With Ignite 2025 recently concluded, with many new features reaching GA. Here’s a roundup of the most notable updates across AKS, Cloud Native, Networking, and Storage.

Containers and Cloud Native

Cluster-wide Cilium Network Policy for AKS clusters using Azure CNI powered by Cilium

Cluster-wide Cilium network policy is now generally available for AKS clusters using Azure CNI. Platform teams can define and enforce network policies at the cluster level, powered by Cilium’s high-performance eBPF dataplane.

Layer 7 Policy with ACNS for AKS

Azure Container Networking Services (ACNS) now supports Layer 7 policy. This enables fine-grained traffic control at the application layer for HTTP, HTTPS, gRPC, and Kafka protocols.

Managed Namespaces on AKS

With Managed Namespaces, AKS now lets you deploy preconfigured namespaces with built-in lifecycle management.

Pod Sandboxing on AKS

AKS now supports pod sandboxing, running containers in isolated per-workload VMs. Each pod VM is separated from others and the host, reducing cross-pod interference and host-level vulnerabilities. Ideal for multi-tenant or security-sensitive workloads.

LocalDNS for AKS

AKS now offers LocalDNS, which deploys a DNS proxy on each node for faster, more reliable DNS resolution. Queries are handled locally, reducing latency and providing resilience during upstream outages.

Storage and Data

Geo Priority Replication for Azure Blob Storage

Accelerated data replication between primary and secondary regions, now backed by an SLA guaranteeing sync times under 15 minutes for Block Blob data. A significant improvement for organizations needing strong data durability and rapid disaster recovery.

Object Replication Priority Replication

Complementing Geo Priority Replication, this feature offers prioritized object replication with a similar 15-minute SLA. Improves reliability for cross-region data movement and helps maintain consistency across distributed applications.

Networking and Security

Application Gateway for Containers with WAF

Application Gateway for Containers now offers an integrated Web Application Firewall (WAF). This brings OWASP rules and Microsoft Threat Intelligence rulesets to containerized workloads, protecting against SQL injection, cross-site scripting, and other web-based attacks.

Azure Virtual Network Manager Updates

Azure Virtual Network Manager has gained multiple new GA features:

• UseExisting Mode for UDR management
• IP Address Management Pool Association Recommendation
• Peering compliance
• Address space overlap prevention in mesh

These enhancements provide better control and visibility over network configurations at scale.

DNS Flow Trace Logs for Azure Firewall

Azure Firewall now supports DNS Flow Trace Logs in GA, enabling deeper network traffic analytics and troubleshooting capabilities. This is essential for security teams monitoring DNS-based attacks and investigating network issues.

TLS and TCP Termination on Azure Application Gateway

Application Gateway now supports TLS and TCP termination as a GA feature, enabling improved security and performance for web application deployments. The gateway terminates the incoming connection at the proxy and establishes a new connection to the backend servers. This capability is available on Application Gateway Standard v2 and WAF v2 SKUs.

Further Reading

• Azure Updates