May 2025 | The vulnerability described in the Broadcom document does not apply to Azure VMware Solution due to existing compensating controls mitigate the risk of exploitation. | The upcoming version of NSX includes the patch to address this vulnerability. |
29
29
|[VMSA-2025-0010](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25717) Multiple vulnerabilities (CVE-2025-41225, CVE-2025-41226, CVE-2025-41227, CVE-2025-41228) have been identified in VMware ESXi and vCenter Server. | May 2025 | Microsoft confirmed the applicability of these vulnerabilities in Azure VMware Solution. Existing security controls, including cloudadmin role restrictions and network isolation, are deemed to significantly mitigate the impact of these vulnerabilities before official patching. The vulnerabilities adjudicated with a combined adjusted Environmental Score of [6.8](https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H) within the Azure VMware Solution. Until the update is addressed, customers are advised to exercise caution when granting administrative access to guest virtual machines and to actively monitor any administrative activities performed on them. | N/A |
Copy file name to clipboardExpand all lines: articles/backup/backup-azure-arm-restore-vms.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -248,7 +248,7 @@ If CRR is enabled, you can view the backup items in the secondary region.
248
248
249
249
The secondary region restore user experience is similar to the primary region restore user experience. When configuring details in the Restore Configuration pane to configure your restore, you're prompted to provide only secondary region parameters.
250
250
251
-
Currently, secondary region [RPO](azure-backup-glossary.md#recovery-point-objective-rpo)is _36 hours_. This is because the RPO in the primary region is _24 hours_ and can take up to _12 hours_ to replicate the backup data from the primary to the secondary region.
251
+
For Azure VM backups, the secondary region [RPO](azure-backup-glossary.md#recovery-point-objective-rpo)can be up to _36 hours_ in the worst case. With the Standard policy, the primary region RPO is up to _24 hours_, and replication to the secondary region can take up to _12 hours_. With the Enhanced policy, more frequent local recovery point creation can improve the best-case achievable secondary region RPO. However, because vaulting is daily, the worst-case secondary region RPO can still be up to _36 hours_.
252
252
253
253
:::image type="content" source="./media/backup-azure-arm-restore-vms/secondary-region-restore.png" alt-text="{alt-text}":::Screenshot shows how to start secondary region restore of a VM. ":::
Copy file name to clipboardExpand all lines: articles/backup/backup-azure-vm-backup-faq.yml
+1-1Lines changed: 1 addition & 1 deletion
Original file line number
Diff line number
Diff line change
@@ -457,7 +457,7 @@ sections:
457
457
458
458
- question: When Vault is configured with CRR, what happens to the secondary data if the primary region fails?
459
459
answer: |
460
-
Backup data fully replicated to the secondary region before the failure of the primary region will remain intact. This remains the case even after the primary region has recovered from the failure. In other words, the virtual machine can be recovered in the secondary region with the data it had before the failure as per the replication schedule. Note that the RPO for the secondary region is 36 hours i.e., data takes approximately 36 hours to be fully replicated from primary to the secondary region.
460
+
Backup data fully replicated to the secondary region before the failure of the primary region remains intact. This remains true even after the primary region recovers from the failure. In other words, the virtual machine can be recovered in the secondary region with the data it had before the failure, based on the replication schedule. For Azure VM backups, the secondary region RPO can be up to 36 hours in the worst case. With the Standard policy, this is based on up to 24 hours in the primary region plus up to 12 hours for replication to the secondary region. With the Enhanced policy, more frequent local recovery point creation can improve the best-case achievable secondary region RPO, but the worst-case can still be up to 36 hours.
461
461
462
462
- question: When I update the backup policy, why is the expiry time not getting updated immediately?
Copy file name to clipboardExpand all lines: articles/backup/backup-azure-vms-introduction.md
+3-1Lines changed: 3 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -47,7 +47,9 @@ Azure Backup takes snapshots according to the backup schedule.
47
47
48
48
If you have opted for application or file-system-consistent backups, the VM needs to have a backup extension installed to coordinate for the snapshot process. For [*agentless multi-disk crash-consistent* backups](backup-azure-vms-agentless-multi-disk-crash-consistent-overview.md), the VM agent is not required for snapshots.
49
49
50
-
-**Windows VMs:** For Windows VMs, the Backup service coordinates with VSS to take an app-consistent snapshot of the VM disks. By default, Azure Backup takes a full VSS backup (it truncates the logs of application such as SQL Server at the time of backup to get application level consistent backup). If you're using a SQL Server database on Azure VM backup, then you can modify the setting to take a VSS Copy backup (to preserve logs). For more information, see [this article](./backup-azure-vms-troubleshoot.md#troubleshoot-vm-snapshot-issues).
50
+
-**Windows VMs:** For Windows VMs, Azure Backup coordinates with VSS to take an application-consistent snapshot. For VMs running SQL Server, Azure VM Backup triggers a VSS Full (Copy-Only) backup by default to avoid affecting the SQL backup chain used by other backup tools. Copy-Only backups do not truncate SQL Server transaction logs. If you require log truncation (and understand the impact on the SQL backup chain), you can opt in to a VSS Full (Non-Copy-Only) backup by using the UseVssFullBackup registry setting. For more information, see [this article](./backup-azure-vms-troubleshoot.md#troubleshoot-vm-snapshot-issues).
51
+
>[!Note]
52
+
> Azure VM Backup is a VM-level backup. If you need database-level point-in-time recovery using transaction logs, use [Azure Backup for SQL Server in Azure VM (workload backup)](backup-azure-sql-database.md).
51
53
52
54
-**Linux VMs:** To take app-consistent snapshots of Linux VMs, use the Linux pre-script and post-script framework to write your own custom scripts to ensure consistency.
0 commit comments