February was a relatively quiet month, with a handful of notable releases across AKS, Confidential Compute, Networking, and Storage. Highlights include Kubernetes 1.34 landing on AKS, a new generation of Intel confidential VMs, and improvements to Azure Container Storage and disk snapshot workflows.

Azure Kubernetes Service (AKS)

AKS support for Kubernetes version 1.34

Kubernetes 1.34 is now GA on AKS, bringing 58 upstream enhancements across 23 Stable, 22 Beta, and 13 Alpha features. It is a broad release that gives teams plenty to explore, from hardening existing cluster operations to adopting capabilities that were previously only available in earlier lifecycle stages.

Node auto-provisioning enabled clusters in AKS now support LocalDNS

LocalDNS support for Node auto-provisioning clusters is also now GA. This closes a gap that previously forced teams to choose between Node auto-provisioning and LocalDNS for in-cluster DNS resolution.

Compute

DCesv6, DCedsv6, ECesv6, and ECedsv6 confidential VMs

The DCesv6, DCedsv6, ECesv6, and ECedsv6 series are the next generation of Azure confidential VMs, built on 5th Gen Intel Xeon processors with TDX (Trust Domain Extensions). The key selling point here is lift-and-shift compatibility: sensitive workloads can be moved into confidential compute without any application code changes. The families cover both general-purpose (DCesv6, DCedsv6) and memory-optimized (ECesv6, ECedsv6) workloads and are now available for production deployments.

Networking

WAF Default Rule Set (DRS) 2.2 for Azure Application Gateway

Default Rule Set 2.2 for Web Application Firewall on Azure Application Gateway is now generally available. Built on OWASP Core Rule Set 3.3.4, DRS 2.2 adds Microsoft Threat Intelligence collection rules developed in collaboration with Microsoft’s intelligence teams to extend coverage against emerging exploit patterns and reduce false positives over time.

New protections include improved detections for content types declared outside the actual Content-Type header, enhanced remote code execution (RCE) detections, and broader SQL injection and cross-site scripting coverage. The rule set ships with Paranoia Level 1 (PL1) enabled by default. PL2 rules are more aggressive and typically require tuning for specific traffic patterns, so they remain disabled by default but can be selectively enabled as a full block or individually.

Storage

Azure Container Storage v2.1.0 with Elastic SAN Integration

Azure Container Storage v2.1.0 is now generally available, with two headline additions. Native Elastic SAN integration allows clusters to provision scalable volume groups and consolidate large numbers of Kubernetes persistent volumes under a single SAN resource. For stateful workloads with many volumes, this improves attach/detach performance and simplifies management overhead.

The new modular on-demand installation model means clusters deploy only the components required for the chosen storage type, reducing footprint and accelerating setup. Node selector support also lands in this release, giving teams more precise control over where Azure Container Storage components are placed, useful for dedicated storage node pools or mixed cluster topologies.

Azure Disk Storage – Incremental Snapshot Instant Access for Premium SSD v2 and Ultra Disk

Instant access for incremental snapshots is now generally available for Premium SSD v2 and Ultra Disk. This removes the previous delay between snapshot creation and the snapshot becoming available for use, improving disaster recovery workflows and data restoration flexibility for high-performance storage tiers.

Further Reading

• Azure Updates
• Kubernetes v1.34 Release
• LocalDNS Configuration – AKS Node Auto-Provisioning
• GA: Azure Intel TDX Confidential VMs
• WAF Default Rule Set 2.2
• Azure Container Storage Introduction